The Autotask Endpoint Management Web Portal
Transcription
The Autotask Endpoint Management Web Portal
The Endpoint Management Web Portal Updated Thursday, October 27, 2016 © 2016 Autotask Corporation Table of Contents Table of Contents 2 The Endpoint Management Web Portal 6 Sites 7 Add a Site 9 Manage Sites 13 Site Summary 16 Site Settings 20 Proxy Settings in AEM 27 Connection Brokers 29 Node Scores 32 Designate a Local Cache 34 User-Defined Fields 38 Devices 42 Add a Device to AEM 43 Deploy and Install Agents on Servers, Desktops and Notebooks 50 Methods for Deploying Agents 51 Deploy Agents Using Active Directory 53 Download or Email the AEM Agent 57 LAN Deployment Using the Agent Browser (Windows Only) 59 LAN Deployment from the Web Portal 62 Install and Uninstall Agents 66 Install or Uninstall the Agent on Windows 67 Install or Uninstall the OS X Agent 70 Install or Uninstall the AEM Agent on Linux 72 © 2016 Autotask Corporation l Page 2 of 487 Cloning or Ghosting Devices that Have AEM Installed 73 Create an Agent Policy 74 Manage Mobile Devices (MDM) 78 Install or Uninstall an Android Agent 80 Install or Uninstall an iOS Agent 82 Create an iOS Mobile Device Management Policy 86 Manage and Monitor SNMP-Enabled Network Devices and Printers 92 Download or Create Network Monitor Components 96 Manage and Monitor ESXi Devices 100 Create an ESXi Policy 104 Audits 106 Designate a Local Cache 111 Manage Devices 115 Device Summary 119 Move Devices to Another Site 123 Messages 124 Suspended Devices 125 Delete Devices 127 Target Devices with Filters and Groups 129 Filters 130 Groups 142 Manage Your Endpoints 145 Patch Management 147 Create a Patch Management Policy 160 Create a Windows Update Policy 174 © 2016 Autotask Corporation l Page 3 of 487 Network Management 178 Discover Devices on the Network 183 iOS Software Management 189 Backup Management 198 Datto Backup Integration 202 Security Management 205 Kaspersky Endpoint Security Integration 208 Webroot Endpoint Security Integration 218 Create a Security Management Policy 227 Monitors and Policies 232 Manage Monitors 239 Managing Policies 250 Create a Monitoring Maintenance Window Policy 253 Create a Monitoring Policy 256 Create a Power Policy 261 Apply Policies to New Devices 265 Components and ComStore 266 Download Components from the ComStore 268 Create or Edit a Component 301 Scripting 306 Scripting Ninite using Autotask Endpoint Management (AEM) 313 Input Variables 315 Deploy Components Using Jobs 319 Manage Jobs 326 Manage Job Alerts 329 © 2016 Autotask Corporation l Page 4 of 487 The Job View 331 Manage Components 333 Create a Custom Component Monitor 338 Alerts and Tickets 345 Manage Alerts 346 Manage Tickets 352 Create a Ticket in the Web Portal 358 Create a Ticket in the Agent Browser 361 Activity Logs and Reports 364 Account Dashboard 365 Account Activity 371 Device Activity 372 User Activity 373 Find the Right Report 376 Reports at Device Level 377 Reports at Site Level 382 Reports at Account Level 412 Reports on Activities 423 Reports on Alerts 428 Reports on Endpoints 434 Status and Health Reports 449 User Reports 473 Schedule and Run a Report 476 Manage Reports 479 Index 481 © 2016 Autotask Corporation l Page 5 of 487 The Endpoint Management Web Portal The Web Portal is your Endpoint Management control console. Depending on your security level, you have visibility of every site you manage as well as your entire device estate. In the Web Portal, you do the following: l l l l l Set up and configure your Autotask Endpoint Management account. This includes setting up security levels and users, branding your portal, configuring account and site settings, and installing and managing third-party integrations. Refer to Set Up Autotask Endpoint Management. Manage the sites in which you can group your devices by customer, location, department, etc. Refer to "Sites" on page 7. Add (by deploying agents) and manage all your devices, including Windows, Mac and Linux devices, mobile devices and network devices and printers. Refer to "Devices" on page 42. Set up monitors that alert you automatically when thresholds are exceeded, and push them out to multiple devices through policies. Refer to "Monitors and Policies" on page 232. Create and manage components (applications, monitors and scripts) that get deployed to your endpoints. Refer to "Components and ComStore" on page 266. l Schedule jobs. Refer to "Deploy Components Using Jobs" on page 319. l Create policies. Refer to "Managing Policies" on page 250. l Manage patches, network devices, software, backups, and security. Refer to "Manage Your Endpoints" on page 145. l Manage alerts and tickets. Refer to "Alerts and Tickets" on page 345. l Generate reports. Refer to "Activity Logs and Reports" on page 364. © 2016 Autotask Corporation l Page 6 of 487 Sites About sites In Autotask Endpoint Management (AEM), a site allows you to organize your endpoints in a way that fits your business requirements. A site lets you group devices together. You can define sites in the way that suits you best. If you are a Managed Service Provider, a site might mean a customer. If you are supporting one large IT organization and your devices are spread out over a number of locations, a site may be an office department or a location. Whatever your situation, you can set up your sites as per your preference. Note that a device can only belong to one site, but it can be moved between sites as required. Site Types: Managed and OnDemand When you register your Autotask Endpoint Management (AEM) account, two sites are created for you by default: a Managed and an OnDemand site. The two types of sites differ in functionality: l l Devices added to your Managed site will have a Managed Agent installed and will be able to access all the AEM features. Devices added to your OnDemand site will have an OnDemand Agent installed and will have limited access in AEM. To learn more about the differences, refer to Key differences between Managed and OnDemand Agents. Site icons In the Web Portal, Managed sites do not have any icon next to their names by default. However, depending on the integrations configured for your account, an icon may be displayed next to your sites. For further information, refer to our integration topics: Configuring Third Party Integrations. OnDemand sites display this icon by default: © 2016 Autotask Corporation l Page 7 of 487 To learn about the Agent status icons in your system tray or menu bar, refer to Agent icons. More information about sites l l To find out how to add a new site to your account, refer to "Add a Site" on page 9. To find out how to access details about an individual site or perform actions for multiple sites, refer to "Manage Sites" on page 13. l For an overview of the Site Summary page, refer to "Site Summary" on page 16. l For information on how to configure settings for a site, refer to "Site Settings" on page 20. l To find out how to create site groups and add sites to them, refer to "Create Site Groups" on page 143. © 2016 Autotask Corporation l Page 8 of 487 Add a Site When you register your AEM account, two sites are created for you by default: a Managed and an OnDemand site. Managed sites can access all the AEM features, while OnDemand sites have limited access. For further information, refer to "Sites" on page 7. A site lets you group devices together. You can define sites in the way that suits you best. If you are a Managed Service Provider, a site might mean a customer. If you are supporting one large IT organization and your devices are spread out over a number of locations, a site may be an office department or a location. Whatever your situation, you can set up your sites as per your preference. Note that a device can only belong to one site, but it can be moved between sites as required. To add additional sites: 1. Go to the Sites tab and click on the New Site button. 2. Fill in the details in the New Site window. © 2016 Autotask Corporation l Page 9 of 487 Field What to Enter Name Give a relevant name to your site to make sure your teams will be able to find the devices in the place they expect (e.g. "Glasgow Office", "St. John's Comprehensive School", etc.). Description Give a relevant description to your site. Phone Number This field only becomes visible if your AEM account is integrated with Autotask PSA. Refer to Autotask PSA and Endpoint Management Integration. Enter a phone number so that the system can look for duplicate Autotask PSA companies. The phone number entered here will not be saved for the new site. Entering a phone number is optional. Type Select Managed or OnDemand as required. Refer to "Sites" on page 7. Proxy type If the devices that you're going to install the Agent on use a proxy server to connect to the Internet, enter the proxy details here to ensure that the devices are already configured when you install the Agent on them. For more information, refer to "Proxy Settings in AEM" on page 27. © 2016 Autotask Corporation l Page 10 of 487 Field What to Enter Security Levels Select the security levels for which this site should be accessible. Refer to Security Levels. Groups Select the site group(s) that the new site should be added to. This step is optional. Refer to "Groups" on page 142. 3. Click Save. 4. If your AEM account is not integrated with Autotask PSA, your new site will be saved and you'll be directed to the "Site Summary" on page 16 page. 5. If you are integrated with Autotask PSA, you will be directed to the Map Site page where you will have the following options to choose from: Radio Button Description Create a new company for this site Select this option if you would like to map your new AEM site to a new PSA company, that is, if you would like to create a new PSA company for this site. Enter a Phone Number and assign one of your PSA Account Managers to the new PSA company by selecting a name from the drop-down list. Map the site to an existing company recommended by the system Select this option if you would like to map your new AEM site to an existing PSA company recommended by the system. Choose the required company from the list displayed. Map the site to a different existing company of your choice Select this option if you would like to map your new AEM site to an existing PSA company of your choice. Enter at least three characters to the Filter field and click Search. Choose the required company from the list displayed. The filter searches for the name, phone number and address of the PSA companies. Do not map this site to a company Select this option if you do not wish to map your new AEM site to a PSA company. If you choose this option, you will not be able to create any ticket for this AEM site. You can always edit your mapping rules on the Autotask Integration page later. For more information, refer to Re-run mapping analysis. 6. Click Finish Mapping. The new site will be saved and you'll be directed to the "Site Summary" on page 16 page. 7. To delete a site, locate it by clicking on the Sites tab, then hover over it and click the Delete site icon at the end of the row. © 2016 Autotask Corporation l Page 11 of 487 If your AEM account is integrated with Autotask PSA, you can easily see which PSA company your AEM site is mapped to by selecting the Autotask PSA Company column from the column chooser in the Sites list. If a site is mapped to a PSA company, you can click the hyperlinked name to open the company detail page in PSA. Note that one PSA company can be mapped to more than one AEM site, that is, multiple AEM sites may show the same PSA company name in your Sites list. For more information about mapping rules, refer to Configure company (site) and resource (user) mapping. © 2016 Autotask Corporation l Page 12 of 487 Manage Sites Permission to view Sites Sites When logging into Autotask Endpoint Management (AEM), you land on the Sites page which lists all the sites that you currently have in your account. You can also access a list of your sites by opening a group they are associated with. For more information, refer to "Groups" on page 142. To find out how to add a new site to your account, refer to "Add a Site" on page 9. For further information about site types, refer to "Site Types: Managed and OnDemand" on page 7. Sites tab The Sites page gives you a summary about each of your sites in your account. By default, the following information is displayed: Field Description Name The name of your site. You can give any name to your site when creating it and you can edit it in "Site Settings" on page 20. The name is hyperlinked and once you click on it, it will direct you to the "Site Summary" on page 16 page. Description The description of your site. You can give any description to your site when creating it and you can edit it in "Site Settings" on page 20. ID The unique ID (identifier) of your site. This field cannot be edited as it is hard-coded. Devices It shows the total number of devices that have this site's Agent installed. Click on the hyperlinked number to be directed to the list of devices. Offline It shows the number of devices that have this site's Agent installed and are offline. Click on the hyperlinked number to be directed to the list of devices. Proxy It shows the proxy settings of this site that you can configure in "Site Settings" on page 20. © 2016 Autotask Corporation l Page 13 of 487 Field Description Delete icon This icon appears when you hover over a row. Click the icon and confirm that you want to delete the site. If you have a device in the site you would like to delete, the device will be deleted as well. For further information, refer to "Manage deleted devices" on page 127. The page lets you do the following: Field Description Column Chooser The column chooser lets you select which columns should be visible in the results view. You can click on All or None to select or deselect all the options, and you can restore the default view by clicking on Restore Defaults. Drag and drop any of the columns to re-arrange their order in the results view. Click Save to apply the changes or Cancel to discard them. Note: You must select at least one column in the column chooser. Search It is a dynamic search field that lets you search for your sites. As you type, the search results are narrowed to match your search string. Show entries It lets you select to show 10 / 25 / 50 / 100 entries per page. Shortcut for actions An arrow pointing towards right in each row, just to the left of the first column. Once you click on it, you will see a few icons displayed. These icons provide a shortcut for actions that you can do in the sites. For further information about these shortcuts, see the list of Action bar icons below. Previous / Next Click on Previous / Next to see the previous or next page of results. There are a number of extra buttons available in the Action bar: Icon Name Description Add site(s) to site group Add the selected site(s) to a site group. Refer to "Groups" on page 142. Edit description of selected sites Edit the description of the selected site(s). Refer to "Site Settings" on page 20. Schedule a job Schedule a job for the selected site(s). Refer to "Deploy Components Using Jobs" on page 319. Run a quick job Run a component through a quick job for the selected site(s). Refer to "Deploy Components Using Jobs" on page 319. Export to CSV Allows you to export a list of the devices in the selected sites in .CSV format. Make sure to select the columns you want to include in the export. Send a message to the selec- Send a message to all the devices in the selected site(s). The message ted devices will pop up on the devices once they are online. Note: It usually takes a few minutes for the message to appear. Schedule reports Schedule one or more reports for the selected site(s). Refer to "Schedule and Run a Report" on page 476. © 2016 Autotask Corporation l Page 14 of 487 Icon Name Description Map site(s) to Autotask account Map the selected site(s) to a PSA company. Once you have clicked on the icon, the Map Sites page will open. For more information about the options on this page, refer to "Add a Site" on page 9. This icon is only displayed if your AEM account has been integrated with Autotask PSA. Refer to Autotask PSA and Endpoint Management Integration. Refresh Refreshes the current view. This will show your sites' most up-to-date status. Summary Shortcut. It directs you to the "Site Summary" on page 16 page. Device List Shortcut. It directs you to this site's device list. Refer to "Manage Devices" on page 115. Audit Shortcut. It directs you to the site's Audit tab. Refer to "Audits" on page 106. Manage* Shortcut. It directs you to the site's Manage tab. Monitor* Shortcut. It directs you to the site's Monitor tab. Support Shortcut. It directs you to the site's Support tab. Report Shortcut. It directs you to the site's Report tab. Policies* Shortcut. It directs you to the site's Policies tab. Settings Shortcut. It directs you to the "Site Settings" on page 20 page. *Not available in OnDemand sites. © 2016 Autotask Corporation l Page 15 of 487 Site Summary Permission to view or manage Sites Sites > click on a site > Summary When you log into Autotask Endpoint Management (AEM), you land on the Sites page which lists all the sites that you currently have in your account. By clicking on the name of one of your sites, you will be directed to the site's summary page. Here, you will see statistical information about this site's endpoints, such as their security or energy usage. In the top right corner, you will find the QR code of this site. By clicking on it, you can enlarge and scan or print the QR code. In the top area of the Site Summary page, you can see the following information: Field Description Devices* The following numbers are displayed: • Total number of devices • Number of devices that are online • Number of devices that are offline • Number of devices that have been offline for more than a week Click on the hyperlinked numbers to be directed to the list of devices of that category. Security It shows the percentage of devices that have the following features enabled: • Anti-virus • Firewall • MS Updates It also shows: • The number of missing patches on the devices Once you click on the hyperlinked % number, it will show you a list of devices that have that specific feature disabled. Once you click on the number next to Patch Management (Patch Mgt.), it will show you the missing patches of all the devices in the site. Energy Usage* It shows you the number of hours this site's devices were online in the previous and the current month and how much they cost you in those months. The calculation is based on the power rating setting configured in "Site Settings" on page 20. *Not available in OnDemand sites. Further down, there are three sections that you can collapse or expand by clicking on their names: © 2016 Autotask Corporation l Page 16 of 487 l Security Status l Favorites l Notes Once each section is expanded, further information is displayed as outlined below. Security Status Field Description Anti-Spyware Summary It shows the number of devices that have: • At least one active and updated anti-spyware product • At least one active but not up-to-date anti-spyware product • No active anti-spyware product Anti-Virus Summary / AEM Managed Anti-Virus Summary This section will display a different name and information, depending on whether you have configured the Kaspersky Endpoint Security (KES) Integration or the Webroot Endpoint Security Integration. Refer to "Kaspersky Endpoint Security Integration" on page 208 and "Webroot Endpoint Security Integration" on page 218. Without any of the above integrations enabled, the section is called Anti-Virus Summary and shows the number of devices that have: • At least one active and updated anti-virus product • At least one active but not up-to-date anti-virus product • No active anti-virus product With any of the above integrations enabled, the section is called AEM Managed Anti-Virus Summary and shows: • The total number of devices targeted in security management policies. Note that this number may not match the sum of devices listed for the various statuses below as one device may be listed for more than one status. (For example, the same device may be listed for the status "Installed, not active" and "No valid license".) The following device statuses are displayed: • Installed & Active • Not Installed • Installed, not Active • Reboot Required • Active Threats • Needs Update • No Valid License © 2016 Autotask Corporation l Page 17 of 487 Field Description Firewall Summary It shows the number of devices that have: • At least one active firewall product • No active firewall product Security Status information is displayed for Windows devices only. It does not include anti-spyware status for Windows XP devices and the status of servers (as they do not report security center information). Click the hyperlinked number of devices next to any status to see the list of devices of that status. The name of the anti-spyware, anti-virus and firewall products is listed under each section, along with their status: Icon Description Enabled and up to date Enabled but not up to date Disabled By clicking on the Show/Hide Graph icon in the Anti-Spyware Summary, Anti-Virus Summary and Firewall Summary areas, you can see a graphical representation of the data. © 2016 Autotask Corporation l Page 18 of 487 Favorites This section lists all the devices in this site that have been marked as a favorite, which allows for an easier access to them. For further information on how to mark a device as a favorite, refer to "Manage Devices" on page 115. The following information is displayed in the Favorites area by default: Field Description Hostname The name of your device. This can be edited in the device itself. Description The description of your device that can be edited in "Device Summary" on page 119. IP Address The IP address of your device. Ext IP Addr The external IP address of your device. Last User The user that last logged into this device. Operating System The operating system of your device. You can change the default columns by clicking on the Column Chooser icon: Icon Name Description Column Chooser The column chooser lets you select which columns should be visible in the results view. You can click on All or None to select or deselect all the options, and you can restore the default view by clicking on Restore Defaults. Drag and drop any of the columns to re-arrange their order in the results view. Click Save to apply the changes or Cancel to discard them. Note: You must select at least one column in the column chooser. To learn what actions you can perform on your favorite devices, refer to "Action bar icons" on page 116. You can also see some additional remote connection icons next to your devices. For more information, refer to "Remote takeover icons" on page 118. Notes You can add notes about the site. 1. Enter your note. 2. Click Save to save the note. 3. Or click Reset to delete the current note. All previously entered notes will remain intact. © 2016 Autotask Corporation l Page 19 of 487 Site Settings Permission to manage Site Settings Sites > click on a site > Settings If you are the person who is responsible for implementing Autotask Endpoint Management (AEM) in your company, you have probably reviewed your Account Settings as one of the first steps in implementation. While account settings are fundamental for the optimal running of AEM, they may not apply to all sites in your account and you may need to modify them for certain sites. Individual site settings may override account settings or complement them with additional information. For information about sites, refer to "Sites" on page 7. The correct permission to access Site Settings can be set up in Setup > Security Levels. For further information, refer to Security Levels. As OnDemand sites cannot access all AEM features, some settings may not be available for them. The settings described below are available for Managed sites. General You can modify basic information about your site by clicking on Edit. Field What to Enter Name Give your site a meaningful name. By default, you have one site called Managed and one called OnDemand. ID This is the unique ID (identifier) of your site. This field cannot be edited as it is hard-coded. Description Enter a meaningful description. Type Choose one of the two available site types: • Managed • OnDemand To find out how the two site types differ, refer to "Sites" on page 7. Power Rating You can specify the cost and power rating of your devices within the site. These numbers will provide the basis for you managed endpoints' energy usage calculation that you can view on a Managed site's summary page. For more information, refer to "Site Summary" on page 16. The default wattage of 350W and the default cost can be changed by clicking on Edit. The fields accept numeric values only. © 2016 Autotask Corporation l Page 20 of 487 Field Value Desktop Define the power rating of desktops. This can be overridden on the "Device Summary" on page 119 page. Laptop Define the power rating of laptops. This can be overridden on the "Device Summary" on page 119 page. Server Define the power rating of servers. This can be overridden on the "Device Summary" on page 119 page. Other Define the power rating of any other devices. This can be overridden on the "Device Summary" on page 119 page. Cost per kWh Define the cost per kWh. The formula to calculate the managed endpoints' energy usage calculation is as follows: (UptimeInMinutes * Wattage) / 60 / 1000 * Price If you leave these fields blank, the power rating configured in your Account Settings will be applied. Alternatively, you can override the power rating settings on the "Device Summary" on page 119 page as well. Proxy Configure your site with proxy settings in case you use proxy servers in your environment. 1. Click Edit to configure your proxy settings. Field What to Enter Proxy Type Select the correct proxy type: • HTTP • Socks4 • Socks5 • Select None if you do not wish to use any proxy for this site. Proxy Host Enter the proxy host as required by your proxy server. Proxy Port Enter the proxy port as required by your proxy server. Proxy Username Enter the proxy username as required by your proxy server. Proxy Password Enter the proxy password as required by your proxy server. 2. Click Save. Site proxy settings will not apply to devices that had already been in the site before the proxy settings got configured. Existing devices with an Agent installed will need to be manually configured for proxy. © 2016 Autotask Corporation l Page 21 of 487 For further information, refer to "Proxy Settings in AEM" on page 27. Custom Agent Settings You can specify here whether this site should use connection brokers, that is, whether any Agent in this site can become a connection broker. The default setting is set to ON. Switch off the option Use Connection Brokers if you would like to prevent any Agent in this site from becoming a connection broker. For more information refer to "Connection Brokers" on page 29. The configuration applied in Account Settings will override any selection made at site level, however, once you have configured the connection broker option in Account Settings, you can modify it manually at site level. Agent Deployment Credentials To be able to deploy an Agent across a LAN, you'll need to have a username and password for the device(s) you're going to install the Agent on. It is possible to cache these credentials so that you don't have to enter them each time for each device. The credentials entered here will be used in addition to any credential specified in Account Settings. For information on how to add Agent deployment credentials, refer to Account Settings. Switch off the option Use Account Level Agent Deployment credentials if you wish to use the credentials added at site level only. SNMP Credentials If you would like to manage SNMP-enabled devices in AEM, you can cache their SNMP credentials so that you don't have to enter these whenever adding new managed network devices. The credentials entered here will be used in addition to any credential specified in Account Settings. If you wish to use the SNMP credentials configured at site level only, switch off the option Use Account level credentials for SNMP-enabled devices. For information on how to add SNMP credentials, refer to Account Settings. For further information about how to manage your network devices, refer to "Manage and Monitor SNMPEnabled Network Devices and Printers" on page 92. ESXi Credentials If you would like to manage ESXi devices in AEM, you can cache their credentials so that you don't have to enter these whenever adding new devices. The credentials entered here will be used in addition to any credential specified in Account Settings. If you wish to use the ESXi credentials configured at site level only, switch off the option Use Account level credentials for ESXi hosts. © 2016 Autotask Corporation l Page 22 of 487 For information on how to add ESXi credentials, refer to Account Settings. For further information about how to manage your ESXi devices, refer to "Manage and Monitor ESXi Devices" on page 100. Splashtop If you cannot see this section, that is because you haven't downloaded the Splashtop extension for your account, yet. To learn how to download and enable it for your account, refer to Account Settings. Once the Splashtop Streamer is enabled for the entire account, the option Install Splashtop Automatically will be switched on at site level by default and all supported devices will automatically install the Splashtop Streamer. Turn the option off if you would like to prevent the Splashtop Streamer from being installed automatically. If the installation of Splashtop Streamer is disabled in Account Settings, you will not be able to turn in on at site level and the following message will be displayed: For further information about Splashtop settings, refer to Splashtop Remote Screen Share Integration. Email Recipients You can add one or more email recipients and define what type of email notifications they should receive. Mail recipients set up here will receive notifications from this site only. The notification type ComStore Components is available for selection in Account Settings only. It is possible to set up email recipients for the entire account. For more information on that and on how to add email recipients, refer to Account Settings. Local Caches The Local Caches option is not available for OnDemand sites. A local cache is a designated device that can be used as a component cache to store components and/or as a patch cache to store patches. For more information, refer to "Designate a Local Cache" on page 111. Once you have nominated your local caches, they will be listed in Site Settings with the following details: Name, Priority, Drive, Cache type. You can perform the following actions: © 2016 Autotask Corporation l Page 23 of 487 l l l Drag and drop any of the local caches to re-arrange their order. This allows you to prioritize which local cache your devices should contact first. Hover over one of the local caches and click on the Delete this cache icon to remove it from the list. For more information, refer to "Edit or remove a device as a local cache" on page 113. You can specify a time frame after which the cached patches should be deleted from the local patch cache. You can choose After 30/60/120/180 days or Never. By default, After 120 days is selected. Assigned Resource for End-User Tickets The Assigned Resource for End-User Tickets option is not available for OnDemand sites. You can select one of the Administrators that end-user tickets of this site should be assigned to by default. If No default user is selected, the end-user tickets will be assigned to the Administrator selected in Account Settings. If no Administrator is selected in Account Settings, the end-user tickets will be assigned to the user who registered the account. The setting applied at site level will override the setting applied in Account Settings. Variables The Variables option is not available for OnDemand sites. Here, you can specify variables that can be used when writing custom scripts or components. The variables can be defined with a specific value that the Agent will use when executing the script. How you refer to the variables in your script will be defined by the scripting language you apply (e.g. in batch scripts, you can refer to a variable in the format of %VariableName%). Site variables will override variables of the same name that are configured in Account Settings. For information on how to add variables at Account level and how to update site variables using a template, refer to the Variables and Update Site Variables sections in Account Settings. Credentials You can specify a username and password for this site. This can become useful when running a script as you can make the component require the site credentials that you set up here. For further information, refer to "Scripting" on page 306. 1. Click Edit. 2. Select Use the following credentials for this site. 3. Enter a Username and a Password. 4. Click Save. User-Defined Fields This area allows you to override the 10 user-defined fields that you can configure in Account Settings. These © 2016 Autotask Corporation l Page 24 of 487 fields can be populated with information that is not picked up in the device audit so that it can be filtered and searched upon to provide additional targeting for jobs and policies. You can enter the user-defined field information manually on the "Device Summary" on page 119 page or it can be populated by the AEM Agent on Windows devices. For further information, refer to "User-Defined Fields" on page 38. To configure the user-defined fields, do the following: 1. Hover over one of the user-defined fields and click on the pencil icon to edit it. 2. Rename the field under Site Label. 3. Click on the green tick to save the changes. Kaspersky Endpoint Security If you cannot see this section, that is because you haven't downloaded the Kaspersky Endpoint Security (KES) component for your account, yet. Once KES is downloaded, this section will be displayed. By default, the option Activate Security Management is turned ON if you have a KES policy configured for the site. Turning the setting OFF will deactivate all the currently active KES security management policies of the site. Turning the setting ON will activate all the KES security management policies that have previously been deactivated for the site. The Activate Security Management setting will automatically be turned OFF if you remove all KES policies configured for the site. To learn about other settings at account level, refer to Windows Security Center Audit. For more information about KES, refer to "Kaspersky Endpoint Security Integration" on page 208. Webroot Security Agent If you cannot see this section, that is because you haven't downloaded the Webroot Endpoint Security component for your account, yet. Once Webroot is downloaded, this section will be displayed. By default, the option Activate Security Management is turned ON if you have a Webroot policy configured for the site. Turning the setting OFF will deactivate all the currently active Webroot security management policies of the site. Turning the setting ON will activate all the Webroot security management policies that have previously been deactivated for the site. The Activate Security Management setting will automatically be turned OFF if you remove all Webroot policies configured for the site. © 2016 Autotask Corporation l Page 25 of 487 To learn about other settings at account level, refer to Windows Security Center Audit. For more information about Webroot, refer to "Webroot Endpoint Security Integration" on page 218. © 2016 Autotask Corporation l Page 26 of 487 Proxy Settings in AEM Permission to manage Site Settings Sites > click on a site > Settings > Proxy Agent Browser A proxy or proxy server is a connection (a program or a computer) between your device and the Internet. It serves as an intermediary as it processes the requests your device sends out, and returns the information you need from the Internet. Proxies are often used to hide your location or IP address, to control Internet usage (by blocking or bypassing certain websites), or to improve security. In order for your device to access the proxy server, it needs to have the correct proxy settings. Autotask Endpoint Management (AEM) can be configured with proxy settings so that it can be used in environments that use proxy servers. Proxy settings can be managed in the Web Portal within a site. Once configured, the settings will apply to any new device added to the site. Individual proxy settings can be applied locally within the Agent settings as well. How to... Configure site proxy settings in the Web Portal 1. Click on the Sites tab and click on the name of the site you wish to configure proxy settings for. 2. Click the Settings tab to the right, and scroll down to the Proxy section. 3. Click Edit. 4. Specify if the proxy type is HTTP, Socks4, or Socks5. 5. Fill in the proxy details as required by your proxy server: host, port, username, password. 6. Click Save to update the settings. © 2016 Autotask Corporation l Page 27 of 487 Once saved, the proxy settings will apply to any new Agent added to the site. Existing devices with an Agent installed will need to be manually configured for proxy. Refer to "Configure proxy settings in the AEM Agent" on page 28. You can also configure proxy settings when creating a new site by entering the above details under Proxy type on the New Site page. Refer to "Add a Site" on page 9. Configure proxy settings in the AEM Agent Site proxy settings will not apply to devices that had already been in the site before the proxy settings were configured. Therefore, existing devices with an Agent installed will need to be manually configured for proxy. 1. On the device that you would like to configure proxy settings for, right-click on the AEM icon in the system tray or click on it in the menu bar and select Settings. 2. Under the Network tab, specify if the proxy type is HTTP, Socks4, or Socks5. 3. Fill in the proxy details as required by your proxy server: DNS/IP (host), port, username, password. 4. Click OK to apply the proxy settings. © 2016 Autotask Corporation l Page 28 of 487 Connection Brokers Any User Setup > Account Settings > Custom Agent Settings Sites > click on a site > Settings > Custom Agent Settings About connection brokers Autotask Endpoint Management (AEM) uses connection brokers to reduce outbound network traffic within a subnet. This can be useful especially for low bandwidth environments where you have a number of devices connected to the AEM platform. Connection brokers handle pings and keep alive requests to tell the platform if the devices within the subnet are online or not. By default, the option to use connection brokers is enabled for every account, however, this can be disabled in Account Settings and "Site Settings" on page 20. How to... Enable / disable connection brokers The option to use connection brokers is enabled for every AEM account by default, however, you can manually disable it for the entire account or at site level. The ability to disable connection brokers can be useful when diagnosing single device problems or to overcome local network configuration issues where communication between Agents with a connection broker may be more difficult than allowing them to reach the platform directly. To disable or enable the use of connection brokers, do the following: 1. Go to Setup > Account Settings > Custom Agent Settings or Sites > select a site > Settings > Custom Agent Settings. 2. Switch the option Use Connection Brokers on or off accordingly. It will then allow or prevent any Agent from becoming a connection broker in the entire account or at site level. When switching the option off at account level, it will override any selection made at site level. However, once you have configured the connection broker option in Account Settings, you can modify it manually at site level. Nominate a device as connection broker The AEM Agent polls the platform every 90 seconds with keep-alive-messages. If the option to use © 2016 Autotask Corporation l Page 29 of 487 connection brokers is enabled at account and/or site level, and there is more than one Agent on a LAN connecting to the AEM platform, one of those Agents will automatically be designated as a connection broker. It will then deal with all the pings and keep-alive-messages from the other devices in the subnet, which keeps the outbound traffic to a minimum. To learn how an Agent obtains a node score ranking to become a connection broker automatically, refer to "Node Scores" on page 32. You also have the ability to manually select a device within your network to act as a connection broker. This will give the device a node score of 20 by default. Nominate a device as a connection broker that is likely to have the highest uptime within your network, such as a server. In order to force an Agent to become a connection broker, do the following: 1. Locate the AEM Agent on the local device and right-click on it. 2. Click Settings. 3. Click the Preferences tab. 4. Select the option Force this device to become a Connection Broker (CB). © 2016 Autotask Corporation l Page 30 of 487 5. Click OK. This will set the device to have a node score of 20, thus ensuring that the device is a connection broker. For further information, refer to "Node Scores" on page 32. If you have more than one device that has been set up as a connection broker inadvertently, the device that contacts the platform first will become the connection broker. Find the connection broker The connection broker for each site is not shown on the "Site Summary" on page 16 screen, however, you can find it through one of the ways outlined below. Through the Agent 1. Open the AEM Agent on a local device. 2. Under the Summary tab, locate the AEM Connection section to see the IP address of the connection broker through which this device is connected to the platform. 3. In case this device is the connection broker, the following entry will be displayed: In the log file If a connection broker is being used, it will be reported in the AEM log file in the following format: CB:COMPUTERNAME, Score:3 at 192.168.139.1 For further information about the log file, refer to How do I find the AEM log files? © 2016 Autotask Corporation l Page 31 of 487 Node Scores Each device with an Autotask Endpoint Management (AEM) Agent installed will obtain a node score ranking to determine whether it can be established as a Connection Broker. The node score is calculated when a device runs an audit (once a day for Managed Agents and once every 7 days for OnDemand Agents). An Agent will only respond to a connection broker request if its node score is equal to or greater than the node score of the requesting Agent. This ensures that the most robust device of the network will become the connection broker for the subnet. For more information, refer to "Connection Brokers" on page 29. Agents are graded on a score of between 0 and 19, 0 being the least suitable and 19 the most suitable to be used as a connection broker. Devices with disabled node score functionality will show -1 for their node score. The node score is calculated from the following areas: l Network connection type l Operating system type l Time elapsed since last system boot The score will be generated through the following score process: © 2016 Autotask Corporation l Page 32 of 487 © 2016 Autotask Corporation l Page 33 of 487 Designate a Local Cache Administrator Sites > click on a site > Devices Sites > click on a site > Settings > Local Caches What is a local cache? A local cache is a designated device that can be used as a component cache to store components and/or as a patch cache to store patches. A component cache stores a local copy of all downloaded components in your Autotask Endpoint Management (AEM) account and then distributes the components to other devices in the same site without the need to pull them from the AEM Amazon cloud platform. A patch cache downloads and stores patches from Windows Update to serve them for devices in the same site through a patch policy. The patch cache will continuously download new patches as the need for them arises. Using a local cache for downloading either components or patches reduces bandwidth usage and drastically improves efficiency when deploying components and conducting patching operations. A local cache is not the only way to avoid downloading a component multiple times. If the same component is scheduled to be installed on another device in the same AEM site, the target device will query other nodes on the network to see if the file exists locally. If the file is available only on a local device that is not a local cache, the Agent will download the component from that location. This is known as peer sharing. Peer sharing is only used if the component is not cached locally. Supported operating system Local cache type Supported operating system Component cache Windows Patch cache For more information on supported versions of the above operating system, refer to Supported Operating Systems and Requirements for the Agent. Requirements l Only desktops, servers, and laptops with up-to-date audit information may be nominated as local © 2016 Autotask Corporation l Page 34 of 487 caches. l l Local caches need to have adequate hard drive space to store the components and/or patches. For component caches, port 13229 must be available for inbound communications, and accessible to all devices on the local network. A local cache should preferably be a device that is always left on, e.g. a server. Default location for cached components and patches Your cached components and patches will be stored in the following locations by default: Type Location* Cached components Drive:\ProgramData\CentraStage\Packages Cached patches Drive:\ProgramData\CentraStage\Patches * You can specify the drive when nominating the cache. Refer to "Designate a device as a local cache" on page 35. How to... Designate a device as a local cache We recommend restricting individual sites to a single geographical area for the smoothest possible operation with local caches. 1. Navigate to a site and click on the Devices tab. 2. Click the check box next to the device you wish to select as a local cache. You can select more than one device. 3. Click the Add/Remove as local cache icon in the Action bar. 4. A pop-up window will appear listing all devices you have selected. You can collapse or expand each device. © 2016 Autotask Corporation l Page 35 of 487 5. Select any or both of these check boxes: Cache all Components in this account - It will nominate the device as a component cache. The device will receive all components that have been downloaded to your Component Library. Additionally, it will sync with your Component Library when a component is created, edited or deleted. Refer to "Download a component" on page 269. Cache Patches (use with a Patch Management Policy) - It will nominate the device as a patch cache. Ensure that you have at least one active patch management policy. Refer to "Create a Patch Management Policy" on page 160. 6. Select a drive on which the cached files should be stored. Refer to "Default location for cached components and patches" on page 35. A local cache will stop downloading patches if the selected drive's free disk space falls below 1 GB. 7. Click Save. 8. Your local caches will now be listed in Site Settings where you can re-arrange their order of priority, and you can also specify patch cache clearing options. Refer to "Site Settings" on page 20. For custom components only, there is an additional feature available: you can choose which components should be made available to which sites. Refer to "Map components to specific sites" on page 336. Edit or remove a device as a local cache 1. You can remove a local cache in Site Settings. Refer to "Site Settings" on page 20. © 2016 Autotask Corporation l Page 36 of 487 2. Alternatively, to either edit or remove a local cache, you can follow steps 1-4 of "Designate a device as a local cache" on page 35. 3. You can select or deselect any or both of these check boxes: Cache all Components in this account Cache Patches (use with a Patch Management Policy) 4. You can select a different drive on which the cached files should be stored. 5. Click Update. If a local patch cache is removed, the patches cached on that device will be removed almost immediately. © 2016 Autotask Corporation l Page 37 of 487 User-Defined Fields Administrator Sites > click on a site > Devices > click on a Device > Summary User-defined fields in Autotask Endpoint Management (AEM) are used for displaying device information that is not picked up during the device audit. Each device record can have up to 10 user-defined fields. You can enter the user-defined field information manually on the "Device Summary" on page 119 page or it can be populated by the AEM Agent on Windows devices. Once a user-defined field is populated with information, the data can be filtered and searched to provide additional targeting criteria for jobs and policies. Note that user-defined field information can be populated by the AEM Agent on Windows devices only. It will fail on any other operating system. For information about how to set up user-defined fields, refer to Account Settings and "Site Settings" on page 20. How to... Add user-defined field information manually In order to manually enter information into the user-defined fields, do the following: 1. Go to Sites and click on one of your sites. 2. Click on the Devices tab and click on one of the device records. 3. On the Device Summary page, click the Edit hyperlink next to the device description. 4. Add the required information into the user-defined fields. © 2016 Autotask Corporation l Page 38 of 487 5. Click Save. For more information, refer to "Device Summary" on page 119. Populate user-defined field information automatically Having user-defined field information displayed on the device summary page does not have to be a manual process exclusively. On Windows devices, user-defined fields can also be populated by the AEM Agent. By adding entries to the device registry, the Agent will send the data back to the platform and the user-defined fields will get populated automatically. This makes for an extremely powerful and useful tool, especially when coupled with the scripting and component mechanisms within AEM. For information on scripting, refer to "Scripting" on page 306. You can use either of the two ways described below to add registry entries to your devices. Use the command line 1. Open the Command Prompt window. 2. To add a registry entry via the command line, use the following syntax: REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage /v CustomField /t REG_SZ /d "ValueForFieldHere" /f 3. Make the necessary changes in the command line: © 2016 Autotask Corporation l Page 39 of 487 Field What to Enter CustomField This will be the string value name once added to the registry. Enter one of Custom1, Custom2, ... Custom10, according to the user-defined field you wish to populate. Custom1 will populate User-Defined Field 1, Custom2 will populate User-Defined Field 2, and so on. ValueForFieldHere This will be the string value data once added to the registry. Enter the information you would like to display on the device summary page. For example, the following command would put the name "Joe Smith" in User-Defined Field 1: REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage /v Custom1 /t REG_ SZ /d "Joe Smith" /f 4. Click Enter. Use RegEdit 1. Open the Registry Editor. 2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\CentraStage. 3. Right-click in the right-hand window and select New > String Value. 4. Rename the New Value. Enter one of Custom1, Custom2, ... Custom10, according to the userdefined field you wish to populate. Custom1 will populate User-Defined Field 1, Custom2 will populate User-Defined Field 2, and so on. © 2016 Autotask Corporation l Page 40 of 487 5. Double-click on the value to edit the string. 6. Enter the Value data. This is the information that will be displayed on the device summary page. 7. Click OK. Once the Agent connects to the platform, it will send back the data added to the registry and the information will be displayed on the device summary page in each user-defined field accordingly. © 2016 Autotask Corporation l Page 41 of 487 Devices Devices are the endpoints that are managed in your Autotask Endpoint Management (AEM) account. All devices are associated with a site. Devices do not automatically materialize in AEM when you add a site. You must add them to AEM first. The exact method depends on the type of device (e.g. desktop or mobile), and the operating system of the device. Refer to "Add a Device to AEM" on page 43. Once you have gained visibility of all devices you want to manage, you have a number of tools at your disposal to: l l l l Take an inventory of the hardware and software installed on a device. Refer to "Audits" on page 106. Find out how to access details about an individual device or perform actions on multiple devices, refer to "Manage Devices" on page 115. Organize your device estate by creating filters and groups that allow you to target policies and jobs at just the right subset of devices. Refer to "Target Devices with Filters and Groups" on page 129. For an overview of the Device Summary page, refer to "Device Summary" on page 119. © 2016 Autotask Corporation l Page 42 of 487 Add a Device to AEM Devices do not automatically materialize in AEM when you add a site. You must add them to AEM by using one of these methods: l l Install an Agent. This method works for desktop and mobile devices that have an operating system. Manage your device through a network node device. If you cannot install an Agent on your device (e.g. on your switch, router, printer, ESXi device, or any device that does not have an operating system), a network node device can manage it for you. Devices with an Agent installed Devices that have an operating system become visible to the Web Portal when an Agent is installed that allows you to audit and manage the device. About Agents Agents are lightweight applications that allow you to establish a remote connection between devices. Agents allow you to collect information about the customer's network, hardware and software, remotely support customers, proactively monitor every endpoint, deploy patches, create alerts, schedule maintenance jobs, and more. Agents need to be installed on both the device you’re connecting to, and the device you’re doing the connection from. For more information, refer to The AEM Agent and Agent Browser. Agents and Operating Systems Agents are specific to the operating system of the device they are installed on. Autotask Endpoint Management provides Agents for Windows, Mac and Linux operating systems, as well as for iOS and Android mobile devices. For a feature comparison of the different types of Agents, refer to "Types of Devices" on page 44. Types of Agents There are two types of Agents that differ in functionality: Managed, and OnDemand. Managed gives the service provider a lot more functionality. OnDemand requires that the customer allows the remote takeover. Which one is deployed depends on the type of site the device is associated with. Refer to Managed and OnDemand Agents. For more information about Agents, refer to AEM Agent. © 2016 Autotask Corporation l Page 43 of 487 Types of Devices There are three types of devices that differ significantly with regard to the Agent that is installed on them and the features that are available. Server, Desktop and Notebook Devices AEM supports Windows, Mac and Linux operating systems, but Agent features differ between the different O/S. Features of server, desktop and notebook Agents Features Windows Mac Linux Monitors Online status CPU Memory Component Running processes Services Event log Software log Security Center Disk usage File / folder Security Management Datto Device audit Software Hardware Change log Disk usage © 2016 Autotask Corporation l Page 44 of 487 Features Windows Mac Linux Remote takeover To Mac To Windows From Mac From Windows Proxy settings Ticket creation Remote Agent features File transfer Remote shell Privacy mode Screenshot Service manager Shut down / restart LAN deploy Task manager Remote registry Quick jobs Event log Wake on LAN For information on deploying and installing agents on servers, desktops and notebooks, refer to "Deploy and Install Agents on Servers, Desktops and Notebooks" on page 50. Mobile Devices AEM supports iOS and Android operating systems, but again, Agent features differ between the different O/S. Features of Agents for mobile devices © 2016 Autotask Corporation l Page 45 of 487 Features iOS Android Device Audit List device information List network information List installed applications Show device location Manage device Erase device and settings Lock device Unlock device Change passcode Passcode policy WI-FI credentials VPN credentials Password protect against policy removal * Restrictions Allow use of camera Allow installing apps Allow screen capture Allow voice dialing Allow FaceTime Allow automatic sync when roaming Allow Siri © 2016 Autotask Corporation l Page 46 of 487 Features iOS Android Allow Siri while locked Allow Passbook notifications while locked Allow in-app purchases Force users to enter iTunes Store password for all purchases Allow multiplayer gaming Allow adding Game Center friends Show Control Center in lock screen (iOS 7) Show Notification Center in lock screen (iOS 7) Show Today view in lock screen (iOS 7) Allow documents from managed apps in unmanaged apps (iOS 7) Allow documents from unmanaged apps in managed apps (iOS 7) Allow use of iTunes Store Disable Safari popup-blocking functionality Allow use of Safari Enable Safari autofill Force Safari fraud warning Enable Safari javascript Allow iCloud backup Allow iCloud document sync Allow iCloud Keychain sync (iOS 7) Allow photo stream Allow shared stream © 2016 Autotask Corporation l Page 47 of 487 Features iOS Android Allow diagnostic data to be sent to Apple Allow user to accept untrusted TLS certificates Force encrypted backup Allow automatic updates to certificate trust settings (iOS 7) Force limited ad tracking (iOS 7) Allow finger print for unlock (iOS 7) Allow explicit music and podcasts Rating Apps Rating Movies Rating TV Shows Show iMessage Allow app removal Allow Game Center Allow Bookstore Allow Bookstore erotica Allow UI configuration profile installation Allow modifying account settings (iOS 7) Allow AirDrop (iOS 7) Allow changes to cellular data usage for apps (iOS 7) Allow user-generated content in Siri (iOS 7) Allow modifying Find My Friends settings (iOS 7) Allow host pairing (iOS 7) © 2016 Autotask Corporation l Page 48 of 487 *You can apply password protection, but be aware that Apple devices are ultimately in the user's control, who can remove the policy. For information on deploying and installing agents on mobile devices, refer to "Manage Mobile Devices (MDM)" on page 78. Devices without an Agent installed Network devices and printers Network devices and printers lack an operating system and therefore do not support the installation of an agent, but can still become managed devices using SNMP. For further information, refer to "Manage and Monitor SNMP-Enabled Network Devices and Printers" on page 92. ESXi devices The AEM Agent cannot run on ESXi devices. To learn how you can manage and monitor them, refer to "Manage and Monitor ESXi Devices" on page 100. © 2016 Autotask Corporation l Page 49 of 487 Deploy and Install Agents on Servers, Desktops and Notebooks About Agents Agents are lightweight applications that allow you to establish a remote connection between devices. Agents allow you to collect information about the customer's network, hardware and software, remotely support customers, proactively monitor every endpoint, deploy patches, create alerts, schedule maintenance jobs, and more. Agents need to be installed on both the device you’re connecting to, and the device you’re doing the connection from. For more information, refer to The AEM Agent and Agent Browser. Agents and Operating Systems Agents are specific to the operating system of the device they are installed on. Autotask Endpoint Management provides Agents for Windows, Mac and Linux operating systems, as well as for iOS and Android mobile devices. For a feature comparison of the different types of Agents, refer to "Types of Devices" on page 44. Types of Agents There are two types of Agents that differ in functionality: Managed, and OnDemand. Managed gives the service provider a lot more functionality. OnDemand requires that the customer allows the remote takeover. Which one is deployed depends on the type of site the device is associated with. Refer to Managed and OnDemand Agents. Deploying Agents Since each device must have an Agent installed, one thing you need to think about is how you will get the Agent onto each device. Refer to "Methods for Deploying Agents" on page 51. Installing and Uninstalling Agents Manually installing and uninstalling agents can be necessary with some deployment methods, or as a part of troubleshooting a problem. Refer to "Install and Uninstall Agents" on page 66. Use an Agent Policy to Update Agent Settings To edit the Agent settings, using an Agent Policy is the most elegant way to do it. Refer to "Create an Agent Policy" on page 74. © 2016 Autotask Corporation l Page 50 of 487 Methods for Deploying Agents When you become an Autotask Endpoint Management (AEM) customer, and every time you on-board a new customer, the first task is to deploy Agents to all the devices. This can be a bit of a chicken and egg problem: the very tool you use to deploy software isn't on the device yet. There are, however, a number of different deployment methods, including using an existing software deployment mechanism, manual installation either by technicians or end-users, using the startup script functionality built into Windows Group Policy, or using the LAN Deploy tool built into the Agent itself. To help you figure out the best way to go about it, refer to the following table. Agent Deployment SituBest Option ation You are replacing another RMM software with Autotask Endpoint Management In this circumstance, the best option is to use the old RMM to deploy and install AEM Agents to all devices. When that is done, use AEM to remove the old RMM's Agent. The site you are deploying the Agents to has a domain controller If you are planning on deploying Agents across a Windows Active Directory domain, you can use the startup script functionality built into Windows Group Policy to do the deployment for you. This will ensure that the deployment is touching every device that applies the GPO, with minimal levels of manual intervention. Refer to "Deploy Agents Using Active Directory" on page 53. No Agent on the network If this is a new customer and there is no Agent installed anywhere on the network, you must email or manually install the Agent on at least one device. Refer to "Download or Email the AEM Agent" on page 57. Another device on the network already has the Agent installed If one device on a LAN already has an Agent installed and you have the right permissions, you can deploy this Agent to devices that don't have it across the LAN. This works for both Windows and OS X. Refer to "LAN Deployment Using the Agent Browser (Windows Only)" on page 59 and "LAN Deployment from the Web Portal" on page 62. If you are cloning or ghosting a device that has an Agent installed, you must first remove it. Refer to "Cloning or Ghosting Devices that Have AEM Installed" on page 73. © 2016 Autotask Corporation l Page 51 of 487 You cannot install Agents on switches, routers, UPSs, printers, etc., because these devices don't have an operating system. However, devices that can be managed using Simple Network Management Protocol (SNMP) can still be monitored. Refer to "Manage and Monitor SNMP-Enabled Network Devices and Printers" on page 92. The AEM Agent cannot run on ESXi devices, however, a network node device can manage and monitor them. For further information, refer to "Manage and Monitor ESXi Devices" on page 100. © 2016 Autotask Corporation l Page 52 of 487 Deploy Agents Using Active Directory On Microsoft Servers, a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain (source: Wikipedia). In the Windows 2000 operating system, a Group Policy Object (GPO) is a collection of settings that define what a system will look like and how it will behave for a defined group of users. Microsoft provides a program snap-in that allows you to use the Group Policy Management Console (GPMC). The selections result in a GPO that defines registry-based polices, security options, software installation and maintenance options, scripts options, and folder redirection options. The GPO is associated with selected Active Directory containers, such as sites, domains, or organizational units (OUs). How to... Create the deployment component 1. Download the AEM Agent from a Managed site and rename the installer to CagSetup.exe. Refer to "Download or Email the AEM Agent" on page 57. 2. Download the component Deploy CAG installation files to server for AD deployment. 3. Click the Components tab. 4. Click Import Component and upload the file into your components library. 5. Scroll down to the Files section and click Add File. Select the CagSetup.exe file. 6. At the top of the page above the General section header, click the star icon so you can use this component in a Quick Job. 7. Click Save. Once that's done, the component will look like this: © 2016 Autotask Corporation l Page 53 of 487 The deployment component only needs to be created once. It can be used to target Domain Controllers in different sites with the same Agent installer as it will dynamically modify its behavior at run time. The site and site proxy settings of the targeted Domain Controller will be inherited by any endpoints that receive the deployment GPO. Run the deployment component on your domain controller 1. Navigate to the Site > Devices page and select the Domain Controller on which you would like to run the deployment component. 2. Click Run a Quick Job. 3. Select Deploy CAG installation files to server for AD deployment. © 2016 Autotask Corporation l Page 54 of 487 4. Leave all the other options at their default settings and click OK to run the job. 5. Confirm that the quick job has completed successfully. You should see that the stdout looks something like this: Add the startup script to the Group Policy Object (GPO) To create the required startup script, you must be logged onto the server itself. You can do that either through an AEM remote session, or directly at the console. 1. Open the GPO you want to add the script to in the Group Policy Management Console (gpmc.msc). Which GPO you choose will depend on the planned scope of the Agent deployment you want to carry out. If this Agent will be rolled out across the entire domain, you may want to use the Default Domain Policy. If you want to target a specific set of devices, you should use either a policy which only applies to that organizational unit, or which has been filtered using security filtering to only apply to your subset of devices. © 2016 Autotask Corporation l Page 55 of 487 Note that because this is a startup script, it should target machines, not users, and should be set on a policy which does not have the machine part of policy disabled. 2. In the console tree, click Scripts (Startup/Shutdown). 3. At the details pane, double-click Startup to open the startup script properties. If any startup scripts are already defined within this policy, they will be shown here. 4. In the Startup Properties dialogue box, click Add. 5. Add the CS_Agent_Deploy.bat file contained in "\\NETLOGON\CentraStage" as your startup script. The group policy is now set and Agents will be rolled out to the targeted devices at their next startup. It is advisable to periodically update the component “Deploy CAG installation files to server for AD deployment" with the latest version of the AEM Agent. © 2016 Autotask Corporation l Page 56 of 487 Download or Email the AEM Agent If you want to deploy an Agent to a device on a network that does not yet have an Agent installed anywhere, you must download the Agent from the Autotask Endpoint Management (AEM) Web Portal, or email the download link to the user. This method assumes that you have a login to the Web Portal. This will be the case if you are a staff member of an MSP company. You will need to install the Agent to be able to use the Agent Browser to support customers remotely. Customers will not have access to your Web Portal, but you can email them the Agent executable file. To download or email the Agent: 1. Log into the AEM Web Portal with your username and password. 2. Click the Sites tab and select the site this device will be associated with. 3. In the top left corner, click New Device. A window with links to the Agents for the various supported platforms will open. Depending on the type of site you selected and whether you have added the Mobile Device Management extension to your account, you may see different logos in this window. For further information, refer to "Methods for Deploying Agents" on page 51. 4. Select the operating system for the target device. The New device window opens. © 2016 Autotask Corporation l Page 57 of 487 5. To download the Agent to your own computer, click on the logo in this window. 6. To email the download link to someone else, either enter the email addresses into the box, separated by a semicolon, or click the send the link from your email client instead link. When you select the first option, a template email is sent, when you select the second option, you can customize the email the link is embedded in. The email field in the AEM Web Portal only accepts the following characters: a-z, A-Z, 0-9, @, and !#$%&'`*+-|/=?^_{}~. The user will receive an email with a link that when clicked will download an executable file to their computer. The name of the executable is AgentSetup_<sitename>.exe. 7. To install the Agent, the user must double-click on the executable file to begin the installation. When the Agent is installed, it will connect to the platform, and a full hardware and software audit of the device will be sent back to the Web Portal. You can view this information by clicking on the device. Refer to "Audits" on page 106. © 2016 Autotask Corporation l Page 58 of 487 LAN Deployment Using the Agent Browser (Windows Only) If one of the devices on the LAN has the Agent installed, the deployment to the remaining devices can be initiated from the Agent Browser and the Web Portal. For information on deploying from the Web Portal, refer to "LAN Deployment from the Web Portal" on page 62. Warnings This method of deployment has prerequisites that weaken the overall security of the environment. It should only be used if Active Directory deployment is not an option. In the past, PsExec has been utilized by some viruses to remotely run malicious code. PsExec itself is not a virus, nor does it run malicious code on its own. Adding a registry key to enable access to the ADMIN$ share, making exceptions to any A/V product and opening ports is by definition going to weaken the overall security of the environment. By using LAN Deploy you acknowledge that you are aware of this. After you have deployed the Agent, reverse all changes you made to allow LAN deployment. Prerequisites Enable remote access to the Admin$ share Starting with Windows Vista, UAC has by default required elevated privileges to access the administrative shares. Details on this can be found here: Microsoft Support Article (951016). You can enable this share either by accessing the Microsoft support article above and downloading the Fix It to make a Registry entry, or you can copy the following into the start menu search box: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System/v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f File and printer sharing File and printer sharing must be enabled on the devices you wish to deploy to. Ports 445 and 139 Inbound must be open. Password You cannot authenticate as a user with a blank password. The user account with the correct permissions to enable an install must have a password to work using PsExec. Anti-virus This process assumes that all anti-virus programs are configured to allow the use of PsExec, which can stop the use of this program. © 2016 Autotask Corporation l Page 59 of 487 How to... Initiate LAN deploy 1. Connect to a device which is on the local network of the devices you wish to deploy your Agent to. The Agent Browser window will open. 2. Click on the Agent Deployment icon (the one with the 3 computer screens). The new tab you see will be split into a top and a bottom pane. 3. Click Device Discovery above the top pane. The scan process will start and list all devices within the same domain or workgroup. 4. Check all the devices you wish to deploy to. 5. Click Deploy. If you haven't already done so via the Settings button, you will be prompted to enter the credentials for the deployment. All devices on the local LAN must have the same username and password, and the user account must have appropriate permissions to install the Agent. 6. Enter the domain\user and the password and click OK. © 2016 Autotask Corporation l Page 60 of 487 This will initiate the deployment to the devices. Each device the Agent has been deployed to will be listed in the bottom pane. The deployment status will be updated every 2 seconds. The results of each device's deployment will be recorded in the Installed, Date and Output columns. Extended deployment information will appear when you mouse over the Output column. There is also an option to add device names manually in the lower window. Once the hostname(s) are entered, click OK and the Agent installation will begin. © 2016 Autotask Corporation l Page 61 of 487 LAN Deployment from the Web Portal If one of the devices on the LAN has the Agent installed, the deployment to the remaining devices can be initiated from the Agent Browser and the Web Portal. For information on deploying from the Agent Browser, refer to "LAN Deployment Using the Agent Browser (Windows Only)" on page 59. The LAN deployment from the Web Portal works for both Windows and OS X. Deployment of a Windows Agent must be initiated from a device with an existing Windows Agent, and deployment of an OS X Agent must be initiated from an OS X device with an existing OS X Agent installed. The device you want to use for deployment must meet the following criteria: l l It must be online, and selected as a network node with network scanning. Refer to "Discover Devices on the Network" on page 183. It must have completed a full audit in order to populate the discovered devices list. Refer to "Audits" on page 106. To deploy an Agent across a LAN, you need to have a username and password for the device or devices you're going to deploy to. We recommend that you cache these credentials in the Web Portal so that you do not have to enter them each time for each device. Refer to "Cache logon credentials" on page 62. How to... Cache logon credentials You can cache logon credentials (agent deployment credentials) at account or site level. When deploying from a site, any details entered at site level will be used in addition to those specified at account level, unless you turn this option off. For further information on how to cache logon credentials, refer to the Agent Deployment Credentials section in Account Settings and "Site Settings" on page 20. Deploy an Agent to devices A Windows Agent can only be deployed from a Windows device with a Windows Agent, and the OS X Agent can only be deployed from an existing OS X device with an OS X Agent installed. 1. Log into the Web Portal. 2. Navigate to the site of the Windows or OS X device you wish to deploy from, and click the Devices tab. 3. Select the device that has the Windows or OS X Agent already installed. © 2016 Autotask Corporation l Page 62 of 487 4. Click the Add/Remove as Network Node icon Network scanning). in the action bar and select Network Node (with 5. In the dialog box, click OK. The page will refresh, and the icon if front of the hostname column will show a green symbol indicating that the device has been nominated as a network node. 6. Select your device again and click Request device audit(s) to force an immediate scan of the network the device is a part of, and confirm the action in the dialog box. Allow 10-15 minutes for the audit results to come through. 7. Click the Manage tab and make sure the Network Management radio button is selected. 8. Expand the Discovered Devices section and click the Windows radio button to filter devices with a Windows operating system. If you are deploying OS X Agents, click All to make sure OS X devices are displayed. 9. Select all devices you want to install the Agent on. You can click the check box in the header row to select all devices on this page. 10. Click the Manage Device icon in the Action bar. A modal window will open. © 2016 Autotask Corporation l Page 63 of 487 11. Click the Windows or OS X symbol. Another window will open. 12. If you selected more than one device to be managed, and the devices got discovered by different network node devices, you will be able to select which network node device the Agent should be deployed from. Choose the correct network node device from the drop-down list on the top of this window. 13. Next, you must enter credentials for the target devices. You have two options. The first is Admin Logon Credentials. When you select this option, you must enter the relevant Username and Password for the devices you wish to deploy to. The second is to Use Account/Site Agent Deployment Credentials. These can be cached, so you don’t have to enter them manually every time. Refer to "Cache logon credentials" on page 62. 14. Click Deploy. The deployment request will be submitted. 15. To view the progress of the deployment, click on the hostname hyperlink. This will open the Activity Log for the device. © 2016 Autotask Corporation l Page 64 of 487 16. To view the details of the deployment, click the icon in the Results column. © 2016 Autotask Corporation l Page 65 of 487 Install and Uninstall Agents With most deployment methods, the Agent is installed automatically on the targeted devices. Manual installation is only necessary if the automated installation fails, or the Agent was emailed to a device. In that case, the installer must be launched manually. Uninstalling and reinstalling the Agent can become necessary as part of troubleshooting a device. The process is different depending on the operating system of the endpoint. Refer to: l "Install or Uninstall the Agent on Windows" on page 67 l "Install or Uninstall the OS X Agent" on page 70 l "Install or Uninstall the AEM Agent on Linux" on page 72 l "Manage Mobile Devices (MDM)" on page 78 l "Install or Uninstall an Android Agent" on page 80 l "Install or Uninstall an iOS Agent" on page 82 If you intend to permanently remove a device from a site and your account, uninstalling the Agent from the devices is not enough. You must first delete the device from the site, and then from the Deleted Devices site. Refer to "Delete Devices" on page 127. © 2016 Autotask Corporation l Page 66 of 487 Install or Uninstall the Agent on Windows Administrator How to... Install the Agent on Windows 1. Go to the Sites tab and click on the name of the site you want to add your device to. 2. Click on the New Device button in the top left corner of the page. A window with links to the Agents for the various supported platforms will open. Depending on the type of site you selected and whether you have added the Mobile Device Management extension to your account, you may see different logos in this window. For further information, refer to "Methods for Deploying Agents" on page 51. 3. Click on the Windows logo. Another popup will appear. © 2016 Autotask Corporation l Page 67 of 487 4. Click the Windows logo to download the agent onto your computer, or enter an email address to email the agent to another device. 5. Open the downloaded or emailed file and install the Agent. The installer is silent so you will not see any progress bar or indicator. Once the agent has been installed, the AEM icon will be displayed in the system tray of your computer. Uninstall the Agent on Windows Occasionally, the fastest way to resolve certain problems with the agent is to fully remove the agent from a device and then reinstall it. 1. On your computer, navigate to Start > Control Panel > Programs and Features. 2. Select the CentraStage application and click Uninstall. The Agent will disappear from the list of programs. 3. Delete the following directories on the Windows device: l C:\Program Files (x86)\CentraStage l C:\Programdata\centrastage l C:\Users\[USERNAME]\Appdata\Local\Centrastage l C:\Windows\System32\config\systemprofile\AppData\Local\CentraStage The Agent has now been fully removed from the Windows device. Microsoft .NET Framework Repair Tool The AEM Agent runs on top of Microsoft .NET Framework, so any issues with this will affect the smooth running of the Agent. For more information, refer to Detailed Windows requirements. If the .NET Framework is not installed or is malfunctioning on your device, you are likely to get a JIT (just-intime) error message, even after a complete uninstall and reinstall of the Agent: © 2016 Autotask Corporation l Page 68 of 487 Microsoft has released the .NET Framework Repair Tool that in most cases fixes the issue described above. For further information, refer to Microsoft .NET Framework Repair Tool. Once you have run the repair tool, it is advisable that you uninstall and reinstall your Agent. © 2016 Autotask Corporation l Page 69 of 487 Install or Uninstall the OS X Agent Administrator permissions on the device How to... Install the Agent on a Mac 1. Go to the Sites tab and click on the name of the site you want to add your device to. The site must be a Managed site. 2. Click on the New Device button in the top left corner of the page. A window with links to the Agents for the various supported platforms will open. Depending on the type of site you selected and whether you have added the Mobile Device Management extension to your account, you may see different logos in this window. For further information, refer to "Methods for Deploying Agents" on page 51. 3. Click on the OS X icon. Another pop-up will appear. 4. Click on the OS X icon to download the Agent onto your computer, or enter an email address to email the Agent to another device. 5. Open the downloaded or emailed file and unpack the .zip file. 6. Open the AgentSetup folder and double click the file called CAG.pkg. 7. Complete the wizard to install the Agent. Once the Agent has been installed, the AEM icon will be displayed in the menu bar of your computer. Uninstall the Agent from a Mac 1. Open Terminal. 2. Run the following command: sudo bash /Applications/AEM\ Agent.app/Contents/Resources/uninstall.sh 3. The Agent will now be uninstalled from the device. Completely remove the Agent from the device © 2016 Autotask Corporation l Page 70 of 487 If you have problems reinstalling the Agent on a Mac, it may be necessary to completely remove the Agent from the device. After uninstalling the Agent using a local script, use one of the following methods: Terminal 1. Open Terminal. 2. Enter the following commands, entering your password where prompted: sudo rm -rf /usr/local/share/Centrastage and sudo rm -fr /var/root/mono/registry/CurrentUser/software/centrastage Finder 1. If your preference is to use Finder, ensure you have enabled root. You can do so by following the instructions in this article. Using the instructions for Lion will also work for later versions. 2. Once the root user is enabled, type the following into Terminal to show all files in Finder: defaults write com.apple.finder AppleShowAllFiles and then killall Finder 3. If you are using Mavericks 10.9 or later, add -boolean true to the end of the first command so it looks like this: defaults write com.apple.finder AppleShowAllFiles -boolean true 4. Delete the following directory: l /usr/local/share/Centrastage l /var/root/mono/registry/CurrentUser/software/centrastage © 2016 Autotask Corporation l Page 71 of 487 Install or Uninstall the AEM Agent on Linux Linux Agents run on the MONO framework, the open source version of .NET for UNIX O/S. When you install the Agent, a full version of MONO will be installed. If a previous version of MONO is already installed on the device, it may have to be removed prior to re-installation by the Agent. Refer to I have troubleshooting issues with Mono in Linux. How to... Install the Agent on Linux For information about supported Linux versions, refer to Supported Operating Systems and Requirements for the Agent. To install the Linux Agent: 1. Download the Linux Agent from the Web Portal. Refer to "Download or Email the AEM Agent" on page 57. The Linux Agent setup file will have a .sh extension (AgentSetup_Managed.sh). 2. Open your Terminal app. 3. Change the directory to the folder that contains the .sh file: cd[folder containing the AEM .sh file] 4. Type sudo sh AgentSetup_[filename].sh and enter your password when prompted. The Agent will be installed. 5. Close the terminal window when you are able to type text into the window again. Your device should now appear in the AEM Web Portal. Uninstall the Agent on Linux If you are uninstalling the Linux agent from Redhat, make sure your username is included on the sudoers list. If it is not, please see this guide which will explain how to do so. 1. Open a Terminal session. 2. Type: sudo /opt/CentraStage/uninstall.sh 3. A script will run that will uninstall the Agent. © 2016 Autotask Corporation l Page 72 of 487 Cloning or Ghosting Devices that Have AEM Installed Each endpoint in AEM uses a unique device ID to identify itself correctly to the AEM Web Portal. This ID is stored locally in the registry on each device. If you need to clone or ghost a device with an AEM Agent installed, you must remove the ID before you clone or ghost to avoid duplicate devices (multiple devices with the same ID) appearing in your AEM Web Portal. Incorrectly editing the registry can cause issues on your devices. We recommend that you back up the registry before editing. 1. Disconnect the device from the Internet. 2. Open the Registry Editor (regedit.exe) from the Start menu search. 3. Navigate to HKEY_LOCAL_MACHINE/Software/CentraStage. 4. Delete the DeviceID and everything else in the CentraStage folder. 5. Clone your device. © 2016 Autotask Corporation l Page 73 of 487 Create an Agent Policy Permission to manage Policies at Account and/or Site level Account > Policies Sites > select a site > Policies What is an Agent policy? Agent policies deploy settings to affect the operation and configuration of the Autotask Endpoint Management (AEM) Agent. They may affect Privacy Mode, the Agent installation and service, security, or the Agent Browser mode. For information about the Agent, refer to AEM Agent. How to... Specify the Policy Details for an Agent policy 1. Agent policies can be set up in the Web Portal at both account and site level. Refer to "Add a policy" on page 251. 2. On the Policy page, click New account policy... or New site policy.... 3. Give the policy a Name. 4. Select the type Agent. 5. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 6. Click Next. 7. Click on Add a target... to target your devices through a specific filter or group. If you want to target © 2016 Autotask Corporation l Page 74 of 487 more than one filter or group, add another target to the policy. For more information, refer to "Filters" on page 130 and "Groups" on page 142. Devices of "unknown" device type will not be targeted by the policy. 8. Click Add. 9. Choose one or more of the following options: Field Description Privacy Mode Options Activate Privacy Mode Automatically turns on Privacy Mode for all devices targeted by the policy and will require end user permission when connecting to a targeted device. Once Privacy Mode is enabled on a device, the AEM Administrator cannot disable this setting. Privacy Mode can only be disabled by the end user on the device itself. For further information, refer to Privacy Mode. Allow connections when no user is logged in Allows you to connect to a device when no user is logged in but Privacy Mode is active on the device. Only require endpoint permission for restricted tools Allows you to configure Privacy Mode in a way that end user permission is only required when the following tools are used: VNC, RDP, Splashtop, Screenshot. Service Options Install Service only No system tray icon or Start menu shortcuts will be installed. It is only available for Windows devices. Refer to "Hide the AEM Agent Icon" on page 76. © 2016 Autotask Corporation l Page 75 of 487 Field Description Disable incoming jobs Prevents the Agent from running jobs. For information on what kind of components can be installed if this feature is enabled, refer to How to run a user task from the Agent. Disable incoming support Prevents remote access to a device from another device. Disable audits Prevents the Agent from submitting audits to the platform. Agent Policy Options Disable Privacy options Removes access to the Privacy Mode Options in the Agent. You cannot disable Privacy Mode in the Agent using this setting if Privacy Mode had already been activated. Once Privacy Mode is enabled on a device, it can only be disabled by the end user. Disable Settings menu Removes access to the Settings menu in the Agent. Disable Quit options Removes the option for the user to exit the Agent. Disable Tickets tab Removes the option for the user to log a ticket through the Agent. Agent Browser Mode Disabled Prevents any access to the Agent Browser window. User - No access to Support tab Allows the user to open the Agent Browser window but prevents them from logging in. For more information, refer to Log into the Agent Browser. Admin - can log into Support tab Allows full access to the Agent Browser window. Refer to Agent Browser. This is the default option. 10. Click Save. The window will close, and you will be returned to the policy list page. 11. Click Push changes to activate the policy. Hide the AEM Agent Icon This functionality is only available for Windows devices. © 2016 Autotask Corporation l Page 76 of 487 Sometimes you may want to hide the Autotask Endpoint Management (AEM) icon in the system tray or menu bar because you do not want your end users to access all the options it offers (for example, the option to create a ticket), or because you want to prevent the users from stopping the Agent or turning on Privacy Mode. To hide the Agent icon from the end user, check Install Service Only. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. Once the change has been applied on the Agent, the AEM Agent icon will be hidden on the local device. © 2016 Autotask Corporation l Page 77 of 487 Manage Mobile Devices (MDM) The Mobile Device Management component must be downloaded from the ComStore so that you can manage mobile devices in the Web Portal. The Autotask Endpoint Management (AEM) Mobile Device Management (MDM) service gives AEM administrators the ability to enroll and manage mobile devices from within the AEM Web Portal. For supported Android and iOS versions, refer to Supported Operating Systems and Requirements for the Agent. For a feature comparison of iOS and Android Agents, refer to "Mobile Devices" on page 45. MDM features in the Web Portal Once the MDM Agent has been installed on the device, it will appear in the Web Portal under the associated site and display audit information including: l Hardware - Manufacture, Model, IMEI, Serial number l Software - OS and version plus installed apps with version l Performance - Storage l Usage - User, Operator, Number, Location Mobile devices will automatically update their audit information once every 24 hours or on demand. Mobile devices have a number of extra buttons available in the standard Action bar: Icon Name Description Remote Wipe Perform a remote factory reset of the device. Warning: this will remove all user data. Remote Lock Lock a device. Remote Unlock Unlock a locked device and strip the passcode. This will force the user to add a new passcode within 60 minutes. Passcode Policy Will force the user to create a simple 4 digit passcode. How to... Enable the Mobile Device Management extension © 2016 Autotask Corporation l Page 78 of 487 1. In the Web Portal, click the ComStore tab and select Extensions. 2. Click on Mobile Device Management. 3. On the window that opens, click Add to my Component Library. Once downloaded, the extension will add the Apple Push Certificate section to Setup > Account Settings. For further information, refer to Account Settings. Install the MDM Agent on a mobile device To install an MDM profile on a mobile device use the following guides: "Install or Uninstall an iOS Agent" on page 82 "Install or Uninstall an Android Agent" on page 80 Manage Passcode rules, VPN setup, WiFi credentials and restrictions on iOS devices Refer to "Create an iOS Mobile Device Management Policy" on page 86. Control the applications that can be downloaded to an iOS device Refer to "iOS Software Management" on page 189. © 2016 Autotask Corporation l Page 79 of 487 Install or Uninstall an Android Agent Before you can roll out Agents to mobile devices, you must go to the ComStore and download the Mobile Device Management Extension. Refer to "Manage Mobile Devices (MDM)" on page 78. Administrator ComStore > Mobile Device Management Extension The Autotask Endpoint Management (AEM) Mobile Device Management (MDM) service gives AEM administrators the ability to roll out (enroll) and manage mobile devices from within the AEM Web Portal. Enrolling an Android device requires either the execution of the device enrollment file (enclosed with the enrollment email), or scanning of the necessary site’s QR code. Before starting, make sure to download the Mobile Device Management component from the ComStore. Refer to "Manage Mobile Devices (MDM)" on page 78. In case you choose to enroll your Android device through the enrollment email, ensure that you have a native Android mail client installed on the device. Supported versions For information on supported Android versions, refer to Supported Operating Systems and Requirements for the Agent. How to... Install the Agent using the QR code (preferred method) 1. Download and install the CentraStage app from Google Play. 2. Launch the AEM Web Portal. 3. Open the site the device will be associated with. 4. Click on the site QR Code icon will display. found to the right of the site name (top right corner). The QR code 5. Open the CentraStage app on the mobile device. 6. Select Activate. 7. Click the cog icon. © 2016 Autotask Corporation l Page 80 of 487 8. Click Open Scanner. 9. Hover the camera over the QR code until the code is read successfully. The device will be added to the site and audited automatically. Install the Agent using the enrollment file 1. In the Web Portal, navigate to the Sites tab and click on a site. 2. Click New Device and choose the Android icon. The Android icon is only visible if you have downloaded the Mobile Device Management Extension. Refer to "Manage Mobile Devices (MDM)" on page 78. 1. Add an email address to send the site's Agent to. For multiple addresses, separate the addresses with a semicolon. 2. On the Android device, using the Android mail client, open the Centrastage Agent Download Instructions email. 3. Click the Google Play link in the email. 4. Click Install. 5. On the app permissions page, click Accept. Wait for the install to complete. Don't open the app from Google Play. 6. Go back to the e-mail and tap on the cs-config.mdm attachment (this may appear at the top or bottom of the email depending on your mail client). 7. Complete the action using Device Enrollment. 8. Confirm that you want to activate the Device Administrator, which will allow remote management of your device, up to and including erasing all data. 9. Click Activate to launch the CentraStage MDM app. An automatic audit will start and the device will appear in the Devices tab in the site. Uninstall the Android Agent 1. Remove the device from the site in the Web Portal. It will be placed into the Deleted Devices site until the remote Agent disconnects and uninstalls. To force immediate deletion, click Manage Deletions, select the device and click Delete device(s). 2. On the device, tap Menu/All Apps > Settings and scroll down to Security. 3. Tap Device administrators and uncheck CentraStage MDM. 4. Tap Deactivate and then back to Menu/All Apps to locate the app. 5. Tap Remove App/Uninstall and then tap OK to confirm that you want to uninstall the app. © 2016 Autotask Corporation l Page 81 of 487 Install or Uninstall an iOS Agent Before you can roll out Agents to mobile devices, you must go to the ComStore and download the Mobile Device Management component. Refer to "Manage Mobile Devices (MDM)" on page 78. Administrator ComStore > Mobile Device Management Extension Setup > Account Settings > Apple Push Certificate The Autotask Endpoint Management (AEM) Mobile Device Management (MDM) service gives AEM administrators the ability to roll out (enroll) and manage mobile devices from within the AEM Web Portal. Enrolling an iOS device requires either the execution of the device enrollment file (enclosed with the enrollment email), or scanning of the necessary profile’s QR code. Before starting, make sure to download the Mobile Device Management component from the ComStore. Refer to "Manage Mobile Devices (MDM)" on page 78. In case you choose to enroll your iOS device through the enrollment email, ensure that you have a native iOS mail client installed on the device. Enrolling an iOS device is a two-stage-process: 1. In the first stage, you need to enable the Apple Push Certificate in your account. Refer to "Set up the Apple Push Certificate" on page 82. 2. In the second stage, you need to install the enrollment profile on your device. Refer to "Install the Agent using the QR code (preferred method)" on page 84 and "Install the iOS Agent via email" on page 84. Supported versions For information on supported iOS versions, refer to Supported Operating Systems and Requirements for the Agent. How to... Set up the Apple Push Certificate 1. Once the MDM extension has been downloaded, navigate to Setup > Account Settings in the AEM © 2016 Autotask Corporation l Page 82 of 487 Web Portal. 2. Scroll down to the Apple Push Certificate section and download your Certificate Signing Request by clicking on *_Apple_CSR.csr. 3. Click on the Apple Push Certificate Portal link. 4. Sign in with an Apple ID. Remember to make a note of the Apple ID used in the Apple Push Certificates Portal as you will need this ID when renewing your certificate. 5. Click on the Create a Certificate button. 6. If you have read and agreed to the terms and conditions, select the check box and click Accept. 7. Click on Choose file to browse the Certificate Signing Request that you downloaded in step 2. 8. Click Upload to create your new Apple Push Certificate. 9. You will now see a confirmation message. Click on the blue Download button to save the Apple Push Certificate to your computer. 10. Go back to the AEM Web Portal and in the Apple Push Certificate area, click on Choose file and browse to the Apple Push Certificate (.pem file) that you downloaded in step 9. 11. Click Upload. 12. Once you have successfully uploaded the Apple Push Certificate, a confirmation message will be displayed on the top of the page in the Web Portal confirming that you can now start enrolling your device. Renew an expired Apple Push Certificate Always renew your Apple Push Certificate in the Apple Push Certificates Portal. Do not replace it in the AEM Web Portal as it will cause device re-enrollment. 1. In the AEM Web Portal, navigate to Setup > Account Settings. 2. Scroll down to the Apple Push Certificate section. 3. Select the check box to renew your certificate and download your Certificate Signing Request by clicking on *_Apple_CSR.csr. 4. Click on the Apple Push Certificate Portal link. 5. Sign in with the Apple ID used at the time of creating your original Apple Push certificate. 6. Click on the blue Renew button. 7. Click on Choose file to browse the Certificate Signing Request that you downloaded in step 3. 8. Click Upload to renew your Apple Push Certificate. © 2016 Autotask Corporation l Page 83 of 487 9. You will now see a confirmation message. Click on the blue Download button to save the Apple Push Certificate to your computer. 10. Go back to the AEM Web Portal and in the Apple Push Certificate area, click on Choose file and browse the Apple Push Certificate (.pem file) that you downloaded in step 9. 11. Click Upload. 12. Once you have successfully uploaded the Apple Push Certificate, its expiration date will be updated in the Apple Push Certificate section. 13. A confirmation message will be displayed on the top of the page confirming that you can now start enrolling your device. Install the Agent using the QR code (preferred method) 1. Download and install the CentraStage MDM app from the App Store. 2. Launch the AEM Web Portal. 3. Open the site the device will be associated with. 4. Click on the site QR Code icon will display. found to the right of the site name (top right corner). The QR code 5. Open the CentraStage app on the mobile device. 6. Click the cog icon. 7. Click Open Scanner. 8. Hover the camera over the QR code until the code is read successfully. The device will be added to the site and audited automatically. Install the iOS Agent via email 1. In the AEM Web Portal, go to Sites and select one of your sites. 2. Click New Device in the top left and choose the iOS icon. The iOS icon is only visible if you have downloaded the Mobile Device Management Extension. Refer to "Manage Mobile Devices (MDM)" on page 78. 3. In the next window, you can send out an enrollment email. If you would like to send the email to more than one person, separate the email addresses by a semicolon. Alternatively, you can download the mdm.mobileconfig file for use when mass-enrolling iOS devices with Apple Configurator. 4. Once you have received the email on the iOS device, click the App Store link to install the CentraStage MDM app. 5. Once it has been installed, go back to the email, tap and hold the cs-config.mdm attachment from the email, tap Open in CentraStage and install the profile. © 2016 Autotask Corporation l Page 84 of 487 6. To confirm the profile installation, tap the CentraStage MDM app (not the CentraStage app!) icon from the home screen and tap the cog to show the account and profile information. 7. The iOS device will now appear in the AEM Web Portal under the respective site. Uninstall the iOS Agent 1. Go to the home screen of your iOS device. 2. Tap Settings > General > Device Management. 3. Locate the AEM site and tap Remove. Apple give any user the ability to remove MDM profiles from any iOS device. 1. Log into the AEM Web Portal. 2. Go to Sites and select the site in question. 3. Go to the Devices tab and locate the iOS device. 4. Select the device and click the Delete device(s) icon from the Action bar. 5. Go to Sites and click Manage Deletions. 6. Select the iOS device and click the Delete device(s) icon from the Action bar to completely remove it from your account. © 2016 Autotask Corporation l Page 85 of 487 Create an iOS Mobile Device Management Policy Before you can configure iOS devices to use a policy, you must download the Mobile Device Management Extension from the ComStore, and deploy agents to your mobile devices. Refer to "Manage Mobile Devices (MDM)" on page 78. Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies What is an iOS Mobile Device Management Policy? iOS Mobile Device Management policies allow you to configure a number of iOS device settings and push them over the air to the targeted devices. Only one MDM policy can be active at any one time. The following settings can be configured: l Passcode rules l Restrictions l VPN setup l WiFi credentials This feature is currently not available for Android devices. Mobile device management policies can be created at account or site level. However, since VPN and WiFi credentials are customer-specific, you would typically set up an MDM policy at site level. Refer to "Add a policy" on page 251. How to... Specify the Policy Details for an iOS MDM policy 1. On the Site > Policies page, click New site policy... 2. Give the policy a Name. © 2016 Autotask Corporation l Page 86 of 487 3. Select the type Mobile Device Management. 4. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 5. Click Next. 6. Complete the following fields: Field Description Removal policy By default, Allow users to remove this policy is selected. Click the drop-down and select Require password to remove this policy if you want to make sure that the settings are applied to all targeted devices. Password Only displayed if Require password to remove this policy is enabled. Enter the password. Targets For MDM policies, you cannot enter multiple targets or use groups and filters, because there can only be one iOS policy per device. If there are multiple policies (for example, at account and site level), only one of them can be switched on at any one time. 7. Click Add a setting... The Add a Mobile Setting window will open. 8. Select a mobile setting type. 9. Click Next. 10. Depending on the setting type, complete the following fields: © 2016 Autotask Corporation l Page 87 of 487 Field Description Passcode Passcode strength If Allow Simple Value is checked, the use of repeating, ascending, and descending character sequences is permitted. If Require Alphanumeric Value is check, passcodes must contain at least one letter. Minimum Passcode Length Smallest number of passcode characters allowed. Minimum Number Of Complex Character Smallest number of non-alphanumeric characters allowed. Maximum Passcode Age Days after which passcode must be changed (1-730 days, or none). Auto Lock Maximum allowed auto-lock value. Supported values: 2/5/10/15 minutes or never for iPads, 1-5 minutes or never for iPhones. If you seek to target both iPhones and iPads, select a value of 2 or 5 minutes. Passcode History Number of unique passcodes before they can be reused (1-50, or none). Maximum Number Of Failed Attempts Number of passcode entry attempts allowed before all data on device will be erased. Restrictions iOS restrictions, Application access, iCloud Services, Security and Privacy, Content ratings, iOS supervised restrictions To remove a restriction, uncheck the box. © 2016 Autotask Corporation l Page 88 of 487 Field Description VPN Connection Name Display name of the connection (displayed on the device). Connection Type Click the drop-down and select L2TP (Layer 2 Tunneling Protocol), PPTP (Point-to-Point Tunneling Protocol) or IPSec (Internet Protocol Security). Server Hostname or IP address for server. Shared Secret Some companies require the use of an additional security field. Enter the Shared Secret for the connection. User Authentication Select whether the user can authenticate using a password or must use RSA Two-factor Authentication. Account Enter the username required to authenticate to the VPN. Send all traffic When this check box is selected, all network traffic is routed through the VPN connection. Proxy Type If your organization uses a proxy server, select the appropriate type. © 2016 Autotask Corporation l Page 89 of 487 Field Description Wifi SSID Enter the name of the wireless network you want to join. Auto join Check to have the device automatically join the target network. Hidden network Enable if the target network is not open or broadcasting. The network will then be listed under Hidden Networks. Security Select the type of encryption that is being used on the network: Any (Personal), WEP (Personal), WPA/WPA2 (Personal) or None. Password Select None, Manual or Auto. Proxy Type If your organization uses a proxy server, select the appropriate type. Proxy URL (Auto) If you select Auto, the proxy settings will be stored in a Proxy URL. Just enter the URL. Server and Port (Manual) If the Proxy Type is manual, enter the hostname or IP address and the Port number. Authentication (Manual) Enter the username required to authenticate against the proxy server Password (Manual) Enter the password. 11. Click Submit. The setting type is added to the list of mobile settings. To add another setting, repeat the process. 12. After all required settings have been added, click Save. The window will close, and you will be returned to the policy list page. © 2016 Autotask Corporation l Page 90 of 487 The MDM policy will initially be disabled. Turning on an MDM policy automatically turns off any others that are enabled, to make sure that only ever happens as part of a conscious decision on your part, rather than (for example) creating a new policy just to view some of the settings. To avoid confusion over which policy takes precedence for a site, MDM policies must be explicitly turned on once created. 13. Click Push changes to activate the policy. Devices of "unknown" device type will not be targeted by the policy. Disable a MDM policy 1. Navigate to the Policies tab. 2. Toggle the Enabled for this site setting to OFF. © 2016 Autotask Corporation l Page 91 of 487 Manage and Monitor SNMP-Enabled Network Devices and Printers Permission to manage Sites and manage Devices Sites > open a site > New Device Sites > open a site > Manage > Network Management > Discovered Devices There are times when you would like to manage and monitor certain devices or services but you cannot install an Agent on them to make them a fully Managed device. For example, you may want to know when the memory usage of a switch port goes over a certain threshold or if the battery in your UPS starts discharging or whether you need to change your printer's toner but you cannot install an Agent on either your switch or UPS or printer. In these instances, a fully Managed network node device can connect to and manage your network active devices like switches, routers, UPSs, printers, etc., using Simple Network Management Protocol (SNMP). This document will walk you through the process of adding an SNMP-enabled network device as a Managed network device to your account either manually or with the help of a network node device. We will also discuss how to monitor your SNMP devices. Requirements If you are not familiar and comfortable with the concepts, terminology and technology around SNMP, we strongly recommend some background reading before you start with SNMP monitoring. There are a number of useful guides on the subject but here are a few examples that we've looked at and liked: l Introduction to SNMP l SNMP Tutorial l Wikipedia Page for SNMP How to... Add a network device as a Managed network device To be able to monitor your SNMP-enabled network devices, you need to add them as Managed network devices to one of your Managed sites. If the network scanning of SNMP devices is disabled for your account or if you find it easier and quicker to add a device manually, follow these steps: © 2016 Autotask Corporation l Page 92 of 487 1. Click the Sites tab and open one of your Managed sites that you want to add the device to. 2. Click New Device. 3. In the next window, you are asked what sort of device you are trying to add. Click the Network or the Printer icon as required. 4. You will now be prompted with the Add a Network Device or Add a Network Printer window as per your selection in step 3. © 2016 Autotask Corporation l Page 93 of 487 5. Fill in the following details: Field What to Enter IP Address Enter the IP address of your device. Name Give your device a meaningful name. Description Enter a meaningful description. Manufacturer Enter the name of the manufacturer of your device. Model Enter the model of your device. New SNMP Credentials Enter the SNMP credentials of your device. For information on what to enter, refer to the SNMP Credentials section in Account Settings and "Site Settings" on page 20. Use Account/Site SNMP Credentials Choose this option if you have SNMP credentials stored at account or site level. The site SNMP credentials will be used in addition to the SNMP credentials specified in Account Settings unless this option is disabled in Site Settings. For information on how to store the SNMP credentials for the entire account or at site level, refer to the SNMP Credentials section in Account Settings and "Site Settings" on page 20. 6. Click Save. Your network device is now added as a Managed network device. To save time and make things easier, you can also have a fully Managed network node device discover other devices on the local subnet for you. For further information, refer to "Discover Devices on the Network" on page 183. © 2016 Autotask Corporation l Page 94 of 487 Monitor a Managed network device Once a device becomes a Managed network device, you can apply monitoring to it. SNMP monitoring (that is, the monitoring available for Managed network devices) falls into 2 categories: l l Offline monitoring - Sends an alert if the network device goes offline. Network monitoring - Sends an alert if specific threshold values are breached. The threshold is set up in a network monitor component, therefore, you need to download or create your network monitor component first in order to be able to set up a network monitor. For details on configuring a network monitor component, refer to "Download or Create Network Monitor Components" on page 96. Both of these monitor types can be added to a single device only. They cannot be applied in a Monitoring Policy at either site or account level. For information on how to configure an SNMP monitor, refer to "Manage Monitors" on page 239. Before applying an SNMP monitor to your Managed network devices, you may want to test the functionality using the Agent Browser. For more information, refer to Test SNMP Monitoring in the Agent Browser. © 2016 Autotask Corporation l Page 95 of 487 Download or Create Network Monitor Components Permission to manage Components Components > New Component About Network Monitors Autotask Endpoint Management (AEM) allows you to add devices to your account that a network node device discovers using Simple Network Management Protocol (SNMP). Once they become Managed network devices, you can start monitoring them. Monitoring could mean being alerted when the memory usage of a switch port goes over a certain threshold or if the battery in your UPS starts discharging or if you need to change your printer's toner. In order to apply consistent monitoring across all of your Managed network devices, you can create a network monitor component or download one from the ComStore and you can then apply it to as many devices as you want. Your network monitor component will have a certain threshold and if a device breaches it, the monitor will alert you. Requirements You should be familiar with the process of how to nominate a device as a network node device and how your network devices can be discovered and managed by a network node. For further information on this, refer to "Discover Devices on the Network" on page 183. If you are not familiar and comfortable with the concepts, terminology and technology around SNMP, please refer to the guides we collected in the topic referenced above. This document assumes that you know the SNMP OIDs (Object Identifiers) that you want to monitor, and the thresholds / values that you want to monitor for. You may find out more about the SNMP OIDs from the device vendor or from the device documentation. How to... Use network monitor components from the ComStore There are a number of network monitor components in the ComStore that you can download and apply in your network monitors. In order to download them: 1. Click the ComStore tab and select Network Monitors. 2. Click any of the network monitor components and click Add to my Component Library to download it. © 2016 Autotask Corporation l Page 96 of 487 3. To locate the downloaded component, navigate to your Component Library by clicking on Components > Network Monitors. 4. Hover over the component entry and click on the Copy icon on the right of your browser window. 5. Click OK in the pop-up window to be able to edit and/or save the copy of your component. 6. You will now see a component edit dialogue with the contents of the component you chose to copy, allowing you to make any necessary modifications or changes. 7. Once you have finished editing the component, click Save. Note that the OIDs used on specific devices may vary across hardware builds or firmware versions, and as a result, we cannot guarantee that the values we have populated in the component will match exactly what is expected by your network devices. Therefore, we would always recommend testing these components on a selection of devices and confirming the results look as you expect before pushing them out across your entire estate. 8. Once you have your component downloaded and the changes applied, you can apply the component through a network monitor. For further information, refer to "Apply the network monitor component" on page 99. Create a network monitor component In order to create your own network monitor component: 1. Click the Components tab and click New Component in the top left. 2. From the Category drop-down, select Network Monitors. 3. Give it a Name and Description. 4. Click Save. 5. You will now see the component details. © 2016 Autotask Corporation l Page 97 of 487 Field Description General • Category: defaults to Network Monitors and cannot be edited. • Type: defaults to SNMP and cannot be edited. • Name: the name of your network monitor. • Description: the description of your network monitor. • ID: unique identifier of your network monitor. It cannot be edited. • Component Level: determines which users can access this component. Refer to Users. • Created: the date and time of the creation of your component. It also shows the name of the user who created it in brackets. • Modified: the date and time the component was last modified. It also shows the name of the user who last modified it in brackets. • Change image: click on the hyperlink to change the image of your component. You can select an image from your image library or from your device. The image must be a 48x48 PNG, JPG or GIF file. Sites Select: • All sites - This will make the component available in all of the sites. • Selected sites - Once you have selected this option, you will be able to include or exclude sites to access this component. © 2016 Autotask Corporation l Page 98 of 487 Field Description SNMP Settings Click the green plus icon to add a new SNMP monitoring entry. In the Add SNMP Settings window, fill in the following details: • Name: give a name to your SNMP monitoring entry (e.g. FE0/0 port utilisation on Cisco 2950). • OID: enter the OID for the setting or value that you want to monitor (e.g. 1.3.6.1.2.1.2.2.1.10). • Operator: select one of the operators from the drop-down list (Equal, Not Equal, Less, Less or Equal, Greater than, Greater or Equal, Contains, Starts with, Ends with). This will be used together with Default value. • Default value: specify the threshold for raising an alert. This will be used together with the Operator selected. (E.g. Greater Than – 94371840 or Less than – 95) • Description: give a meaningful description to your SNMP monitoring entry. 6. Click Add to add this SNMP setting to your network monitor. Add a new SNMP monitoring entry for each OID that you want to monitor on your devices. This allows you to build a single monitor per device type that is querying multiple SNMP values. For example: • A switch monitor that checks bandwidth usage, ports that are unexpectedly “down”, CPU temperature, and changes to the firmware version. • A virtualization host monitor that checks for CPU and memory usage. • A network attached storage monitor, checking the disk space, temperature and uptime. 7. Finally, click Save. This will add this network monitor component to your component list. Apply the network monitor component For details on how to apply your network monitor components, refer to "Monitor a Managed network device" on page 95. © 2016 Autotask Corporation l Page 99 of 487 Manage and Monitor ESXi Devices Permission to manage Sites and manage Devices Sites > open a site > New Device Sites > open a site > Manage > Network Management > Discovered Devices About VMware ESXi VMware ESXi (also known as VMware vSphere Hypervisor) is a purpose-built hypervisor operating system that runs on bare metal and incorporates VMware’s virtualization technologies. ESXi can be configured to manage virtual machines that run within the ESXi core and that are monitored by it. Virtual machines running on an ESXi server will be allocated a share of the resources of the host system. The ESXi hypervisor operating system does not permit application installation per se, making installation of the Autotask Endpoint Management (AEM) Agent impossible. Servers running ESXi must therefore be managed as network devices, facilitating the use of network nodes for device discovery, monitoring and management. Supported versions The following ESXi builds are supported: 4.1, 5.0, 5.5 and 6.0. Requirements We highly recommend some background reading on VMware vSphere Hypervisor if you are not familiar with the concepts, terminology and technology around ESXi and virtualization. For information, refer to https://www.vmware.com/uk/products/vsphere-hypervisor. For a robust network, we recommend the use of at least two network nodes in any site monitoring ESXi servers. To learn about Agent requirements for ESXi monitoring, refer to Network node requirements for ESXi monitoring. How to... Add an ESXi device as a Managed device © 2016 Autotask Corporation l Page 100 of 487 To be able to monitor your ESXi devices, you need to add your ESXi devices as a Managed devices to your account. You can do it manually, or you can have a fully Managed network node device discover the ESXi devices for you. If you add your ESXi device manually, make sure that you have a network node device in the same site to perform ESXi monitoring. To add an ESXi device manually, follow these steps: 1. Click the Sites tab and open one of your Managed sites that you want to add the device to. 2. Click New Device. 3. In the next window, you are asked what sort of device you are trying to add. Click the ESXi Host icon. 4. You will now be prompted with the Add an ESXi Hostwindow. © 2016 Autotask Corporation l Page 101 of 487 5. Fill in the following details: Field What to Enter IP Address Enter the IP address of your device. Name Give your device a meaningful name. Description Enter a meaningful description. Manufacturer Enter the name of the manufacturer of your device. Model Enter the model of your device. New ESXi Credentials Enter the ESXi credentials of your device. For more information, refer to the ESXi Credentials section in Account Settings and "Site Settings" on page 20. Use Account/Site ESXi Credentials Choose this option if you have ESXi credentials stored at account or site level. The site ESXi credentials will be used in addition to the ESXi credentials specified in Account Settings unless this option is disabled in Site Settings. For information on how to store the ESXi credentials for the entire account or at site level, refer to the ESXi Credentials section in Account Settings and "Site Settings" on page 20. 6. Click Save. Your ESXi device is now added as a Managed device to your account. © 2016 Autotask Corporation l Page 102 of 487 You can also have one of your fully Managed network node devices scan the network for you to discover your ESXi devices. It will check for devices listening on port 902 and if a device responds, it will be listed as an ESXi device in the discovered devices list. For further information, refer to "Discover Devices on the Network" on page 183. Monitor an ESXi device Once an ESXi device has been added to your account as a Managed device, you can apply monitoring to it. ESXi monitoring is performed through a network node in the site that the device is added to. ESXi monitoring can only be applied as part of a policy at account and site level. ESXi monitors are not available at device level. The following ESXi monitor types are available: l ESXi CPU Monitor l ESXi Memory Monitor l ESXi Data Store Monitor l ESXi Temperature Sensor Monitor l ESXi Fan Monitor l ESXi Disk Health Monitor l ESXi PSU Monitor You can also apply the following non-ESXi-specific monitor: l Online Status Monitor For information about the monitor types, refer to "Types of monitors" on page 232. For information on how to apply ESXi monitoring, refer to "Create an ESXi Policy" on page 104. © 2016 Autotask Corporation l Page 103 of 487 Create an ESXi Policy Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies What is an ESXi policy? An ESXi policy allows you to apply one or more ESXi monitors to one or more devices in a site or the entire account using filters or groups. An ESXi policy lets you monitor the performance, datastore, temperature and hardware status of your ESXi devices. ESXi policies can be set up in the Autotask Endpoint Management (AEM) Web Portal at both account and site level. Refer to "Add a policy" on page 251. How to... Specify the ESXi policy details 1. On the Policy page, click New account policy... or New site policy.... 2. Give the policy a Name. 3. Select the type ESXi. 4. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 5. Click Next. You are now presented with the policy details. Add a target You can target your devices with the policy using filters and groups. To find out more, refer to "Add a target" © 2016 Autotask Corporation l Page 104 of 487 on page 257. Add a monitor When creating an ESXi policy, you can apply ESXi monitors to your devices. For information on the ESXi monitor types and how to add a monitor, refer to "Add a monitor" on page 257. Save the policy and push the changes Once you have added your ESXi monitor, you are re-directed to the policy details page. Here, you need to save and push the changes so that they can be applied. For further information, refer to "Save the policy and push the changes" on page 258. Edit the policy For information on how to edit your policy, refer to "Edit the policy" on page 258. © 2016 Autotask Corporation l Page 105 of 487 Audits Permission to access the Audit tab at Account and/or Site level and permission to access Devices Account > Audit Sites > click on a site > Audit Sites > click on a site > Devices > click on a device > Audit About Audits An audit is an inventory of the hardware and software installed on a device as taken by the AEM Agent. As consecutive audits are performed, changes to the hardware and software are tracked in a change log. The data is stored on the device and added to the device record in the Web Portal. Audit data is available at account, site and device level. More... l l l l When viewed at device level, the Audit tab answers the question: "What hardware and software are currently installed on this particular device, what's the status of the installed services and what changes have been made to the device over time." When viewed at site level, the Audit tab answers the question: "What hardware and software is installed on the devices associated with this site, including quantity and version information." When viewed at account level, the Audit tab answers the question: "What hardware and software is installed on the devices associated with all sites in my account." It provides a list of all hardware and software you are managing, including quantity and version information. Additionally, at both account and site level, you are able to monitor the number of devices a software package is installed on. This allows you to manage site or team licenses. You will receive an alert when you exceed the maximum number of devices. Full and Delta Audits l A full audit is a complete inventory audit of the device taken at the time the Agent is installed. This is the only time a full audit is performed automatically. However, a full audit of a device can be initiated manually at any time if you need up-to-date information on a particular device. Refer to "Perform a manual audit" on page 107. l A delta audit is a list of the changes to the audit information on the device since the last audit. Delta audits are performed automatically on a regular schedule. © 2016 Autotask Corporation l Page 106 of 487 Auditing frequency Type of Agent Frequency of full audits Frequency of delta audits Managed Right after Agent installation, and anytime manually Every 24 hours, and upon the successful completion of a job or patch update OnDemand Right after Agent installation, and then once every seven days or where the OnDemand Agent has been activated by the end user. N/A How to... Perform a manual audit 1. Navigate to the list of your devices and select one or multiple devices. 2. Click the Request device audit(s) icon and confirm that you want to perform the audit. If you selected a single device, a full audit will be performed. If you selected multiple devices, a delta audit will be performed. View audit data at device level 1. Navigate to Sites > click on a site > Devices > click on a device. The Device Summary page will open. 2. Click the Audit tab. Depending on your device type, the Audit tab or some sections under the Audit tab may not be available. At the top of the page, on the right-hand side, you will see the following radio buttons: Radio button Description Hardware This is the default view. It shows the complete hardware audit information for this device. Software Shows all software installed on the device and indicates the version. A search field, a toggle for number of entries on one page and a .CSV export option are also available. © 2016 Autotask Corporation l Page 107 of 487 Radio button Description Services Shows the following information about the services installed on your Windows device: • Display Name • Service Name • Status at the last audit • Startup Type Sort by any of the columns by clicking on the column header. A search field, a toggle for number of entries on one page and a .CSV export option are also available. Change Log Shows 3 drop-downs: • System Changes - This shows changes made at system level on the device, such as the last boot time, changes to usernames etc., along with the time it occurred. • Software Changes - This shows any software that has been added or deleted, along with the version and the date this occurred. • Hardware Changes - This shows any hardware changes that have been made, such as screen resolution or hard drives added or removed, as well as the date it occurred View audit data at account or site level 1. Navigate to Account > Audit OR Sites > click on a site > Audit. At account level, click the Click here to load the hardware list for this account or the Click here to load the software list for this account link. At site level, expand the Managed Devices or Unmanaged Devices section. 2. At the top of the page, on the right-hand side, you will see the following radio buttons: Radio button Description Hardware This is the default view. It shows the complete list of hardware models, and the number of devices of this model. A search field, a toggle for number of entries on one page and a .CSV export option are also available. To see a list of devices that belong to a model, click the hyperlink. Software Shows all software applications associated with the account or site, their versions, and the number of devices each application is installed on. A search field, a toggle for number of entries on one page and a .CSV export option are also available. To see a list of devices that have this software and version installed, click the hyperlink. Licensing Allows for monitoring of software licenses to alert when the number of devices the software package is installed on exceeds a set threshold. Refer to "Enable monitoring of software licenses " on page 108. Enable monitoring of software licenses 1. Navigate to Account > Audit OR Sites > click on a site > Audit and click the Licensing radio button. 2. On the Actions row, click the Manage account package (account level) or the Manage package (site level) icon . 3. If you are at account level, proceed to the next step. © 2016 Autotask Corporation l Page 108 of 487 At site level, a pop-up window will open. If you have already created a software package before, it will be listed in the window. If this is the first time that you create a software package for licensing, the window will be empty. Click New Package.... 4. The New Package page will open. 5. Enter the following information: © 2016 Autotask Corporation l Page 109 of 487 Field Description Name The name you will save this search under. Search Enter a keyword or search string, then click Search. All If you check this radio button, the check boxes will be disabled and all results will be added to the software package. Specific If you check this radio button, the check boxes will be enabled, and you can select specific versions or products to add to the package. 6. Click Save. The window will close, and you will be returned to the licensing page. 7. At account level, you will be presented with the name of the software package, the number of items in the package and the quantity across devices. If you are at site level, click the Manage package icon again. 8. Check the check box next to your software package and click Select. The new software package will now appear on the list. 9. In the Alert column, click on Click to set and enter the maximum number of licenses so that you can be notified when the threshold is reached. Troubleshoot If you think you are having issues with the audit information coming through on a device, please refer to I think that the audit information is corrupted / missing. What can I do? © 2016 Autotask Corporation l Page 110 of 487 Designate a Local Cache Administrator Sites > click on a site > Devices Sites > click on a site > Settings > Local Caches What is a local cache? A local cache is a designated device that can be used as a component cache to store components and/or as a patch cache to store patches. A component cache stores a local copy of all downloaded components in your Autotask Endpoint Management (AEM) account and then distributes the components to other devices in the same site without the need to pull them from the AEM Amazon cloud platform. A patch cache downloads and stores patches from Windows Update to serve them for devices in the same site through a patch policy. The patch cache will continuously download new patches as the need for them arises. Using a local cache for downloading either components or patches reduces bandwidth usage and drastically improves efficiency when deploying components and conducting patching operations. A local cache is not the only way to avoid downloading a component multiple times. If the same component is scheduled to be installed on another device in the same AEM site, the target device will query other nodes on the network to see if the file exists locally. If the file is available only on a local device that is not a local cache, the Agent will download the component from that location. This is known as peer sharing. Peer sharing is only used if the component is not cached locally. Supported operating system Local cache type Supported operating system Component cache Windows Patch cache For more information on supported versions of the above operating system, refer to Supported Operating Systems and Requirements for the Agent. Requirements l Only desktops, servers, and laptops with up-to-date audit information may be nominated as local © 2016 Autotask Corporation l Page 111 of 487 caches. l l Local caches need to have adequate hard drive space to store the components and/or patches. For component caches, port 13229 must be available for inbound communications, and accessible to all devices on the local network. A local cache should preferably be a device that is always left on, e.g. a server. Default location for cached components and patches Your cached components and patches will be stored in the following locations by default: Type Location* Cached components Drive:\ProgramData\CentraStage\Packages Cached patches Drive:\ProgramData\CentraStage\Patches * You can specify the drive when nominating the cache. Refer to "Designate a device as a local cache" on page 112. How to... Designate a device as a local cache We recommend restricting individual sites to a single geographical area for the smoothest possible operation with local caches. 1. Navigate to a site and click on the Devices tab. 2. Click the check box next to the device you wish to select as a local cache. You can select more than one device. 3. Click the Add/Remove as local cache icon in the Action bar. 4. A pop-up window will appear listing all devices you have selected. You can collapse or expand each device. © 2016 Autotask Corporation l Page 112 of 487 5. Select any or both of these check boxes: Cache all Components in this account - It will nominate the device as a component cache. The device will receive all components that have been downloaded to your Component Library. Additionally, it will sync with your Component Library when a component is created, edited or deleted. Refer to "Download a component" on page 269. Cache Patches (use with a Patch Management Policy) - It will nominate the device as a patch cache. Ensure that you have at least one active patch management policy. Refer to "Create a Patch Management Policy" on page 160. 6. Select a drive on which the cached files should be stored. Refer to "Default location for cached components and patches" on page 112. A local cache will stop downloading patches if the selected drive's free disk space falls below 1 GB. 7. Click Save. 8. Your local caches will now be listed in Site Settings where you can re-arrange their order of priority, and you can also specify patch cache clearing options. Refer to "Site Settings" on page 20. For custom components only, there is an additional feature available: you can choose which components should be made available to which sites. Refer to "Map components to specific sites" on page 336. Edit or remove a device as a local cache 1. You can remove a local cache in Site Settings. Refer to "Site Settings" on page 20. © 2016 Autotask Corporation l Page 113 of 487 2. Alternatively, to either edit or remove a local cache, you can follow steps 1-4 of "Designate a device as a local cache" on page 112. 3. You can select or deselect any or both of these check boxes: Cache all Components in this account Cache Patches (use with a Patch Management Policy) 4. You can select a different drive on which the cached files should be stored. 5. Click Update. If a local patch cache is removed, the patches cached on that device will be removed almost immediately. © 2016 Autotask Corporation l Page 114 of 487 Manage Devices Permission to manage Sites > Devices Sites > click on a site > Devices Sites > click on any filter or group A list of the devices you manage in Autotask Endpoint Management (AEM) can be accessed from the site, filter or group they are associated with. For information about sites, refer to "Sites" on page 7. For information about filters and groups, refer to "Filters" on page 130 and "Groups" on page 142. To view all devices you are managing, navigate to Sites and click the device filter called All Devices. Many other device filters are also available. Devices lists provide basic information about each endpoint you have in the same site, filter or group. Depending on whether the site is Managed or OnDemand, some features may not be available. For further information about site types and to find out how to move devices from one site to another, refer to "Manage Sites" on page 13. By default, the following information is displayed: Field Description Hostname The name of your device. This can be edited in the device itself, or if it's a network device, it can be edited on the "Device Summary" on page 119 page. Description The description of your device that can be edited on the "Device Summary" on page 119 page. IP Address The IP address of your device. Ext IP Addr The external IP address of your device. Last User The user that last logged into this device. © 2016 Autotask Corporation l Page 115 of 487 Field Description Operating System The operating system of your device. Views Field Description Column Chooser The column chooser lets you select which columns should be visible in the results view. You can click on All or None to select or deselect all the options, and you can restore the default view by clicking on Restore Defaults. Drag and drop any of the columns to re-arrange their order in the results view. Click Save to apply the changes or Cancel to discard them. Note: You must select at least one column in the column chooser. Show entries It lets you select to show 25 / 50 / 100 entries per page. Filter (on Site > Devices only) Choose one or more of the following device types to filter the results: • All • Desktops • Laptops • Servers • Network • ESXi Host • Unknown Shortcut for actions An arrow pointing towards right in each row, just to the left of the first column. Once you click on it, you will see a few icons displayed. These icons provide a shortcut for actions that you can do in the devices. For further information about these shortcuts, see the list of Action bar icons below. Select pages / Next Click a page number or click Next to jump to the next page of results. Action bar icons Icon Name Description Move device(s) to different site Move the selected device(s) to a different site. Refer to "Move Devices to Another Site" on page 123. Add device(s) to group Add the selected device(s) to a group. Refer to "Groups" on page 142. Edit description of selected devices Edit the description of the selected device(s). Refer to "Device Summary" on page 119. Toggle device(s) as favorite Mark or unmark the selected device(s) as favorite. Delete device(s) Delete the selected device(s). For further information, refer to "Delete Devices" on page 127. © 2016 Autotask Corporation l Page 116 of 487 Icon Name Description Request device audit(s)* Request an audit for the selected device(s). For further information, refer to "Audits" on page 106. Schedule a job* Schedule a job for the selected device(s). Refer to "Deploy Components Using Jobs" on page 319. Run a quick job* Run a component through a quick job for the selected device (s). Refer to "Deploy Components Using Jobs" on page 319. Export to CSV Allows you to export a list of the selected devices in .CSV format. Make sure to select the columns you want to include in the export. Add/Remove as local cache* Add or remove the selected device(s) as local cache. For further information, refer to "Designate a Local Cache" on page 111. Add/Remove as Network Node* Add or remove the selected device(s) as network node. For further information, refer to "Discover Devices on the Network" on page 183. Turn privacy on* Turn on privacy mode for the selected devices. For further information, refer to Privacy Mode. Send a message to the selected devices* Send a message to the selected device(s). The message will pop up on the devices once they are online. Note: It usually takes a few minutes for the message to appear. Refer to "Messages" on page 124. Schedule selected reports Schedule one or more reports for the selected device(s). Refer to "Schedule and Run a Report" on page 476. Run Security Management Command* This button becomes available once Kaspersky Endpoint Security has been downloaded from the ComStore. Click the button to perform a number of actions on the selected device(s). Refer to "Kaspersky Endpoint Security Integration" on page 208. Run Security Management Command* This button becomes available once Webroot Endpoint Security has been downloaded from the ComStore. Click the button to perform a number of actions on the selected device(s). Refer to "Webroot Endpoint Security Integration" on page 218. Refresh Refreshes the current view. This will show your devices' most up-to-date status. Summary Shortcut. It directs you to the "Device Summary" on page 119 page. Audit Shortcut. It directs you to the device's Audit tab. Refer to "Audits" on page 106. Manage Shortcut. It directs you to the device's Manage tab. Monitor* Shortcut. It directs you to the device's Monitor tab. Support* Shortcut. It directs you to the device's Support tab. Report Shortcut. It directs you to the device's Report tab. © 2016 Autotask Corporation l Page 117 of 487 Icon Name Description Policies* Shortcut. It directs you to the device's Policies tab. *Not available in OnDemand sites. Remote takeover icons Icon Name Description Connect to Device* Initiate a connection to the device. This will log you in to the Agent Browser. Once you are connected to the device, you will be presented with a list of actions you can perform on it, including remote takeover connections. For further information, refer to Agent Browser Tools. Remote Takeover (RDP)* Initiate a Remote Desktop Protocol (RDP) connection to the device. For further information, refer to Remote takeover tools. Remote Takeover (VNC)* Initiate a Virtual Network Computing (VNC) connection to the device. For further information, refer to Remote takeover tools. Splashtop* Initiate a remote takeover session via Splashtop. For further information, refer to Splashtop Remote Screen Share Integration. *Will not display for offline machines, printers, mobile devices, network devices or devices with an inappropriate operating system. In some cases they do not display at all, e.g. due to incomplete audit. If you experience issues launching the Agent Browser when clicking on the above icons in the Web Portal in Google Chrome, refer to I can't launch the Agent Browser from the Web Portal in Chrome. Why is that? © 2016 Autotask Corporation l Page 118 of 487 Device Summary Permission to view Sites > Devices Sites > click on a site > Devices > click on a Device > Summary The devices that you manage through Autotask Endpoint Management (AEM) are grouped together in your Managed and OnDemand sites. In order to see detailed information about a device: 1. Go to Sites. 2. Click on the name of one of your sites. 3. Click the Devices tab. 4. Click on the name of one of your devices. This will bring you to the Device Summary page where you'll see a summary of the device, including operating system, service pack, serial number, IP addresses, and lots more. Depending on the device type, some information or sections on this page may not be available for your device. Device summary In the top area of the page, you can see the following information: Field Description Description The description of your device. To change it, click on Edit. Power Rating The power rating of your device. This number provides the basis for your device's energy usage calculation. The field becomes editable once you click on Edit next to the Description field. For further information, refer to the Power Rating section in Account Settings and "Site Settings" on page 20. User-defined fields 1-10 These fields only become visible if you entered some information here. The fields become editable once you click on Edit next to the Description field. To find out more about user-defined fields, refer to "User-Defined Fields" on page 38, Account Settings and "Site Settings" on page 20. Groups It lists any groups that the device is part of. By clicking on the hyperlink, you will be directed to the group itself. For further information, refer to "Groups" on page 142. Version The version of the Agent installed on this device. You can update your device information by following these steps: © 2016 Autotask Corporation l Page 119 of 487 1. Click Edit next to the device description field. 2. Update the information in any of these fields: Description, Power Rating, User-Defined Fields 110. 3. Click Clear or Clear User-Defined Fields to remove the information. 4. Click Save to save your changes or Cancel to discard them. Actions You can perform various actions on your device. For further information, refer to "Action bar icons" on page 116. System This area provides basic audit information about the device including hostname, ID, device type, domain, last user, Hyper-V version (for Hyper-V-enabled devices), status, last seen, last reboot, last audit date, create date, IP addresses, credentials (for ESXi and network devices), manufacturer, model, operating system, service pack, architecture, serial number, security, Guest machine information (for ESXi and Hyper-V devices), and more. You can connect to the device or take a screenshot of its current status by clicking on one of these icons on the right of the screen: © 2016 Autotask Corporation l Page 120 of 487 Icon Name Description Refresh* Refreshes the current view of your device. This will show a thumbnail view of a screenshot taken of your device at the moment. New Screenshot* Allows you to take a screenshot of your device. It will be opened in a new window. Connect to Device* Refer to "Remote takeover icons" on page 118. Remote Takeover (RDP)* Remote Takeover (VNC)* Splashtop* *Will not display for offline machines, printers, mobile devices, network devices or devices with an inappropriate operating system. In some cases they do not display at all, e.g. due to incomplete audit. If you experience issues launching the Agent Browser when clicking on the connect icon or any of the remote takeover tools in the Web Portal in Google Chrome, refer to I can't launch the Agent Browser from the Web Portal in Chrome. Why is that? Notes This section lists all the notes that have been added to this device. To add a note: 1. Click Add Note. 2. Enter your note. 3. Click Add to save it. 4. Once it has been saved, you can edit or remove it by clicking on the pencil or delete icons. You can also add a note to the device through the Agent Browser. For further information, refer to Connect to a device. Activity log This area lists activities that have been carried out on the device. To see all of the activities, click on More. Refer to "Device Activity" on page 372. Performance Under Performance, you will see the following information: l CPU usage (%) l Memory usage (%) © 2016 Autotask Corporation l Page 121 of 487 l Disk capacity (used %) l Device uptime The scale can be changed from 24 hours to one week or one month. © 2016 Autotask Corporation l Page 122 of 487 Move Devices to Another Site There are times when you want to free up your Managed licenses as you no longer need to have unattended access to those devices. On occasion, however, you need to be getting more regular audit information of certain devices and the ability to run jobs on them, therefore, you would need to move them to a Managed site. Switching devices between Managed and OnDemand sites is possible in both directions as long as you have enough free licenses available of whichever site type you are trying to convert to, otherwise the device will stay in its original site. You cannot have a site that mixes OnDemand and Managed devices. Everything in the site is defined by the site type. To find out how to create a new site, refer to "Add a Site" on page 9. To move a device from one site to another, follow these steps: 1. In the AEM Web Portal, click on the Sites tab, and select the site from which you would like to move your device(s). 2. Click on the Devices tab and select the device(s) you want to move by clicking the check box next to their name. 3. Click the Move device(s) to different site icon from the action bar. 4. Click on the site that you want to move the device to. You will receive a warning message to inform you about how this will affect billing. 5. Click on OK and Move. Once the device has been moved, the Agent will switch over the next time it connects to the platform. l l When Managed devices are converted to OnDemand, it should happen within a matter of minutes. When OnDemand devices are moved to a Managed site, it could take up to a week (since OnDemand Agents only connect every 7 days to update their audit data). You can speed this up if you open the Agent Browser on the device you want to convert and click the Connect button. For billing purposes, devices will retain their site type until they connect to the server. In other words, if you are at your purchased Managed device limit and move some Agents to an OnDemand site to free up Managed device licenses, those licenses won't be available for use by new devices until the Agents you moved have finished checking in to the platform. © 2016 Autotask Corporation l Page 123 of 487 Messages Permission to manage Setup > Messages Setup > Messages On the Devices lists, you can select one or multiple devices and click the Send a message to the selected devices icon. A popup will open. Populate the Message field, and optionally the Subject, and check the Expire this message after ... minutes check box if needed. The message will appear on the selected devices, if they are online, as well as on your Setup > Messages tab. When the issue is taken care of, you can click the Delete icon in the Actions menu. © 2016 Autotask Corporation l Page 124 of 487 Suspended Devices Administrator Account > Suspended Devices You may occasionally suspend monitoring while you perform maintenance on a device or devices, to stop false alerts from being generated. You can suspend your devices individually or through a Monitoring Maintenance Window Policy. For further information, refer to "Suspend or unsuspend monitoring" on page 247. How to... Suspend or unsuspend devices To learn how to suspend/unsuspend your devices, refer to "Suspend or unsuspend monitoring" on page 247. View suspended devices To view all the devices that have been suspended manually, navigate to Account > Suspended Devices. A suspended device displays the following device icon: Devices targeted by a Monitoring Maintenance Window policy will not be listed under Account > Suspended Devices. A way to use the Suspended Devices list is to suspend all devices you want to do maintenance on, and then work directly from the Suspended Devices list. As you complete the work on each device, click the Unsuspend this device icon. Refer to "Suspend or unsuspend monitoring" on page 247. Automatic suspension of a device can occur if the platform receives multiple monitor alerts from the same device within one minute. The purpose of the automatic suspension is to prevent a device from "spamming" the platform with multiple alerts. The current threshold is set to 100 alerts per minute. Note that muting the alerts will not stop automatic suspension. It only means that you don't see the © 2016 Autotask Corporation l Page 125 of 487 alerts in the Web Portal, however, they are still raised and sent to the platform. If the Agent sees that the threshold has been breached, automatic suspension of the device will occur. © 2016 Autotask Corporation l Page 126 of 487 Delete Devices Permission to manage Sites Sites > click on a site > Devices Sites > Deleted Devices Sometimes you need to remove a device or multiple devices from your sites in Autotask Endpoint Management (AEM) because you no longer support these devices or perhaps they no longer exist. Any user with the permission to manage a site may delete a device from it. Only Administrators can access and manage the Deleted Devices page. How to... Delete a device In order to delete a device, follow these steps: 1. In the Web Portal, click Sites. 2. Click on the name of the site that contains the device you want to delete. 3. Click on the Devices tab. 4. Select the device(s) you would like to delete. 5. Click on the Delete device(s) icon from the Action bar. Manage deleted devices Only Administrators can access and manage the Deleted Devices page. When a device is deleted, it will be removed from its current site and placed into the Deleted Devices site with a flag set on the database to uninstall the Agent from the device. You can find the Deleted Devices page by following these steps: 1. Click Sites. 2. Click Manage Deletions in the top left. If the device is online at the time of deletion, it will recognize that it has been placed into the Deleted Devices site and uninstall the Agent from the device automatically. © 2016 Autotask Corporation l Page 127 of 487 If the device is offline at the time of deletion, it will remain in the Deleted Devices site. The Agent will be uninstalled when it next connects to the database. You do not get charged for devices in the Deleted Devices site. They are also ignored from reporting or filtering. Restore accidentally deleted devices If you delete a device from the Deleted Devices site, it will automatically be re-added to its original site when the Agent connects to the platform again. The device's original site may not be the site it was deleted from if the device had been moved to a different site after the Agent installation. When the device is re-added, its original record will be purged and it will be treated as a completely new install. © 2016 Autotask Corporation l Page 128 of 487 Target Devices with Filters and Groups Filters and groups are fundamental for getting visibility and control of your devices, allowing you to apply jobs or monitors to a targeted subset of your device estate. Filters Filters are dynamic and work independently of sites so you can have a filter that looks for devices with specific criteria across all sites. As device attributes change, the filters will automatically be updated, and only the devices that match the current filter criteria will be displayed in the filter results. Refer to "Filters" on page 130. Groups Similarly to filters, groups work independently of sites. This means that you can group devices from many sites together. However, unlike filters groups are static, which means that adding or removing devices or sites to or from groups is a manual activity that is carried out in the Web Portal. Also, groups cannot be shared with other security levels within the account. Refer to "Groups" on page 142. And then there are sites... Both filters and groups target specific attributes of a device. The association of a device with a site, however, is permanent (at least until a device is moved to a different site). Typically, the site represents the business unit the device belongs to, such as a company, location or department. Refer to "Sites" on page 7. © 2016 Autotask Corporation l Page 129 of 487 Filters All users Sites > Device Filters or Custom Device Filters Sites > click on a site > Device Filters or Site Device Filters Getting Started with Autotask Endpoint Management, Part 2 About filters A filter in Autotask Endpoint Management (AEM) is a tool that is used to sort through a large number of devices. Filters rely on the device audit data and are available at both account and site level. A filter can be configured with certain criteria to target specific attributes of a device. It can even be set up to locate devices with specific software. Filters are dynamic and work independently of sites so you can have a filter that looks for devices with specific criteria across all sites. As device attributes change, the filters will automatically be updated and all the devices that match the filter criteria will be displayed in the filter results. Filters are a fundamentally critical part of AEM as they can effectively target the right devices with reports, monitors, jobs, patch management, etc. If your servers go offline, for example, you can target an online status monitor at your servers with the help of a filter. To see how filters work in a policy, refer to "Managing Policies" on page 250. Device Filters There are a set of Device Filters available in every account in AEM by default. You can use them to filter through all of the devices in your account or just in one particular site. 1. To filter through all of the devices in your account, click Sites and locate the Device Filters area in the left navigation pane. 2. To filter through one site only, go to Sites > click on one of your sites and locate the Device Filters area in the left navigation pane. 3. The following filter categories will be displayed: Category Description Application Contains filters for applications, such as Adobe Flash, Java, Microsoft Office. © 2016 Autotask Corporation l Page 130 of 487 Category Description Backup solution Contains filters for backup solutions, such as Autotask Endpoint Backup, Backup Exec, Veeam. Compliance Contains filters for devices that need your attention as they run out of memory, their anti-virus is disabled, they need a reboot, etc. Operating system Contains filters for operating systems, such as Linux, Windows, Mac. Role Contains filters for servers, such as DNS servers, domain controllers, SQL servers. Security software Contains filters for security software, such as ESET, Kaspersky, Webroot. Status Contains filters for device status, such as network node, offline, online. Type Contains filters for device types, such as all devices, ESXi devices, local caches. 4. Expand a category to be able to see the various filters within it. The Device Filters provided by AEM cannot be edited or deleted. To understand how these default filters are configured, refer to "Device Filter definitions" on page 131. 5. Click on any of the filters to be directed to the list of devices that meet the filter requirements. 6. You can also use the dynamic search above the filter categories. Start typing in the Search field and you'll be presented with the filters that match your query. Without having to use your mouse, the Search field can be brought into focus by hitting Ctrl + / on your keyboard. Device Filter definitions The default Device Filters provided by AEM have been configured the following way: © 2016 Autotask Corporation l Page 131 of 487 Application Filter Name Field Qualifier Adobe Flash Criteria Operator Notes Adobe Flash Player Box.Net Begins with Dropbox Box Sync Dropbox Google Chrome Google Chrome Java Does not contain Java Software package Microsoft Office AND Frame, Helper Begins with Mozilla Firefox Microsoft Office 365, Microsoft Office Professional, Microsoft Office Home, Microsoft Office Standard, Microsoft Office Basic, Microsoft Office Small, Microsoft Office Ultimate, Microsoft Office Enterprise Mozilla Firefox SQL Server SQL Express AND Contains Express Backup solution Filter Name Field Qualifier Acronis TrueImage Operator Acronis True, Acronis Backup, Acronis\\u00C2 True\\u00C2 Begins with Ahsay Autotask Endpoint Backup Criteria Software package Notes Last query: to support mishandled UTF-8 encoding Ahsay A-Click Backup, AhsayOBM, AhsayACB Autotask Endpoint Backup Backup Exec Symantec Backup Exec StorageCraft Contains StorageCraft ShadowProtect, ShadowSnap Veeam Begins with Veeam Backup, Veeam Endpoint, Veeam Hyper-V Compliance Filter Name Field Qualifier Criteria < 2GB Free Space Disk capacity Less than 2G Operator Notes © 2016 Autotask Corporation l Page 132 of 487 Application Filter Name Field Qualifier Criteria < 2GB Memory Memory Less than 2G Anti-Virus Boolean Equals False Device type Contains Desktop, Laptop Software package Does not contain Microsoft Office Device type Contains Desktop, Laptop Software package Does not contain Splashtop Streamer Device Type Contains Desktop, Laptop Reboot Required Reboot required Boolean Equals True Suspended Devices Status - Suspended Boolean Equals True Filter Name Field Qualifier Criteria All Desktop O/S Device type Does not contain Smartphone, ESXi host, Printer Antivirus Disabled No MS Office No Splashtop Streamer Operator Notes AND AND AND Operating system Operator Notes OR © 2016 Autotask Corporation l Page 133 of 487 Application Filter Name Field Qualifier Criteria Operator Notes Server, iOS, Android, ESXi AND Is not empty All Server O/S Contains Server Apple iOS iOS Google Android Android Linux Equals Linux MS Win XP XP MS Win Vista Vista Windows 7 MS Win 7 Operating system AND Does not contain Server OR Mac MS Win 8 Windows 8 MS Win 10 Microsoft Windows 10 MS Win Server 2003 2003 MS Win Server 2008 2008 Equals MS Win Server 2012 Windows Server 2012 MS Win Server 2016 Server 2016 Mac OS X OS X Role Filter Name Field Qualifier Criteria Operator Notes © 2016 Autotask Corporation l Page 134 of 487 Application Filter Name Field Qualifier Criteria DHCP Servers Begins with DHCPServer DNS Servers Equals DNS Domain Controllers NTDS Exchange Servers MSExchange Hyper-V Servers IIS Webservers Service name (not "Service display name") Begins with Operator Notes Typically, you cannot select "Equals"; this is bespoke. wmms w3svc SQLServer SQL Servers SQLExpress SPAdminV SharePoint Servers Begins with SPTimerV OR SPTraceV Osearch WSUS Servers Contains WSUSService Qualifier Criteria Security software Filter Name Field Operator Notes © 2016 Autotask Corporation l Page 135 of 487 Application Filter Name Field Qualifier AVG Criteria Operator Notes AVG 20, AVG Anti, AVG Free Avira Begins with Avira AntiVir, Avira Antivirus, Avira Endpoint, Avira Free, Avira Internet, Avira Professional, Avira Server ESET AND ESET Contains Cyber, Antivirus, Security Kaspersky Kaspersky Anti-Virus, Kaspersky Endpoint, Kaspersky Internet, Kaspersky PURE, Kaspersky Total Security McAfee McAfee All, McAfee Anti, McAfee Endpoint Protection, McAfee Internet, McAfee LiveSafe, McAfee Multi, McAfee Security, McAfee Total, McAfee Virus Panda Software package Begins with Sophos Panda Cloud Antivirus, Panda Cloud Office, Panda Cloud Cleaner, Panda A, Panda Endpoint Protection, Panda Free, Panda Global, Panda Gold, Panda Internet Sophos Anti, SophosAnti Symantec AND Symantec Endpoint, Antivirus Contains Trend Micro Begins with Worry-Free, Antivirus, Client, Server, Inter, Max, OfficeScan, Security, Titanium OR Trend Micro Webroot AND Webroot Contains SecureAnywhere, AntiVirus Criteria Status Filter Name Field Qualifier Last Seen > 30 Days Last seen date Older than 30 days Operator Notes © 2016 Autotask Corporation l Page 136 of 487 Application Filter Name Field Network Node Network node Boolean Offline Devices Online Devices Status Online/Offline Boolean Offline > 1 Week Last seen date Self-explanatory Status Online/Offline Boolean Equals Offline Desktop O/S Qualifier False False Does not contain Smartphone, Printer, ESXi Host Contains Server Status Online/Offline Boolean Equals False Does not contain Server, iOS, Android, ESXi Online Desktop O/S Device type AND iOS, Android, Server, ESXi Operating system Operating system AND Is not empty AND Does not contain Smartphone, Printer, ESXi Host Equals True Operating system Contains Server Last reboot Older than 30 days Filter Name Field Qualifier All Devices No filter Online Server O/S Reboot > 30 Days Status Online/Offline Boolean Notes True Device type Offline Server O/S Operator True Equals Operating system Criteria AND Type Criteria Operator Notes © 2016 Autotask Corporation l Page 137 of 487 Application Filter Name Field Qualifier Criteria All Laptops Device type Laptop Operating system iOS All Mobiles Operator OR Android All Network Devices NetworkDevice Device type All Network Printers Contains Printer ESXi Operating system Local Cache Local Cache Equals True Manufacturer Does not contain VMWare, Citrix, Microsoft, Parallels, InnoTek Operating system Contains Server Manufacturer Contains Microsoft, Citrix, Xen, VMWare, Parallels, InnoTek Physical Servers Virtual Machines Notes ESXi ESX devices are unsupported. This filter will not display them. OR Custom Device Filters and Site Device Filters AEM's Device Filters are useful in many cases but you probably want to create your own filters to make the most of this functionality. Custom filters allow you to apply jobs, monitors or patches to a carefully selected subset of your estate. Any user can create filters that can be applied at both account level (Custom Device Filter) and site level (Site Device Filter). You can filter on any bit of information that is pulled back and visible in the device audit which is updated at least once a day for Managed devices and at least once every 7 days for OnDemand devices. How to... Create a Custom Device Filter 1. Go to Sites and locate the Custom Device Filters area in the left navigation pane. 2. Click the green plus icon to add a new filter. 3. Specify the filter criteria in the New custom device filter window. © 2016 Autotask Corporation l Page 138 of 487 Field What to Enter Name Give your filter a descriptive name, such as "PDF reader and 20 GB disk space" (see "Example: create a Custom Device Filter" on page 140 below). Criteria Use the drop-down menu to select the criteria you want to filter on. The drop-down menu will list a set of criteria collected through the device audits. You can specify more than one criterion in the filter by clicking on the green plus icon either at the end of the row or underneath a row. You can also define whether these criteria should be treated as "AND" (where the devices must match every criterion) or as "OR" (where devices will be included if they match any of the criteria). Select devices in all of my sites. Select this option if you want the filter to contain devices from every site. Only select devices in the following sites. Select this option if you want the filter to contain devices from selected sites only. Hold the Ctrl / Cmd key for multiple selections and click on Include or Exclude accordingly. Share this filter with users in the following security level(s). By default, only the filter creator can see a custom filter, however, you can specify here if you want to share it with other security levels within the account. Hold the Ctrl / Cmd key for multiple selections and click on Include or Exclude accordingly. Note: The users with whom you shared the filter will only be able to view the results of the filter but won't be able to edit or see the criteria it uses. 4. Once the above fields are filled in, click on Save. 5. Under Custom Device Filters, click on the newly created filter to see which devices match the criteria. Create a Site Device Filter 1. Go to Sites and click on a site. 2. Locate the Site Device Filters area in the left navigation pane. 3. Click the green plus icon to add a new filter. 4. Specify the filter criteria in the New filter for site window. Field What to Enter Name Give your filter a descriptive name. Criteria Use the drop-down menu to select the criteria you want to filter on. The dropdown menu will list a set of criteria collected through the device audits. You can specify more than one criterion in the filter by clicking on the green plus icon either at the end of the row or underneath a row. You can also define whether these criteria should be treated as "AND" (where the devices must match every criterion) or as "OR" (where devices will be included if they match any of the criteria). Add this filter to my other sites Select this option if you want this filter to be available in all of your sites. © 2016 Autotask Corporation l Page 139 of 487 Field What to Enter Share this filter with users in the following security level (s). By default, only the filter creator can see a custom filter, however, you can specify here if you want to share it with other security levels within the account. Hold the Ctrl / Cmd key for multiple selections and click on Include or Exclude accordingly. Note: The users with whom you shared the filter will only be able to view the results of the filter but won't be able to edit or see the criteria it uses. 5. Once the above fields are filled in, click on Save. 6. Under Site Device Filters, click on the newly created filter to see which devices match the criteria. Edit or delete a filter The Device Filters provided by AEM cannot be edited or deleted, however, custom filters can be edited or deleted by their creator. Users with whom a filter has been shared will only be able to view the results of the filter but won't be able to edit or see the criteria it uses or delete the filter. To edit or delete a custom filter: 1. Go to Sites > Custom Device Filters OR Sites > click on one of the sites > Site Device Filters. 2. Hover over the filter you want to edit or delete. 3. Click on the pencil icon to edit the filter or the red X to remove it. Example: create a Custom Device Filter In our example, we will filter for devices that have a software installed that can open PDF files, such as Adobe Reader or Foxit Reader and have 20 GB of free disk space available. This filter will be applied for the entire account. 1. Go to Sites > Custom Device Filters and click the green plus icon to add a new filter. 2. Give your filter a Name, such as "PDF reader and 20 GB disk space". 3. In the criteria section, specify "Software package contains Adobe Reader". 4. Click the green plus icon this section. at the end of the row (not the one underneath) to add an additional value in 5. Enter Foxit Reader as a new value. 6. Make sure to set the blue and/or button to OR to see any devices that have either Adobe Reader or Foxit Reader. 7. Click the green plus icon underneath to add a new section. 8. Make sure to set the blue and/or button to AND to see devices that match the criteria of the first and second set. 9. In the new section, specify "Disk free space is greater than 20G". 10. Leave the rest of the options at their default selection. © 2016 Autotask Corporation l Page 140 of 487 11. Click Save. 12. Under Custom Device Filters, click on the name of the newly created filter to see a list of all the devices that fit these two sets of requirements. © 2016 Autotask Corporation l Page 141 of 487 Groups All users Sites > Device Groups or Site Groups Sites > click on a site > Site Device Groups Getting Started with Autotask Endpoint Management, Part 2 About groups In Autotask Endpoint Management (AEM), groups are used to group specific devices or sites in situations where you cannot or choose not to use filters. Sites can be grouped at account level, while devices can be grouped at both account and site level. All groups can be used as the target for monitors, reports and jobs. Similarly to filters, groups work independently of sites. This means that you can group devices from many sites together. However, as opposed to filters, groups are static, which means that adding or removing devices or sites to or from groups is a manual activity that is carried out in the AEM Web Portal. Also, groups cannot be shared with other security levels within the account. There are three types of groups within AEM: Name Definition Access Path Device Groups Devices grouped at account level Sites > Device Groups Site Groups Sites grouped at account level Sites > Site Groups Site Device Groups Devices grouped at site level Sites > select a site > Site Device Groups How to... Create Device Groups 1. Under the Sites tab, locate the Device Groups area in the left navigation pane. 2. Click the green plus icon to add a new group. 3. Give it a name and click Save. 4. To be able to add one or more devices to this group, locate your devices by clicking on the name of the site they are added to and clicking on the Devices tab. 5. Select the device(s) and click on the Add device(s) to group icon in the Action bar. © 2016 Autotask Corporation l Page 142 of 487 6. Select the Device Group that you want to add your device(s) to and click Add. 7. Repeat steps 4-6 in each site that has any device that you wish to add to your group. Alternatively, you can use the filter All Devices and select the devices you want to add to your group. Refer to "Filters" on page 130. 8. Go back to Sites > Device Groups. 9. Click on the name of the group you have created to see the device(s) that you have added to it. Create Site Groups 1. Under the Sites tab, locate the Site Groups area in the left navigation pane. 2. Click the green plus icon to add a new group. 3. Give it a name and click Save. 4. To be able to add one or more sites to this group, locate your sites under the Sites tab. 5. Select the site(s) and click on the Add site(s) to site group icon in the Action bar. 6. Select the Site Group that you want to add your site(s) to and click Add. 7. Click on the name of the group you have created to see the site(s) that you have added to it. Create Site Device Groups 1. Under the Sites tab, click on the name of one of your sites. 2. Locate the Site Device Groups area in the left navigation pane. 3. Click the green plus icon to add a new group. 4. Give it a name and click Save. 5. To be able to add one or more devices to this group, locate your devices by clicking on the Devices tab. 6. Select the device(s) and click on the Add device(s) to group icon in the Action bar. 7. Select the Site Device Group that you want to add your devices(s) to and click Add. 8. Click on the name of the group you have created to see the devices(s) that you have added to it. A Site Device Group is only visible under the site you created it for. Edit or delete a group 1. Locate the group you would like to edit or delete. 2. Hover over the group and click on the pencil icon to edit it or the red X to remove it. Example: edit a Site Group © 2016 Autotask Corporation l Page 143 of 487 In our example, we are going to remove a site from one of our Site Groups. 1. Go to Sites and in the left navigation pane, locate the Site Group that you would like to edit. 2. Hover over the group and click on the pencil icon. 3. Select one of the sites under the Include column and click Exclude. 4. Click Save. 5. Go to Sites > Site Groups and click on the name of your group to see that the site we have just removed is no longer listed in the group. © 2016 Autotask Corporation l Page 144 of 487 Manage Your Endpoints Account > Manage Sites > select a site > Manage Sites > select a site > Devices > select a device > Manage At device level, the Manage tab is only available for desktops and laptops. About your management options Autotask Endpoint Management (AEM) helps you maintain peak performance at critical technology endpoints, such as servers, desktops, laptops, smartphones and other devices. It can automate deployment of applications, software, patches and configuration regardless of device location, domain or network, which provides you with powerful device management capability through a single platform. The Manage tab is available at the Account, Site, and Device level. Once you have located the tab, you have the following options to choose from: Account level Name Description Patch Management Patch Management lets you manually select and approve the patches you wish to install on a single device, a set of devices in a site or all your devices in your account. Refer to "Patch Management" on page 147. Site level Device level Network Man- When you cannot install an Agent to your network devices such as agement switches, routers, etc., Network Management allows you to manage these devices. Refer to "Network Management" on page 178. Software Management Available for iOS devices only. Software Management allows you to create a policy to target your iOS devices with a list of applications that you previously added to your Component Library from the iOS App Store. Refer to "iOS Software Management" on page 189. Backup Management It becomes available once the Datto Integration has been downloaded and configured for your site and a Datto device has been associated with a site in AEM. You will then be able to see information and statistics about your Datto protected devices. Refer to "Backup Management" on page 198. © 2016 Autotask Corporation l Page 145 of 487 Name Account level Description Site level Device level Security Man- It becomes available once the Kaspersky Endpoint Security Integagement ration or the Webroot Endpoint Security Integration has been downloaded and configured for your account. You will then be able to report on the current status of your device estate protected by Kaspersky Endpoint Security or Webroot. Refer to "Security Management" on page 205. © 2016 Autotask Corporation l Page 146 of 487 Patch Management Refer to "Permissions" on page 148. Account > Manage > Patch Management Sites > select a site > Manage > Patch Management Sites > select a site > Devices > select a device > Manage > Patch Management The AEM 2016-3 Release Overview video will walk you through patch management policies, LAN caching, patch dashboards, and patch reporting. What is patch management and patch policies? AEM patch management allows you to both control and automate the deployment of software patches to your devices. The main objective of patch management is to create a consistently configured environment that is secure against known vulnerabilities in operating system and application software. Patch management is controlled through policies at the Account and Site level, while individual patch installations can be configured at the Device level, permitting exclusions or tolerances for individual patches without needing to alter entire policies. Only Windows Managed Agents support patch management. Refer to Managed and OnDemand Agents. Patch management workflow 1. Disable Automatic Windows Update If you would like to use a patch management policy to install only the patches you have approved, and to make sure that the patch management process is not interfered with, you need to disable Automatic Windows Update on your devices. We recommend that you create a Windows Update Policy in AEM to achieve this. For more information, refer to the "Disable Automatic Windows Updates" on page 176 section of "Create a Windows Update Policy" on page 174. 2. Set up a patch management policy You can then set up a patch management policy to ensure that you install the necessary patches on your devices. Refer to "Create a Patch Management Policy" on page 160. © 2016 Autotask Corporation l Page 147 of 487 With an active patch management policy, the AEM patch management process works in the following manner: 1. Devices submit their audit data to the platform. The information includes patches that Windows Update requires. 2. The platform runs the devices' required patches as defined by Windows Update through the patch management policies that target the devices. These policies can be Account- or Site-level policies (including Site-level overriding of Account-level policies). The policy filters will define which patches get approved or disapproved. Refer to "Create a Patch Management Policy" on page 160. 3. Individual patch installations (approvals or disapprovals) at the Device level are also taken into consideration. Refer to "Patch management at the Device level" on page 156. 4. The final approval list is sent back to the devices, which then either download the patches directly or contact the Local Cache(s) for the patches during the defined patch policy window. Permissions Depending on the patching operation you would like to initiate at either the Account, Site, or Device level, various permissions are required. For further information, refer to the tables below. To learn how to configure the permissions, refer to Security Levels. Account-level permissions Policies tab Activity Permissions Notes Create or Edit an Accountlevel patch policy Account > Policies: Users without Manage permission who are viewing Account-level patch policies will see everything, but all configurable options will be disabled. It is for reference only. The Save button at the bottom of the policy is not displayed. Manage View an Account-level patch policy Account > Policies: View © 2016 Autotask Corporation l Page 148 of 487 Policies tab Activity Permissions Notes Push the changes of an Account-level patch policy from the Policies tab Account > Policies: Without permission to manage Policies: Push changes... button is not displayed. Manage Manage tab Activity Permissions Notes Push the changes of an Account-level patch policy from the Manage tab • Account > Policies: • Without permission to manage Policies: Push changes... button is not displayed. • Without permission to manage Manage: Push changes... button is not displayed. • Without permission to view Manage: Manage tab is not displayed. Manage • Account > Manage: Manage View Account-level policies, regardless of whether Site-level overrides are active • Account > Policies: View • Account > Manage: • Without permission to view Manage: Manage tab is not displayed. • Without permission to view Policies: Patch Management section is not displayed on the Manage tab. View Toggle what policies the pie chart shows (Pie Chart toggle icon ) • Account > Policies: View • Account > Manage: • Without permission to view Policies: Patch Management section is not displayed on the Manage tab. • Without permission to view Manage: Manage tab is not displayed. View View historical patching data (Hourglass icon ) • Account > Policies: View • Account > Manage: • Without permission to view Policies: Patch Management section is not displayed on the Manage tab. • Without permission to view Manage: Manage tab is not displayed. View View approved pending patches (Calendar icon • Account > Policies: ) View • Account > Manage: • Without permission to view Policies: Patch Management section is not displayed on the Manage tab. • Without permission to view Manage: Manage tab is not displayed. View Enable or disable a policy • Account > Policies: Manage • Account > Manage: Manage • This also applies to the per-site options when clicking on the Target icon. • Without permission to view Policies: Patch Management section is not displayed on the Manage tab. • Without permission to manage Policies: Enabled toggle is grayed out. • Without permission to view Manage: Manage tab is not displayed. © 2016 Autotask Corporation l Page 149 of 487 Policies tab Activity Permissions Notes Run a policy now (Run now icon ) • Account > Policies: • Without permission to view Policies: Patch Management section is not displayed on the Manage tab. • Without permission to manage Policies: Run now icon is grayed out. • Without permission to view Manage: Manage tab is not displayed. Manage • Account > Manage: Manage From either the Policies or the Manage tab Activity Permissions Notes View applicable sites or devices (Target icon ) • Account > Policies: Permissions to view and manage Manage are only required when performing actions from the Manage tab. The user can conduct the same actions via the Policies tab without those permissions. View • Account > Manage: View Configure applicable sites or devices (Target icon ) • Account > Policies: Manage • Account > Manage: Manage Account-level policies shown at the Site level will require Manage permissions on the Account level to edit, and View permissions to view, regardless of where they are being seen from. This applies to both the Manage and Policies tab. Site-level permissions Policies tab Activity Permissions Notes View an Account-level policy that is being overridden at the Site level Sites > Policies: The Override/Edit Override button here reverts to View Override if the user only has view permission. Policy options in this case will be visible but disabled. Users here are not editing the Account-level policy so do not require permission to manage Account > Policies. Edit an Accountlevel policy that is being overridden at the Site-level Sites > Policies: View Manage © 2016 Autotask Corporation l Page 150 of 487 View an independent patch policy (that is not overriding an Account-level policy) Sites > Policies: Edit an independent patch policy (that is not overriding an Account-level policy) Sites > Policies: Push the changes of an Account- or Sitelevel patch policy • Sites > Policies: All configuration options are set but disabled, and the Save button is not displayed. View Manage Manage • Sites > Manage: Man- • Without permission to manage Manage: Push changes... button is not displayed. (Pushing the changes from the Policies tab may be possible.) • Without permission to manage Policies: Push changes... button is not displayed. (Pushing the changes from the Manage tab may be possible.) age Manage tab Activity Permissions Notes All restrictions specified at the Account level apply here as well. View the status of Patch Management • Sites > Policies: View • Sites > Manage: View Push the changes of an Account- or Sitelevel patch policy Sites > Policies: • If the user has no permission to view Policies or Manage, the Patch Management section is not displayed. When clicking on the Manage tab, the user will be redirected to Network Management. • If the user has permission to view Account > Policies but does not have permission to view Sites > Policies, the Site Policies section is not displayed at the bottom of the page. The section called 10 Most vulnerable devices in terms of Approved Pending Changes is always displayed on the top right of the page and will show policy names. • If the user has permission to view Sites > Policies but does not have permission to view Account > Policies, only independent Site Policies are shown at the bottom of the page. The section called 10 Most vulnerable devices in terms of Approved Pending Changes is always displayed on the top right of the page and will show policy names. Without permission to manage Policies: Push changes... button is not displayed. Manage From either the Policies or the Manage tab Activity Permissions Notes © 2016 Autotask Corporation l Page 151 of 487 View policy status for individual devices (Target icon ) • Sites > Policies: Amend policy status for individual devices (Target icon ) • Sites > Policies: View Permissions to view and manage Manage are only required when performing actions from the Manage tab. The user can conduct the same actions via the Policies tab without those permissions. • Sites > Manage: View Manage • Sites > Manage: Man- age Sites tab Activity Permissions Notes Nominate a Refer to "Designate a Local Cache" on page 111. device as a Local Patch Cache, or re-configure nomination settings Settings tab Activity Permissions Configure Local Cache priority and deletion settings Sites > Settings: Man- Notes age Device-level permissions Manage tab Activity Permissions Notes View a device's approved or unapproved patches Sites > Manage > Approve or unapprove a patch at the Device level Sites > Manage: View device activity Refer to "Device Activity" on page 372. View policies pertaining to this device • Sites > Policies: View Manage Without permission to manage Manage: the user cannot perform actions on the page. View • Sites > Manage: View Run a policy pertaining to this device • Sites > Policies: Manage • Sites > Manage: Manage Patch management dashboard © 2016 Autotask Corporation l Page 152 of 487 The Patch Management page can be accessed through the Manage tab at the Account, Site, or Device level. While the dashboard looks similar at the Account and Site level, the interface at the Device level is slightly different. Patch management at the Account and Site level The Manage tab at the Account and Site level will allow you to see: l Configured patch management policies l A list of devices most demanding of attention l A pie chart detailing how many devices are fully compliant with the patch policies Field Description Pie chart (All devices / Workstations / Servers) By default, the chart shows All Policies for All devices. To see data for individual patch policies, click the small Pie Chart toggle icon next to any of the policies at the bottom of the page. The chart will then show device compliance with the approved patch list. Patches not approved are not reported as missing. Compliant devices neither missing patches, nor reporting failures are displayed as green. Devices with approved, pending patches are displayed as red. Consult the table for each policy at the bottom of the page for a list of all missing and unapproved patches. Select any of the radio buttons to see the required device type (All devices / Workstations / Servers) and hover over the chart to see the number of devices of that device type and their status. Percentage numbers are also displayed in brackets. © 2016 Autotask Corporation l Page 153 of 487 Field Description 10 Most vulnerable devices in terms of Approved Pending Patches A list of your ten most vulnerable devices in terms of approved pending patches. The device with the highest number of approved pending patches will be listed first. The data displayed here is based on the last audit information. You will see the following details: • Hostname (Description) - The name of your device. This can be edited in the device itself. You will also see the description of your device in brackets. The latter can be edited in "Device Summary" on page 119. Clicking on the Hostname (Description) hyperlink will direct you to the Manage tab at the Device level. Refer to "Patch management at the Device level" on page 156. • Site - The site that the device is added to. This field is only visible at the Account level. Refer to "Sites" on page 7. • Policy - The name of the policy that targets the device. • Last Run - The last run time of the policy. • Next Run - The next run time of the policy. Policies with an overriden schedule show the overridden data, not the original data. • Last Audit Date - The last time the device was audited. • Approved Pending Patches - The total number of approved pending patches for each device. The data is gathered from patch policy filters and approval lists. © 2016 Autotask Corporation l Page 154 of 487 Field Description Account Policies / Site Policies This section displays the list of patch management policies created at the Account or Site level. The list of Account-level policies appears both at the Account and Site level, while the list of Sitelevel policies only appears at the Site level. You can collapse or expand each list, and you will see the following details: • - This icon only appears if the Account-level policy in question is Override active icon overridden at the Site level. To edit the override, locate the policy at the Site level. Refer to "Override Account-level patch policy options at the Site level" on page 167. • Name - The name of the policy. Clicking on the hyperlink will direct you to the policy details. Refer to "Create a Patch Management Policy" on page 160. • Targets - The targets of the policy. • Last Run - The last run time of the policy. • Next Run - The next run time of the policy. Policies with an overriden schedule show the overridden data, not the original data. • Pie Chart toggle icon - Clicking on this icon will toggle what is shown in the (big) pie chart above the list of policies and in the section of "10 Most vulnerable devices...". The icon toggles between an All Policies overview and the data for the policy in question, showing the policy name over the pie chart. Clicking the Pie Chart toggle icon will make it glow to indicate that it has been toggled on. • Push changes... - Click Push changes... to immediately push any policy changes to all devices targeted by the policy. The target icon changes color when changes are being pushed. • Hourglass icon - Allows you to view results from the last time the policy ran. If the policy has not been run, the icon will be disabled and not clickable. Clicking on the icon will open a pop-up window showing the last run time and the following patch information: Patch Description, Size, Targeted Devices, Successes, Failures. You can click on the hyperlinked number under Successes and Failures. If you are viewing an Account-level policy, then the Successes/Failures hyperlink will direct you to the list of affected sites. You can expand each site to see the results for the targeted devices. If you are viewing a Site-level policy, then the hyperlink will direct you to the list of targeted devices. On the Successes and Failures page, you can control the items per page view and you can search for your devices. You can also filter by Desktops, Laptops, Servers, or All devices. © 2016 Autotask Corporation l Page 155 of 487 Field Description • Calendar icon - Allows you to see what patches would be installed if the policy was run now. Clicking on the icon will open a pop-up window showing the Approved Pending Patches as per the last audit data. You can expand or collapse each patch to see further information. You can control the items per page view and you can search for your devices. • Target icon - Clicking on this icon will open a pop-up window to show included and excluded sites and/or devices targeted by the policy. The Override active icon will be dis- played in front of sites that override the Account-level policy options. You can filter by All Sites, Included Sites, and Excluded Sites in the case of Account-level policies, and you can also filter by All Devices, Included Devices, and Excluded Devices in the case of both Accountand Site-level policies. You can turn the policy on or off for your sites and devices by toggling the Enabled button to ON or OFF, and you can push the changes by clicking on the Push changes color when changes are being pushed. changes... button. The target icon • Run now icon - Clicking on this icon will display a dialog box where you can confirm whether you want to run the policy now, outside of its schedule. If the policy has been deactivated, the icon will be disabled and not clickable. If you have just made changes to your policy, we recommend that you wait five minutes before you click on the Run now icon to ensure that the changes are applied. • Enabled/Enabled for this site - A toggle to turn the policy ON or OFF. Patch management at the Device level © 2016 Autotask Corporation l Page 156 of 487 You can configure individual patch installations at the Device level, permitting exclusions or tolerances for individual patches without needing to alter entire policies. Compared to the Manage tab at the Account and Site level, the layout of the Manage tab at the Device level is different: Field Description Operating System The operating system of the device. Service Pack The Service Pack Installed on the device. Policies The policies that target the device. • Name - The name of the policy. • Last Run - The last run time of the policy. • Next Run - The next run time of the policy. Policies with an overriden schedule show the overridden data, not the original data. • Run Now - Click on the icon to run the policy on this device now, outside of its schedule. If the policy has been deactivated, the icon will be disabled and not clickable. If you have just made changes to your policy, we recommend that you wait five minutes before you click on the Run now icon to ensure that the changes are applied. It is not recommended to have more than one patch policy targeting a device. © 2016 Autotask Corporation l Page 157 of 487 Field Description Operating System Patches This section has three drop-down lists: Approve, Installed, and Do Not Approve. The following options are available in each list: • Filter - You can filter by Priority, May Require Reboot, and May Require User Input. For more information on Priority, refer to "Filter patches" on page 168. • Search - As you type into the dynamic search field, the search results are narrowed to match your search string. • Sort - You can sort the patches by clicking on any of the following columns: Title, Priority, Size, Reboot. • Hyperlinked patch title - Clicking on the patch title will lead you to a page showing all devices for which this patch has been approved / that have this patch installed / for which this patch has been denied (when clicking from the Approve / Installed / Do Not Approve list, respectively). • Click for more information - Clicking on the information icon will display further information about the patch. Further details of each list are discussed below. Approve This drop-down denotes patches which have been marked for approval on this device by the Siteand/or Account-level policies targeting it. The number of patches is displayed in brackets next to the list name. The list is only updated following a device audit. Patches that are approved are pushed to the device during the policy schedule window, and following their installation, are moved to the next list called Installed. This schedule and other settings can be changed in the patch management policy. Refer to "Create a Patch Management Policy" on page 160. You can perform the following action in this list: • Remove from list - Hover over the patch and click on this icon to move the patch to the Do Not Approve list. Installed This drop-down denotes patches historically approved for this device, either by policy or as a result of user intervention. The number of patches is displayed in brackets next to the list name. The list is only updated following a device audit. Do Not Approve © 2016 Autotask Corporation l Page 158 of 487 Field Description This drop-down denotes patches that have been approved by the policy targeting the device, but that have historically been excluded from being installed on this particular device. The number of patches is displayed in brackets next to the list name. You can add patches to this table by clicking on the Remove from list icon next to a patch in the Approve list. To remove the patch from a device and stop it from re-installing, it must be excluded here and then removed manually using the Uninstall Windows Update by KB Number component from the ComStore. Refer to "List of components" on page 270. You can perform the following action in this list: • Remove from list - Hover over the patch and click on this icon to move the patch to the Approve list. If you have a device with no patch policies targeting it, all patches that Windows Update required in the last patch scan will be listed in the Do Not Approve dropdown. This is the expected behavior as no policy was able to approve these patches. If you then target this device in a patch policy, the device will need to be re-audited before the patches can move to the Approve list. To learn about the frequency of audits and how you can perform a manual audit, refer to "Audits" on page 106. Patch reporting To see detailed information on patch installations, check the device activity log and the Site-level patch management reports. Refer to "Device Activity" on page 372 and "Reports at Site Level" on page 382 © 2016 Autotask Corporation l Page 159 of 487 Create a Patch Management Policy Refer to "Permissions" on page 148. Account > Policies Sites > select a site > Policies What is a patch management policy? With a patch management policy, you are pre-approving patches to be installed on your Windows devices on an ongoing basis, based on conditions you define. A patch management policy can not only manage the patches made available in Windows Update, but it also gives you much more control, lowers your work load and increases the security of your device estate. You can set up an Account-level or Site-level policy that can target multiple devices, define the patch window, patch location, automatic approval rules and special options such as reboot behavior. You can even apply Site-level overriding of Account-level patch policy options. We recommend that you create at least two patch policies: one for workstations and one for servers. Only Windows Managed Agents support patch management. Refer to Managed and OnDemand Agents. For detailed information on patch management, refer to "Patch Management" on page 147. How to... Create a patch management policy 1. If you would like to use a patch management policy to install only the patches you have approved, you need to disable Automatic Windows Update on your devices. We recommend that you create a Windows Update Policy in AEM to achieve this. For more information, refer to the "Disable Automatic Windows Updates" on page 176 section in "Create a Windows Update Policy" on page 174. 2. You can then create a patch management policy at the Account or Site level. For information on how to create a policy, refer to "Add a policy" on page 251. Account-level policies can be overridden at the Site level to alter only the most necessary elements for a smaller subset of devices. For more information, refer to "Override Account-level patch policy options at the Site level" on page 167. Specify the Policy Details for a patch management policy © 2016 Autotask Corporation l Page 160 of 487 1. On the Policy page, click New account policy... or New site policy... 2. Give the policy a Name. 3. Select the type Patch Management. 4. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. You can only use an Account- or Site-level policy as a template, that is, you cannot base your policy on a Site-level override of an Account-level policy. For information of Site-level overrides, refer to "Override Account-level patch policy options at the Site level" on page 167. 5. Click Next. 6. Click on Add a target... to target your devices through a specific filter or group. If you want to target more than one filter or group, add another target to the policy. For more information, refer to "Filters" on page 130 and "Groups" on page 142. Devices of "unknown" device type will not be targeted by the policy. 7. Choose one or more of the following options: © 2016 Autotask Corporation l Page 161 of 487 Field Description TIMING OPTIONS Schedule Ensure that all of your devices are on the latest Agent version. Click the Click to change... button to set the schedule when you want the policy to run. Select one of the following: • At selected date and time - Defaults to the current date and time, but can be changed in the Start field. The policy will run once at the selected date and time. • Daily - The policy will run every day at the time indicated in the Start field. • Weekly - The policy will run every week on all selected days at the time indicated in the Start field. • Monthly - The policy will run in the selected months on the selected days. • Monthly day of week - The policy will run in the selected months on the specified occurrence of the selected days of the week. • Yearly - The job will run on the selected day (1 - 366) each year. Once you click OK , the selected schedule is displayed next to the Click to change... button. Time zones will be taken into account at run times. For example, if the policy is set to run at midnight and is applied to two devices in different time zones, one UTC and one PST, then the policy will run at midnight UTC on the UTC device and at midnight PST on the PST device. Duration Allows you to put a time limit (1-24 hours) on running the policy. PATCH LOCATION © 2016 Autotask Corporation l Page 162 of 487 Field Description TIMING OPTIONS Local Cache The following options are available: • Download patches from Windows Update - The targeted devices will contact Windows Update directly to download patches. • Use a Local Cache to download and distribute updates to targeted devices - The targeted devices will contact the Local Cache(s) of their site for updates. • Permit devices to contact Windows Update for patches the Cache is unable to provide - This option becomes available and is selected by default if the "Use a Local Cache..." option has been selected. It allows the targeted devices to contact Windows Update for patches in case the Local Cache(s) are unable to provide them. Make sure that the sites your targeted devices reside in do have a nominated patch cache if you want to use the Local Cache option in your policy. To learn how to use a Local Cache for patching, refer to "Designate a Local Cache" on page 111. To learn about patch cache clearing options, refer to "Site Settings" on page 20. If the Local Cache option is enabled in a policy that targets a site without a Local Cache nominated, a line of text (a warning or an error) will appear in the Agent log file. To locate the Agent log file, refer to How do I find the AEM log files?. PATCH APPROVAL Approve these patches Allows you to configure approval filters. Refer to "Filter patches" on page 168. © 2016 Autotask Corporation l Page 163 of 487 Field Description TIMING OPTIONS Do not approve these patches Allows you to configure disapproval filters, that is, you can set conditions that override your approval above. These filters take precedence over approval filters. Refer to "Filter patches" on page 168. Configurations such as “Approve critical security patches, but do not approve critical security patches with ‘Defender’ in the title” are entirely possible. © 2016 Autotask Corporation l Page 164 of 487 Field Description TIMING OPTIONS Configure individual patches This section has three drop-down lists: Available, Approve, and Do Not Approve. The following options are available in each list: • Filter - You can filter by Priority, May Require Reboot, and May Require User Input. For more information on Priority, refer to "Filter patches" on page 168. • Search - As you type into the dynamic search field, the search results are narrowed to match your search string. • Sort - You can sort the patches by clicking on any of the following columns: Title, Release date, Priority, Size, Reboot, User input. • Hyperlinked patch title - Clicking on the patch title will lead you to a page showing all devices that are missing this patch / for which this patch has been approved / for which this patch has been denied (when clicking from the Available / Approve / Do Not Approve list, respectively). • Click for more information - Clicking on the information icon will display further information about the patch. • Select - You can select your patches individually by checking the selection box in front of them. You can also select all of the patches listed by checking the Select All check box just in front of the Available / Approve / Do Not Approve drop-down. • Export all patches to CSV - Allows you to export all patches of the respective list in .CSV format. It is not possible to select only certain patches for the export. Once you click on the Export all patches to CSV button, make sure to select the columns you want to include in the export. If you have just moved patches from the Available list to the Approve or Do Not Approve list and want to export the updated list to a .CSV file, make sure to save the changes first and then click on the Export all patches to CSV button. This will allow you to see the updated number of patches in each list's export. Other configuration options specific to each list are discussed below. Available This drop-down lists all patches that have been submitted to the platform but have not yet been processed. The number of patches is displayed in brackets next to the list name. The patches are collected from the audit data of all of the devices in the entire account/site, that is, they are not filtered by the criteria defined in the approval and disapproval sections above. This section allows you to configure individual patches regardless of any previous filters. You can, for example, approve a patch here that would have been excluded through a disapproval filter above. Once you have selected the required patches, you can perform the following actions that will override the approval and disapproval filters defined above: • Approve - Approving a patch will remove it from the Available list and place it in the Approve list. • Do Not Approve - It will remove the patch from the Available list and place it in the Do Not Approve list. Approve © 2016 Autotask Corporation l Page 165 of 487 Field Description TIMING OPTIONS This drop-down lists all patches that have been approved through the Available list. The number of patches is displayed in brackets next to the list name. Once you have selected the required patches, you can perform the following actions: • Remove from list - It will remove the patch from this list and push it into the Available list again, where it can be approved or disapproved by the filters above it. Do Not Approve This drop-down lists all patches that have been denied through the Available list. The number of patches is displayed in brackets next to the list name. Once you have selected the required patches, you can perform the following actions: • Remove from list - It will remove the patch from this list and push it into the Available list again, where it can be approved or disapproved by the filters above it. POWER Boot The following option is available: • Wake all targeted devices 10 minutes before policy is due to start - You must have a network node device in the same site as your targeted devices to use this feature. (Local Caches can also be nominated as network nodes.) If multiple network nodes are nominated, all will send requests. Be aware that Wake-on-LAN must be enabled in BIOS/EFI and typically only works for laptops when they have an active mains connection. For more information, refer to Wake-On-LAN and "Assign a device to be a network node" on page 183. Reboot The following options are available: • Power down devices after patch window has concluded - it will shut down the targeted devices after the patch schedule window. • Reboot devices, if required, once policy concludes - If necessary, it will reboot the targeted devices after the policy has run. • Permit rebooting if a USB Mass-Storage Device is connected at scheduled reboot time - This option becomes available if the "Reboot devices..." option has been selected. Do not select this option if you want to cancel reboots when USB sticks are inserted. This will stop servers from rebooting into a LiveUSB. You can always search for devices requiring a reboot using a default Device Filter. Refer to "Device Filter definitions" on page 131. • Do not reboot devices after patch window has concluded - This option is selected by default. It will stop the targeted devices from rebooting after the patch schedule window. • But show Endpoint a branded reboot reminder every X hour/day - This option becomes available if the "Do not reboot devices..." option has been selected. It allows you to show a branded reboot reminder to the end user every 1-12 hours/1 day/2 days. The reminder will be displayed on the screen until the end user dismisses it. The reminder can be dismissed indefinitely. • Permit a maximum of X dismissals, after which time reminders will persist on screen - This option becomes available if the "But show Endpoint..." option has been selected. It lets you configure how many times (maximum two-digit integer) the end user is allowed to dismiss the reboot reminder, after which they will no longer be able to dismiss it. If this option is enabled but no value is set, then the default value of 1 will be used, that is, the end user will be able to dismiss the reminder only once and the second reminder will persist on the screen. The branding for the reminder is taken from the Patch Reboot Window image on the Branding page. Refer to Branding. © 2016 Autotask Corporation l Page 166 of 487 8. Click Save. The window will close, and you will be returned to the policy list page. 9. To activate the policy, click Push changes. Override Account-level patch policy options at the Site level Account-level patch policies can be overridden at the Site level. This allows you to change settings at the Site level without modifying the master (Account-level) policy. 1. Navigate to any of your sites and click on the Policies tab. You will be presented with both Account and Site Policies. 2. Locate your Account-level patch management policy and click on the Override button, or on the Edit Override button if the patch policy in question already has an active override. An active override is also indicated by the Override active button in front of the policy. A patch management policy that is only active at the Site level will not have an Override button (and any Override sections within the policy). 3. This will open the patch management policy as configured at the Account level, and you will have the following options: Field Description Name These fields cannot be edited. Policy type The targets of the policy are inherited from the Account-level policy. Created Modified Targets TIMING OPTIONS Override Turn it ON to be able to edit the settings below. If you turn it OFF again, the settings will revert. Schedule These sections become available as soon as the Override button is turned ON. For information on the configuration options, refer to "TIMING OPTIONS" on page 162. Duration © 2016 Autotask Corporation l Page 167 of 487 Field Description Name These fields cannot be edited. Policy type The targets of the policy are inherited from the Account-level policy. Created Modified Targets TIMING OPTIONS PATCH LOCATION Override Turn it ON to be able to edit the settings below. If you turn it OFF again, the settings will revert. Local Cache This section becomes available as soon as the Override button is turned ON. For information on the configuration options, refer to "PATCH LOCATION" on page 162. PATCH APPROVAL Add Rule Turn it ON to be able to edit the settings below. If you turn it OFF again, the settings will revert. Approve these patches These sections become available as soon as the Add Rule button is turned ON. For information on the configuration options, refer to "PATCH APPROVAL" on page 163. Do not approve these patches Configure individual patches POWER Override Turn it ON to be able to edit the settings below. If you turn it OFF again, the settings will revert. Boot These sections become available as soon as the Override button is turned ON. For information on the configuration options, refer to "POWER" on page 166. Reboot 4. Click Save. The window will close, and you will be returned to the policy list page. 5. To activate the policy, click Push changes. You can also configure individual patch installations at the Device level, permitting exclusions or tolerances for individual patches. Refer to "Patch management at the Device level" on page 156. Filter patches Your patch management policy can use filtering criteria to determine the patches that should be installed on © 2016 Autotask Corporation l Page 168 of 487 the targeted devices. You can filter by the following criteria: Field Description All This selection will include all patches. Category Select a category, such as Critical Updates or Drivers. Use any of the following qualifiers: Contains, Does not contain, Is empty, Is not empty, Begins with, Does not begin with, Ends with, Does not end with. Description Allows you to filter by the description of the patch. Use any of the following qualifiers: Contains, Does not contain, Is empty, Is not empty, Begins with, Does not begin with, Ends with, Does not end with. Download size You can limit the download size of the patch to a certain number of gigabytes, megabytes, kilobytes, or exact number of bytes. Use any of the following qualifiers: Less than, Less than or equal to, Equal to, Greater than or equal to, Greater than, Between. KB number Allows you to search for a specific Microsoft Knowledge Base article number the patch is associated with. Use any of the following qualifiers: Contains, Does not contain, Is empty, Is not empty, Begins with, Does not begin with, Ends with, Does not end with. Priority Allows you to filter by priority, that is, "severity" as specified in Microsoft Security Bulletins. Select any one of Critical, Important, Moderate, Low, Unspecified. Use any of the following qualifiers: Less than, Less than or equal to, Equal to, Greater than or equal to, Greater than, Between. AEM patch management policies reference the severity of the Security Bulletin classification, not the one in Windows Update. Refer to "A Note about Microsoft Update Classifications" on page 170. Reboot behavior Select from Never reboots (0), Always requires reboot (1), and Can request reboot (2). It allows you to avoid pushing changes that require a reboot during business hours. Use any of the following qualifiers: Less than, Less than or equal to, Equal to, Greater than or equal to, Greater than, Between. Release Date Allows you to filter for patches released before or after a certain date, or older than 30, 60 or 90 days. Request user input Select either May require, or Does not require. If you filter for patches that may require user input, schedule them to install during business hours. Title Allows you to filter by the name of the patch. Use any of the following qualifiers: Contains, Does not contain, Is empty, Is not empty, Begins with, Does not begin with, Ends with, Does not end with. Type Allows you to filter by patch type. Select either Software or Driver. © 2016 Autotask Corporation l Page 169 of 487 You can filter by multiple criteria. Just click the plus sign to add another one. Clicking the minus sign will remove the criterion. When you add a second criterion, you must select the correct Boolean operator. If both conditions must be true for the patch to be included in the search results, select AND. If either one must be true, select OR. Note that when you add additional criteria, you cannot combine AND and OR; the selection you made below the first criterion is repeated for the subsequent ones. A Note about Microsoft Update Classifications Microsoft uses two different security classification systems for their knowledge base articles. Windows Update references a KB number: © 2016 Autotask Corporation l Page 170 of 487 When you click the link from within Windows Update, an article opens up that references a Microsoft Security Bulletin number: When you click on that link, a page in the Security TechCenter opens: © 2016 Autotask Corporation l Page 171 of 487 The importance in Windows Update is shown as Important, but on the Security Bulletin, it is shown as Critical. AEM uses the Security Bulletin classifications from the Security TechCenter library, not the ones from Windows Update. Error 0x8024a204 We have identified a peculiarity involving Microsoft’s handling of patching which results in endpoints displaying the following error when they have installed patches via a local cache (and not sourced them directly from Microsoft): This error only appears when endpoints access the Windows Update section of the Settings menu, which should no longer be a necessary step as updates are delivered automatically without needing the involvement of Microsoft’s own patch management routines. We have sourced the issue to the particular method we use to place patches in the update cache directory of Windows. While thoroughly tested and 100% functional in all cases, it triggers this issue. The error is mean- © 2016 Autotask Corporation l Page 172 of 487 ingless, and can be dismissed without concern. Re-checking for updates will clear it from this interface. Patches that trigger this error will have been installed without issue. Until Microsoft fix this issue, the error will be shown when endpoints look for it. We apologize for any inconvenience this may cause. © 2016 Autotask Corporation l Page 173 of 487 Create a Windows Update Policy Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies What is a Windows Update Policy? The AEM Windows Update Policy is designed to allow AEM to control the Windows Update settings found in the Control Panel of Windows devices. Setting up a Windows Update Policy allows you to control these settings on multiple devices in multiple sites, instead of just one. Windows Update policies can be created at account or site level. Refer to "Add a policy" on page 251. Windows Update Policies and Patch Management Policies With Windows Update enabled, you allow Microsoft to control the installation of patches. However, if you are using a patch management policy to install only the patches you have selected, you do not want the automatic settings of Windows Update installing patches you have not approved. Therefore, you must first disable Automatic Windows Updates. Refer to "Disable Automatic Windows Updates" on page 176. How to... Create a Windows Update policy Windows Update policies can be created at account or site level. Refer to "Add a policy" on page 251. Specify the Policy Details for a Windows Update policy 1. On the Policy page, click New account policy... or New site policy... 2. Give the policy a Name. 3. Select the type Windows Update. 4. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 5. Click Next. 6. Click on Add a target... to target your devices through a specific filter or group. If you want to target © 2016 Autotask Corporation l Page 174 of 487 more than one filter or group, add another target to the policy. For more information, refer to "Filters" on page 130 and "Groups" on page 142. Devices of "unknown" device type will not be targeted by the policy. 7. Choose one or more of the options under Windows Update Policy Options. Field Description Patch Management Policy Select one of the following options: • Automatically detect recommended updates for my computer and install them. • Download updates for me, but let me choose when to install them. • Notify me of updates, but do not automatically install them. • Turn off Automatic Updates. - When this option is selected, the rest of the configuration options, except for WSUS, will be disabled and unchecked. For more information, refer to "Disable Automatic Windows Updates" on page 176. Install new updates Allows you to select on which day and at what time you want to install the updates. Recommended updates You can select this option: • Give me recommended updates the same way I receive important updates. Who can install updates You can select this option: • Allow non-Administrative Endpoint Accounts to receive update noti- fications. Microsoft Update You can select this option: • Give me updates for Microsoft products and check for new optional Microsoft software when updating Windows. © 2016 Autotask Corporation l Page 175 of 487 Field Description Restart behavior You can select any of the following options: • No auto-restart with logged on users for scheduled Automatic Updates installations. - If this setting is unchecked, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installations. If checked, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically. • Re-prompt for restart with scheduled installations. # minutes (max 30) - If this setting is unchecked, the default delay of 10 minutes will be used. If the setting is enabled, the restart will occur the specified number of minutes after the previous prompt for restart was postponed. • Delay restart for scheduled installations. # minutes (max 1440) - If this setting is unchecked, the default delay of 15 minutes will be used. If the setting is enabled, the restart will occur the specified number of minutes after the installation is complete. WSUS If you have set up a Windows Server Update Services (WSUS) server, it will act as a location for other Windows devices to pull updates from, rather than each device having to download Windows updates separately. It acts like a local cache, but only for Windows patches. The following options are available: • Use custom WSUS Server - Once this option is selected, the rest of the options will become available. Enter the WUServer address, e.g. http://www.yourwsus.com or http://192.168.1.1 • Do not allow any connections to Microsoft for Patching or Searching when using a WSUS Server. - This option becomes available if the "Use custom WSUS Server" option has been selected. • Enable Client-side targeting - It specifies the target group name(s) that should be used to receive updates from an intranet Microsoft update service. If this setting is enabled, you can enter a target group name or names separated by semicolons (if the intranet Microsoft update service supports multiple target groups). The specified target group information is then sent to the intranet Microsoft update service which uses it to determine which updates should be deployed to the device. 8. Click Save. The window will close, and you will be returned to the policy list page. 9. To activate the policy, click Push changes. Disable Automatic Windows Updates If you are using an AEM patch management policy to install only the patches you have selected, you do not want the automatic settings of Windows Update installing patches you have not approved. The most elegant way to do that is to create a Windows Update Policy to disable Automatic Windows Update on the devices you want to patch. 1. Create a new Windows Update Policy. Refer to the steps specified above. 2. Under Windows Update Policy Options > Patch Management Policy, select Turn off Automatic Updates. © 2016 Autotask Corporation l Page 176 of 487 3. Leave the rest of the options unchecked. 4. Click Save. The window will close, and you will be returned to the policy list page. 5. To activate the policy, click Push changes. You can then set up a patch management policy to ensure that you install the necessary patches on your devices. Refer to "Create a Patch Management Policy" on page 160. © 2016 Autotask Corporation l Page 177 of 487 Network Management At account level, permission to view or manage Account > Manage. At site level, permission to view or manage Sites > Sites and to manage Sites > Audit. Account > Manage > click the radio button for Network Management Sites > select a site > Manage > click the radio button for Network Management The Network Management page displays the results of a network node scanning the network for active IP addresses. At the top of the list, you can see network devices that are already managed. You can then review newly discovered devices, and select the ones you want to add as Managed devices, and hide devices you don't want to manage. Network Management is available at account and site level. Page description You will see the following areas on the page: Field Description Network devices status A pie chart showing the number of: • Discovered Network Devices • Managed Network Devices • Managed Network Devices with unresolved alerts Percentage numbers are also displayed in brackets if you hover over the chart. © 2016 Autotask Corporation l Page 178 of 487 Field Description Top 10 devices with the most monitor alerts unresolved A list of devices with unresolved monitor alerts. The device with the highest number of unresolved monitor alerts will be listed first. You will see the following details: • Site - The site that the device is added to. Refer to "Sites" on page 7. • Hostname - The name of the device. This can be edited in the device itself. • Description - The description of the device that can be edited in "Device Summary" on page 119. • Type - The type of the device. • Total - The total number of unresolved monitor alerts for each device. Managed Network Devices The list of your network devices that are managed by a network node device or have been added manually. Expand the list and you will see the following information displayed by default: • Hostname - The name of the device. This can be edited in the device itself. • Description - The description of the device that can be edited in "Device Summary" on page 119. • Site - The site that the device is added to. Refer to "Sites" on page 7. • IP Address - The IP address of the device. • Ext IP Addr - The external IP address of the device. • MAC Address(es) - The MAC address(es) of the device. • SNMP Credentials - The SNMP credentials of the device. Refer to SNMP Credentials. You can use the Search field and adjust the Show number of entries option towards the top of the Managed Network Devices section to help you with your selection to perform an action. For further information, refer to "Action bar icons" on page 181. © 2016 Autotask Corporation l Page 179 of 487 Field Description Discovered Devices (site level only) The list of your network devices discovered by one or more network node devices. For further information, refer to "Discover Devices on the Network" on page 183. Expand the list and you will see the following information displayed by default: • IP Address - The IP address of the device. • Hostname - The name of the device. This can be edited in the device itself. • Description - The description of the device that can be edited in "Device Summary" on page 119. • NIC Vendor - The name of the vendor of the device. • Model - The model of the device. • SNMP v1/v2 Public - A green check mark indicates if the device's SNMP credentials are v1/v2c and if the community string is set to public. To filter your results, use one of the following radio buttons: • All - Shows all the devices. • Windows - Shows Windows devices only, flagged with a Windows icon in the logo column. • Other - Shows all the devices that have not been identified as Windows devices. If the devices have been discovered in various subnets, you can group them by turning on the option Group by Subnet. This will group the devices and an additional blue row will display further information about the subnet (External IP Address, Network, Subnet Mask). You can collapse or expand the subnet groups as required. You can use the Search functionality and the Show number of entries at the top of this window to help you with your selection to perform an action. For further information, refer to "Action bar icons" on page 181. Choose the Last Seen By option in the column chooser to see which network node device last discovered the device. © 2016 Autotask Corporation l Page 180 of 487 Field Description Hidden Discovered Devices (site level only) A list of your hidden discovered network devices. Expand the list and you will see the following information displayed by default: • IP Address - The IP address of the device. • Hostname - The name of the device. This can be edited in the device itself. • Description - The description of the device that can be edited in "Device Summary" on page 119. • NIC Vendor - The name of the vendor of the device. • Model - The model of the device. • SNMP v1/v2 Public - A green check mark indicates if the device's SNMP credentials are v1/v2c and if the community string is set to public. To filter your results, use one of the following radio buttons: • All - Shows all the devices. • Windows - Shows Windows devices only, flagged with a Windows icon in the logo column. • Other - Shows all the devices that have not been identified as Windows devices. If the devices have been discovered in various subnets, you can group them by turning on the option Group by Subnet. This will group the devices and an additional blue row will display further information about the subnet (External IP Address, Network, Subnet Mask). You can collapse or expand the subnet groups as required. You can use the Search functionality and the Show number of entries at the top of this window to help you with your selection to perform an action. For further information, refer to "Action bar icons" on page 181. The devices will be flagged with either the Windows logo , the ESXi logo , or the Printer logo once identified. If it has not been possible to identify the device type, the logo column will remain blank. Action bar icons Icon Name Description Export to CSV Allows you to export a list of the selected devices in .CSV format. Make sure to select the columns you want to include in the export. Delete device(s) Delete the selected device(s). Refresh Refreshes the current view. This will show your devices' most up-to-date status. Manage device Manage your discovered device. Refer to "Discover Devices on the Network" on page 183. Hide discovered devices Hide your discovered device if you don't want it to appear in the Discovered Devices section. Unhide discovered devices Unhide your device if you want it to appear in the Discovered Devices section again. © 2016 Autotask Corporation l Page 181 of 487 Icon Name Description Column Chooser The column chooser lets you select which columns should be visible in the results view. You can click on All or None to select or deselect all the options, and you can restore the default view by clicking on Restore Defaults. Drag and drop any of the columns to re-arrange their order in the results view. Click Save to apply the changes or Cancel to discard them. Note: You must select at least one column in the column chooser. For information about how to get started with managing network devices in AEM, refer to "Discover Devices on the Network" on page 183. To learn about other endpoint management options, refer to "Manage Your Endpoints" on page 145. © 2016 Autotask Corporation l Page 182 of 487 Discover Devices on the Network Permission to manage Sites and manage Devices Sites > open a site > Manage > Network Management > Discovered Devices Adding devices to your AEM account manually can be time-consuming, however, if one of your fully Managed devices is designated as a network node device, it can discover devices on the network for you. The discovered devices can then be added as Managed network devices to your account and you can start monitoring them. By default, Agents in Autotask Endpoint Management (AEM) do not interrogate the local network for devices that are capable of being managed. In order to find those, you’ll need to assign a single device, which has a Managed Agent installed, as a network node. It is recommended that this is a device that has a high uptime, for example a server. Requirements to nominate a device as a network node l l Only desktops, servers, and laptops with up-to-date audit information may be nominated as network nodes. The following operating systems are supported: Windows, Mac, Linux For more information on supported versions of the above operating systems, refer to Supported Operating Systems and Requirements for the Agent. How to... Assign a device to be a network node 1. Click Sites and click on one of your Managed sites. 2. Click Devices. 3. Select the device that you want to designate as a network node. 4. Click the Add/Remove as Network Node icon from the action bar. A drop-down will appear to let you choose if you are adding or removing a network node. 5. Select Network Node (with network scanning). © 2016 Autotask Corporation l Page 183 of 487 6. Click OK on the pop-up window to proceed or click Cancel to stop the action. Once you click OK, the device is configured to act as a network node to carry out scanning of its local subnet. Note that the icon for the designated network node device has now changed to green to indicate that it has been nominated as a network node. When a device is elected as a network node, an Online Status Monitor will automatically be assigned to it. If the device is offline for 5 minutes, the monitor will raise a Critical alert and send a notification to the default email recipients. For information on how to change the monitor settings, refer to "Create a monitor" on page 239. You can assign more than one device to be a network node. 7. Select your network node device again and click the Request device audit(s) bar to force an immediate scan of the network the device is part of. icon in the Action 8. Click OK to confirm the audit or click Cancel to stop the action. Allow 10-15 minutes for the audit results to come through. View the discovered devices Once a network node has been configured, it will interrogate the local subnet for any active IP addresses. If it receives a response, it will then attempt to determine the device type and a few other details based on how that device responds. To see the devices that have been discovered by the network node, and the information it has collected: 1. Click Sites and click on the Managed site in which you configured your network node device. 2. Click on the Manage tab. 3. Make sure that the Network Management radio button is selected. 4. Scroll down and you'll see three sections: l Managed Network Devices l Discovered Devices l Hidden Discovered Devices 5. Expand the Discovered Devices section to see the devices that the network node has found on this subnet. The list will show all the information that the network node has been able to find based on the devices' responses, including logos. © 2016 Autotask Corporation l Page 184 of 487 ESXi devices need to listen on port 902 so that a network node device can list them as ESXi devices. If they are not listening on port 902, they can still be discovered but no ESXi logo will be displayed for them. Discovered Devices will be flagged with either the Windows logo the Printer logo , the ESXi logo , or once identified. If it has not been possible to identify a discovered device type, the logo column will remain blank. 6. If the network node device moves between networks frequently, you may find that it discovers devices in a number of different subnets. In order to keep this list organized and orderly, you can choose to group those devices by IP subnet by turning the Group by Subnet switch to ON at the top of the list. By selecting any or all discovered devices, you can export a list by clicking on the Export to CSV button in the Action bar. You can then select the columns you want to include in the export. For additional information about the Network Management page, refer to "Network Management" on page 178. If the network node has not been able to find any of your SNMP-enabled network devices or printers, network scanning of SNMP devices may have been disabled for your account. For further information, refer to "Disable network scanning of SNMP devices" on page 188. Add a discovered device as a Managed network device Once you have found the device(s) you want to monitor in the Discovered Devices list, they will need to become Managed network devices in order to be able to have monitors applied. To add a Managed network device, do the following: 1. In the Discovered Devices list, find the device(s) that you want to manage. 2. Select the device(s) and click the Manage Device icon in the Action bar. In case you would like to add a printer or an ESXi device as a Managed device, you can also click on their icon and skip step 3. © 2016 Autotask Corporation l Page 185 of 487 3. In the pop-up window, you are asked what sort of device you are trying to add. Click the required icon. 4. You are now prompted for the credentials of the device(s) as these credentials will allow the network node to connect to them. Enter the credentials manually or select from the ones saved at account or site level. If you selected the printer icon in step 2, the screenshot below may be slightly different. Windows / OS X: © 2016 Autotask Corporation l Page 186 of 487 Network device / printer: ESXi host: If you select credentials saved at account or site level, the site credentials will be used in addition to the credentials specified in Account Settings unless this option is disabled in Site Settings. For further information on what to enter and how to store the credentials for the entire account or at site level, refer to the Agent Deployment Credentials, SNMP Credentials, and ESXi Credentials sections in Account Settings and "Site Settings" on page 20. 5. If you want to manage more than one Windows or OS X device, and the devices got discovered by different network node devices, you will be able to select which network node device the Agent should be deployed from. Choose the correct network node device from the drop-down list on the top of the window. 6. Finally, click Deploy or Save. The device(s) will now be listed as Managed devices. © 2016 Autotask Corporation l Page 187 of 487 A device listed as Managed device will use an AEM Managed license. This should be considered when planning for licensing and Agent numbers. Disable network scanning of SNMP devices There may be cases when you do not want the Agents to scan for SNMP-enabled network devices. It is possible to stop network scans, however, by doing so you will only be able to add network devices to your account manually. For information on how to add a network device manually, refer to "Manage and Monitor SNMP-Enabled Network Devices and Printers" on page 92. In order to disable network scanning: 1. Click Setup > Account Settings. 2. Scroll down to Custom Agent Settings. 3. Select Use alternative settings for Agent. 4. In the Network Subnet Limit field, set the value to 0 to disable network scanning for the entire account. 5. Click Save. You can enable / disable network scanning of SNMP devices for the entire account. It is not possible to do this at site level only. © 2016 Autotask Corporation l Page 188 of 487 iOS Software Management Before you can configure a Software Management policy for an iOS device, you must download the Mobile Device Management Extension from the ComStore, and deploy an agent to your device. Refer to "Manage Mobile Devices (MDM)" on page 78. Permission to view or manage Account > Manage or Sites > Manage AND permission to manage Policies at account and/or site level Account > Manage > Software Management Sites > select a site > Manage > Software Management About Software Management Software management is currently available for iOS devices at account and site level. It allows you to create a policy to target your iOS devices with a list of applications that you previously added to your Component Library from the iOS App Store. Software management is currently unavailable for Android devices. To access the Software Management page in Autotask Endpoint Management (AEM), navigate to: l Account > Manage > click the radio button for Software Management or l Sites > select a site > Manage > click the radio button for Software Management © 2016 Autotask Corporation l Page 189 of 487 You will see the following areas on the page: Field Description Noncompliant devices targeted by the policy A pie chart showing which devices are not compliant with your Software Management policy and need further administrative attention. The devices displayed here have failed to install the applications that the policy attempted to push out. To resolve the issue, refer to "Apply the Software Management policy to non-compliant devices" on page 195. 10 least compliant devices A list of your non-compliant devices. The device with the highest number of apps waiting to be installed will be listed first. You will see the following details: • Site - The site that the device is added to. Refer to "Sites" on page 7. • Hostname - The name of your device. This can be edited in the device itself. • Description - The description of your device that can be edited in "Device Summary" on page 119. • Type - The type of your device. • Total - The total number of apps waiting to be installed for each device. • Quick Fix - Allows you to manually push out the policy to this device. Refer to "Apply the Software Management policy to non-compliant devices" on page 195. Account Policies / Site Policies Expand this section to see the list of Software Management policies created at account or site level. The list of account policies appears at both account and site level, while the list of site policies only appears at site level. Once the list is expanded, you will see the following details: • Name - The name of the policy. Click on the name to edit the policy. Refer to "Edit or remove a Software Management policy" on page 197. • Targets - The list of targeted devices. A Software Management policy can currently target iOS devices only. • Type - Indicates the type of policy. Refer to "Types of policies" on page 237. • Push changes... - Click Push changes... to immediately push any policy changes to all devices targeted by the policy. The target icon changes color when changes are being pushed. • Target icon - Clicking on this icon will open a pop-up window to show included and excluded sites and/or devices targeted by the policy. In the case of Account-level policies, you can filter by Site Exclusions and Site Manually Enabled, and you can also filter by All Devices, Included Devices, and Excluded Devices in the case of both Account- and Site-level policies. You can turn the policy on or off for your sites and devices by toggling the Enabled button to ON or OFF, and you can push the changes by clicking on the Push changes... button. The target icon changes color when changes are being pushed. • Enabled / Enabled for this site - A toggle to turn the policy ON or OFF. • Delete - Hover over a row and click this icon to delete the policy. © 2016 Autotask Corporation l Page 190 of 487 Field Description New account policy Available at account level only. Click on New account policy... to create a new policy. Refer to "Create a Software Management policy" on page 193. New site policy Available at site level only. Click on New site policy... to create a new policy. Refer to "Create a Software Management policy" on page 193. Requirements to create a Software Management policy Before starting, ensure that your devices are enrolled through the AEM Mobile Device Management (MDM) service. For further information, refer to "Manage Mobile Devices (MDM)" on page 78. Make sure you have downloaded the required iOS apps to your Component Library. Refer to "Download iOS apps" on page 191. How to... Download iOS apps 1. Click the ComStore tab and locate the App Store section on the left. 2. Click the green plus icon next to Add iOS App to download an application from the iOS App Store. 3. Type the name of the app you wish to download in the Search field and choose a Country from the drop-down list for the relevant app version. Instead of the name of the app, you can also enter the bundle ID or app ID in the Search field. Hover over the blue question mark to the right of the search box to find out more about the bundle ID or app ID. © 2016 Autotask Corporation l Page 191 of 487 4. Click Search. All the applications that contain the string entered will be populated. 5. Once you have found the app you were looking for, click on Add. 6. You will now be able to review the details of the app. 7. Select the option Remove with MDM to allow for the automatic removal of the app from the device, should the device's MDM profile be removed. For further information about how to remove the MDM profile of an iOS device, refer to "Uninstall the iOS Agent" on page 85. 8. Click Confirm to download the app. 9. You will now be redirected to the list of your mobile app components. © 2016 Autotask Corporation l Page 192 of 487 Create a Software Management policy Once you have downloaded the required apps from the iOS App Store, you will be able to create a Software Management policy to push out the apps to your iOS devices. You can create the policy at both account and site level. 1. Navigate to Account > Manage or Sites > select a site > Manage. 2. Click the Software Management radio button. 3. Click New account policy... OR New site policy.... 4. Enter a policy Name. The policy Type will default to Software Management. If at this point the policy type appears blank and you click on Next, you will not be able to continue and you will get the following message: Please specify the policy type. In order to continue, make sure to enable the Mobile Device Management extension. For further information, refer to "Manage Mobile Devices (MDM)" on page 78. 5. If you would like to copy an already existing policy, you can choose it from the Based on drop-down list. To create a new policy, select New Policy. 6. Click Next. If at this point you have not yet downloaded any app from the iOS App Store, you will see the following information displayed on the top of the page. In order to continue, make sure you have downloaded your iOS apps to your Component Library. Refer to "Download iOS apps" on page 191. 7. To target your devices with the policy, click Add a target. 8. From the O/S drop-down, select Apple iOS. 9. Select Device Filter as Target Type. 10. Choose the required filter(s) and click Add. Filters will present you with a list of the device filters that are in every account and any custom filters you've created yourself. © 2016 Autotask Corporation l Page 193 of 487 11. Under Policy Options, click on Add an app... to add the required iOS app(s) to your Gold List. Your Gold List should contain components you wish to install on all targeted devices. 12. Select the app(s) you wish to push out to the targeted devices. You can use the Search field and adjust the Show number of entries option at the top of this window to help you with your selection if necessary. 13. Click Save. 14. You will now be redirected to the policy details window. 15. If any of your apps is a paid one, click on the pencil icon next to your app to add a Redemption Code. If it's a free app, you do not need to enter a code. Once you have entered the redemption code, click Save. 16. Review your policy and click Save. This will save the changes you made to the policy which will be confirmed through a pop-up window on the top of the page. 17. You will now see your list of policies. Click Push changes next to the newly created policy. © 2016 Autotask Corporation l Page 194 of 487 The changes will be pushed instantly if the device is online. To learn how to push out the policy to offline devices, refer to "Apply the Software Management policy to non-compliant devices" on page 195. Apply the Software Management policy to non-compliant devices Once you push out the Software Management policy, the changes will be applied instantly if the device is online. In case the device is offline at that time, the communication to apply the changes will fail and the device will be displayed as non-compliant with the policy. 1. In order to continue, you need to make sure the device comes online again so that you can manually push out the policy. 2. Locate the device in the non-compliant devices list under Software Management. Refer to "About Software Management" on page 189. 3. Click on the Quick Fix icon next to the device. This will allow you to manually push out the policy to this device. The following message will be displayed in the Web Portal: 4. Click OK. 5. The following message will be displayed on the device for each app to install: © 2016 Autotask Corporation l Page 195 of 487 © 2016 Autotask Corporation l Page 196 of 487 6. Click Install. The app will now be installed. If the device has been supervised using Apple Configurator, the user will not see this dialogue and the app will install automatically. They may, however, be prompted to insert their Apple ID credentials. 7. Once the policy has been pushed to the device and all the apps have been installed successfully, the device will no longer be displayed in the non-compliant devices list in the Web Portal. If an app deploy was unsuccessful, you will see the entry populated in the non-compliant devices list. A pie chart will also appear showing which devices require further administrative attention. Edit or remove a Software Management policy 1. Locate the policy by navigating to Account > Manage > Software Management OR Sites > select a site > Manage > Software Management and click on its name. 2. On the Update Software Management Policy page, you can edit the name of the policy and the app list. 3. Once you have finished editing, click Save. The change will be confirmed through a pop-up window on the top of the page. 4. You will now see your list of policies. Click Push changes next to the policy you have modified. The changes will be pushed instantly if the device is online. To learn how to push out the policy to offline devices, refer to "Apply the Software Management policy to non-compliant devices" on page 195. 5. To remove the policy, click the Remove Policy icon next to the policy. To learn about other policy types in AEM, refer to "Managing Policies" on page 250. To learn about other endpoint management options, refer to "Manage Your Endpoints" on page 145. © 2016 Autotask Corporation l Page 197 of 487 Backup Management In order to be able to see the Backup Management page, you will need to configure the Datto Integration and associate at least one Datto device with a site in AEM. For further information, refer to "Datto Backup Integration" on page 202. Permission to view or manage Account > Manage or Sites > Manage Account > Manage > Backup Management Sites > select a site > Manage > Backup Management About Backup Management The Backup Management functionality becomes available in Autotask Endpoint Management (AEM) once the Datto Integration is downloaded and configured for your site. In order to do that, you will need at least one Datto device and its associated API key. Once the Datto device is associated with a site in AEM, you will be able to see information and statistics about your protected devices via Backup Management. For more information about Datto and how to configure the integration refer to "Datto Backup Integration" on page 202. Backup Management is available at account and site level. Navigate to: l Account > Manage > click the radio button for Backup Management or l Sites > select a site > Manage > click the radio button for Backup Management © 2016 Autotask Corporation l Page 198 of 487 You will see the following areas on the page: Field Description Actions Click the icon to download a summary of your protected devices in an Excel file. It will display: • Name of the protected device • Number of backups • Date and time of the last backup • Whether a screenshot was taken successfully • Whether an offsite backup took place in the last 24 hours • How much data (GB) is protected • Name of the Datto device • Name of the site the Datto device is linked to © 2016 Autotask Corporation l Page 199 of 487 Field Description Datto Device Details The following details will be displayed of your Datto device: • Hostname • Serial Number • Model • Internal IP • External IP • Last Seen • Uptime • Disk Usage (Used / Free / %) • Offsite Usage (GB) • Throughput (Rx / Tx) • Upload Limit (KB/s) • History - Click the View History icon to view information about disk usage (GB), throughput (KB/s) and agent errors. • Launch Remote Web - Click the hyperlink to log into your Datto account and manage your Datto device. Add Addi- Click the link to choose another Datto Device to link to this site in order to see aggregated backup tional status. Select your Datto device from the drop-down list and click Save. Datto Device Protection Status A pie chart showing the number of protected and not protected devices. Percentage numbers are also displayed in brackets if you hover over the chart. © 2016 Autotask Corporation l Page 200 of 487 Field Description Local Storage A pie chart showing the used and free space (GB) of the local storage. Percentage numbers are also displayed in brackets if you hover over the chart. Devices Protected Shows the following information about the devices protected by the Datto device: • Hostname - The name of the protected device. • Latest Backup - The time when the last backup took place. • Latest Sync - The time when the last sync took place. • Latest Offsite - The time when the last offsite data protection took place. • Latest Screenshot - Hover over the entry to see the screenshot taken of the protected device. • Oldest Backup - The time of the oldest backup. • Free Space (GB) • Protected Space (GB) • Datto Usage (GB) • Device - The name of your Datto device. • - Indicates that the backup failed. • - Indicates that the Datto device was unable to start a backup because the agent service is stopped. • - Indicates that the action (backup, screenshot, etc.) was performed successfully. You can use the Search field and adjust the Show number of entries option to help you find your devices. To learn about other endpoint management options, refer to "Manage Your Endpoints" on page 145. © 2016 Autotask Corporation l Page 201 of 487 Datto Backup Integration Administrator Setup > Integrations > Datto About Datto Datto is a hybrid cloud backup and recovery service. A Datto device on a local network will perform a snapshot of targeted systems and then back them up to storage in the cloud. AEM backup management enables AEM to integrate with Datto NAS and view information and statistics about the backed up devices via the AEM Manage tab. Prerequisites You will need at least one Datto device and its associated API key. The API key is available from Admin > Integrations in the Datto cloud. If this page is not accessible, please contact Datto directly to obtain your key. How to... Download the Datto Integration and enter the API key To enable the integration, you must download the Datto Integration component from the ComStore and enter the API key. 1. Click the ComStore tab. 2. Search for and select Datto Integration and click Add to my Component Library to add it to your account. 3. Navigate to Setup > Integrations and scroll to the Datto section. 4. Enter your Datto API key and click Save. 5. Turn on the Datto integration by sliding the Enabled button to ON. © 2016 Autotask Corporation l Page 202 of 487 The Datto integration is now enabled in AEM. Associate a Datto device with a site in AEM The next step is to associate a Datto device with a site in AEM. The Datto device must be installed on the local area network associated with the site. 1. Click on a site and click Manage. 2. Click the Backup Management radio button. 3. Choose a Datto device from the drop-down list to link to this site. This will allow you to see backup statistics and feedback. 4. Click Save and OK. 5. You have now successfully associated your Datto device with a site in AEM. Sites associated with a Datto device will display the Datto icon in the Sites list. 6. The Backup Management page will now display your Datto device details and the protection status of your devices protected by the Datto device. © 2016 Autotask Corporation l Page 203 of 487 For information on what is displayed on the Backup Management page, refer to "Backup Management" on page 198. Create a monitor for endpoints backed up by Datto You can create a monitoring policy in AEM to alert you if any Datto backup incidents occur. Backup alerts will be delivered at device level via the AEM Agent. You can create the policy at either account or site level. Refer to "Create a Monitoring Policy" on page 256. The monitor will alert upon receiving an error feedback from the Datto app on the endpoint. To manage the backup incident, you will need to access the Datto management screen on the Datto device. To learn how to see information and statistics about your Datto protected devices in AEM, refer to "Backup Management" on page 198. © 2016 Autotask Corporation l Page 204 of 487 Security Management In order to be able to see the Security Management page, you will need to configure the Kaspersky Endpoint Security (KES) Integration or the Webroot Endpoint Security Integration. For further information, refer to "Kaspersky Endpoint Security Integration" on page 208 and "Webroot Endpoint Security Integration" on page 218. Permission to view or manage Account > Manage or Sites > Manage Account > Manage > Security Management Sites > select a site > Manage > Security Management About Security Management Security Management lets you report on your device estate protected by Kaspersky Endpoint Security (KES) or Webroot. It allows you to see information and statistics about the current status of your devices and recent detected threats. Security Management becomes available once you have downloaded and configured the KES Integration or Webroot Endpoint Security Integration. For more information, refer to "Kaspersky Endpoint Security Integration" on page 208 and "Webroot Endpoint Security Integration" on page 218. Security Management is available at account and site level. Navigate to: l Account > Manage > click the radio button for Security Management or l Sites > select a site > Manage > click the radio button for Security Management You will see the following areas on the page: © 2016 Autotask Corporation l Page 205 of 487 Field Description All / KES / Webroot Depending on whether you have configured KES or Webroot for your account, these radio buttons in the top right area of the Security Management page let you choose one or all of the security products. All devices / Servers / Workstations A pie chart showing the status of All devices / Servers / Workstations secured by the selected security product. Select one of the radio buttons to see the required device type and hover over the chart to see the number and status of the devices. Percentage numbers are also displayed in brackets. Click a piece in the pie chart to see statistics about those devices only in the Active threats in the last 30 days chart on the right of the page. © 2016 Autotask Corporation l Page 206 of 487 Field Description Active threats in the last 30 days A chart showing the number of threats on your devices in the last 30 days. Hover over a date to see the exact number. If only KES is selected as security product, the chart will show the following: • Active threats • Detected threats If only Webroot is selected as security product, the chart will show the following: • Active threats • Threats blocked In our example, we selected all the security products: Select the required device type (All devices / Servers / Workstations) on the left of the page above the pie chart to see statistics about that device type only. To learn about other endpoint management options, refer to "Manage Your Endpoints" on page 145. For information about security management policies, refer to "Create a Security Management Policy" on page 227. © 2016 Autotask Corporation l Page 207 of 487 Kaspersky Endpoint Security Integration Administrator Setup > Integrations > Kaspersky Endpoint Security About Kaspersky Endpoint Security Kaspersky Lab provides IT security solutions and services, such as anti-virus, anti-malware and firewall applications to protect businesses, critical infrastructure, governments and consumers around the globe. The company's portfolio includes endpoint protection and a number of security solutions to fight online threats. The Autotask Endpoint Management (AEM) integration with Kaspersky Endpoint Security (KES) allows you to manage and administer your KES anti-virus solution from within the AEM Web Portal. With the integration enabled and a KES security management policy configured, you can: l Deploy KES to Windows and Mac devices (refer to "Supported versions" on page 208 for further information) l Keep track of KES licenses and configuration files from within AEM l Uninstall incompatible anti-virus solutions or KES from your endpoints l l Monitor your endpoints to be alerted as per the criteria configured in the KES security management monitor details Report on the current status of KES throughout your device estate You no longer need to specify a Configuration File Password when adding your KES configuration file on the KES Integration page. The password is now used during the installation process and needs to be specified in the KES security management policy. For further information, refer to "Add your KES agent configuration file" on page 211 and "Create a Security Management Policy" on page 227. Supported versions Windows l KES 10 MR2 - version 10.2.4.674 l KES 10 MR1 - version 10.2.2.10535 l KES 10 - version 10.2.2.0 l KES 10 - version 10.2.1.0 Mac l KES 10 MR2 - version 10.0.0.327b © 2016 Autotask Corporation l Page 208 of 487 l KES 8 and later versions Support is not provided for mobile devices. Requirements l You must be an Administrator in AEM to set up the KES Integration. l You must have a valid KES license key. In order to deploy KES to Mac devices, you need to upload the license key file supplied by Kaspersky when setting up the integration. Supported operating systems and incompatible products Windows For a full list of supported Windows operating systems, as well as general, hardware and software requirements for KES version 10.2.4.674 for Windows, refer to the following Kaspersky support article: Kaspersky Endpoint Security 10 for Windows - Version 10.2.4.674: Hardware and Software Requirements. Mac For a full list of supported Mac operating systems, as well as requirements for KES version 10.0.0.327b for Mac, refer to the following Kaspersky support article: Kaspersky Endpoint Security 10 for Mac. List of incompatible products A number of anti-virus products are incompatible with KES and can be removed when KES is installed if the corresponding install option is selected in the KES security management policy. Refer to "Create a Security Management Policy" on page 227. For a full list of incompatible products, refer to the following Kaspersky support articles: List of applications incompatible with Kaspersky Endpoint Security 10 for Windows List of applications incompatible with Kaspersky Endpoint Security 10 for Mac How to... Download the Kaspersky component © 2016 Autotask Corporation l Page 209 of 487 1. Log into your AEM account and click on the ComStore tab. 2. Search for the Kaspersky Endpoint Security component. Do not confuse this with the component called “Kaspersky 2011 Internet Security monitor”. 3. Open it and click Add to my Component Library to download it. As soon as you download KES for your account, a new section will be added to Account Settings and Site Settings. Refer to Windows Security Center Audit and "Kaspersky Endpoint Security" on page 25. At the same time, the anti-virus summary will slightly change at both account and site level. Refer to "Account Dashboard" on page 365 and "Site Summary" on page 16. Add your license key 1. Navigate to Setup > Integrations. You will now have a new section on the Integrations page called Kaspersky Endpoint Security. 2. In the Licenses area, click Add license.... The Add new License Key window will open. Complete the following fields: © 2016 Autotask Corporation l Page 210 of 487 Field Description Name Enter a name for the license key. Description Enter a description. Security Type Use the radio button to select: • Upload Key File - This will allow you to upload the key file provided by Kaspersky. Uploading the key file is mandatory for deploying KES to Mac devices. • Key - This will allow you to continue without uploading the key file provided by Kaspersky. To minimize potential errors, we recommend that you upload the .key file supplied by Kaspersky. Key Enter your Kaspersky key. Upload Key File If you selected Upload Key File under Security Type, click the Choose file button to upload the key file provided by Kaspersky. Uploading the key file is mandatory for deploying KES to Mac devices. Expiration Date Enter the expiration date of your Kaspersky key. Number of Endpoints Enter the number of endpoints secured by this key. The maximum number of endpoints allowed is 20,000. AEM does not currently get expiry and endpoint information from Kaspersky. Please provide accurate information, or the integration will stop working without warning. 3. Click Add. Your license information will appear on the Integrations page. You can add as many licenses as you have available by repeating steps 1-2. The Number of Devices column displays the number of devices targeted by a KES security management policy. Once a device is added to the policy or removed from it (by being removed from the target of the policy or by getting excluded from the policy associations), the device count will increase or decrease accordingly. Add your KES agent configuration file The KES configuration file is a .cfg file that contains settings for all the installed components of KES (e.g. © 2016 Autotask Corporation l Page 211 of 487 scan settings, whitelisting, exclusions, etc.). You can either add your own configuration file or use the Default Mac Configuration File and Default Windows Configuration File provided on the integration page. If you choose to use any of the default configuration files, you still need to download a copy and upload it to your account using the Add new configuration file... button. 1. To start with any of the default configuration files, locate the Configuration Files area and click the green Download arrow on the right of a configuration file to save it to your computer. Then click Add new configuration file.... To use your own configuration file, click Add new configuration file.... 2. Complete the following fields: Field Description Operating System Select the operating system of the endpoint device the Kaspersky agent will be monitoring. Name Enter a name for the configuration file Description Enter a description for the configuration file. Configuration File To upload either your own configuration file or any of the default configuration files downloaded in step 1, click the green Upload the Configuration File arrow. 3. Once you have filled in all the fields and uploaded your configuration file, click Save. © 2016 Autotask Corporation l Page 212 of 487 4. You can add as many configuration files as you wish. The configuration file currently used in a KES policy will display the This Configuration File is in use icon under the In Use column. 5. To edit the uploaded configuration files, click the pencil icon. Make the changes in the Edit Configuration File window and click Save. Each time you modify a configuration file, its version number under the Version column will increase by one. Each time you modify a configuration file, the Force all associated policy updates icon will become activated next to it. Clicking on the icon will push any change made to the configuration file to all the devices that are currently using it and the devices will apply the changes accordingly. 6. To delete a configuration file, click the Remove this Configuration File button row. at the end of the You cannot delete or modify the default Windows and Mac Configuration File. Prior to KES version 10.2.4.674 (Windows) and KES version 10.0.0.327b (Mac), you had to specify a password when adding a configuration file on the KES integration page. The password has now been moved from the configuration file and is used during the installation process. All previous configuration file passwords have been migrated to already existing policies. For further information, refer to "Configure the security management install options" on page 228. You have now successfully completed the setup of the Kaspersky Endpoint Security Integration. Follow the steps below to deploy the Kaspersky agent to your endpoints and enable monitoring. Deploy the KES agent and enable monitoring Now that you have set up the integration with your license files(s) and configuration file(s), you can use the power of AEM to push out the Kaspersky Endpoint Security agent. © 2016 Autotask Corporation l Page 213 of 487 Set up a Security Management Policy to push out KES to your devices and to raise alerts and tickets as per the criteria you set in the monitor details. You can create the policy at either account or site level. For further information, refer to "Create a Security Management Policy" on page 227. Use the KES security management commands Once you have downloaded Kaspersky Endpoint Security from the ComStore, the KES Run Security Management Command button becomes available in the Action bar on the Devices page in each Managed site. Selecting a device and clicking this button will allow you to run a security command on your device. The selected device needs to be targeted by a KES security management policy so that you can run a security management command on it. If a device is targeted by a security management policy, a security status indicator is displayed next to it. Refer to "Check security status indicators" on page 216. 1. Navigate to Sites and open a Managed site associated with a KES security management policy. To learn about KES policies, refer to "Create a Security Management Policy" on page 227. 2. Click the Devices tab. 3. Select one or more of your devices targeted by the security management policy, and click the KES Run Security Management Command button in the action bar. 4. The following commands will become available: © 2016 Autotask Corporation l Page 214 of 487 Command Description Activate Security Management Re-activates the site's KES security management policy on the selected device(s) either by including the device(s) in the policy target again or by re-activating a disabled policy. This action will only take place if the selected device has previously been targeted by a KES policy. Deactivate Security Management Excludes the selected device(s) from the site's KES security management policy. Reset Security Status KES Resets the security management status on the device and triggers a deployment of KES if it's not installed on it. For example, if the installation of KES had been unsuccessful on your device through a KES policy but you managed to solve the issue on your device in the meantime, running this command will attempt to install KES on your device again. 5. Once you have selected a command, click OK and the requested action will be performed. Uninstall KES To be able to uninstall KES from your endpoints, you must ensure the Kaspersky Endpoint Security Integration is enabled and set up for your account and your endpoints are targeted with a KES security management policy. To uninstall KES from these devices: 1. Log into your AEM account and navigate to the account or site policy which targets the devices you want to uninstall KES from. 2. Remove the required devices from the list of target devices. 3. Make sure that the Uninstall KES from the devices that are removed from the list of target devices option is selected in the Security Management Install Options area. 4. Click Save and click Push changes. If Allow force reboot is checked in the Security Management Install Options, the device will automatically reboot after KES has been uninstalled. Check statistics and report Click Download KES Installation CSV Report on the KES Integration page to have a quick overview of the number of KES installations in each site of your AEM account. © 2016 Autotask Corporation l Page 215 of 487 After downloading the KES component, you will have access to a KES report at account level. Refer to "Reports at Account Level" on page 412. To learn how to see information and statistics about your devices with the KES agent installed, refer to "Security Management" on page 205. You can also create a custom filter to search for devices with a specific security management status. Refer to "Filters" on page 130 and "Check security status indicators" on page 216. Check security status indicators In the Web Portal, sites with an active KES policy will display the Kaspersky logo : If a device is targeted by an active KES security management policy, various security status indicators may appear next to it. The same icons are displayed in the AEM Managed Anti-Virus Summary section on the "Site Summary" on page 16 and "Account Dashboard" on page 365 pages. AEM relies on the information received from KES and updates a device's security status as soon as it's updated in KES. Icon Description Installed & Active Not Installed Installed, not Active Reboot Required Active Threats © 2016 Autotask Corporation l Page 216 of 487 Icon Description Needs Update Within 48 hours after deployment OR 30 minutes after the first reboot, KES will ignore the Needs Update status and alerts. This is because it can take a long and sometimes varying amount of time for the database to update. In this timeframe, the delay is designed to stop excessive alerting to take place that tends to overwhelm MSPs with the Needs Update status, whereas the update is in progress and just taking time. No Valid License One device may have more than one security status. In such cases, the highest priority security status will be shown on device list pages. All other security statuses will be hidden under an arrow to the right of the first security status. You can open the list by clicking on the arrow. © 2016 Autotask Corporation l Page 217 of 487 Webroot Endpoint Security Integration Administrator Setup > Integrations > Webroot Security Agent About Webroot Webroot provides cloud-based, real-time Internet security against viruses, spyware, and other online threats. Its SecureAnywhere® suite of security products for endpoints, mobile devices and corporate networks delivers advanced Internet threat protection to customers. The Webroot Endpoint Security Integration allows MSPs to deploy Webroot's lightweight software, and to monitor and support the endpoints secured by Webroot directly from the Autotask Endpoint Management (AEM) interface. With the integration enabled and a Webroot security management policy configured, you can: l Deploy Webroot to Windows and Mac devices l Uninstall Webroot from your endpoints l Monitor your endpoints to be alerted as per the criteria configured in the Webroot security management monitor details l Run Webroot-specific commands on your endpoints from device list pages l Report on the current status of Webroot throughout your device estate For information about how to set up a security management policy for Webroot, refer to "Create a Security Management Policy" on page 227. For an overview of the Webroot Endpoint Security Integration, please watch our training video: AEM Webroot Integration Overview Supported versions l 8.0.4.47 and later versions for both Windows and Mac Support is not provided for mobile devices. © 2016 Autotask Corporation l Page 218 of 487 Requirements l l You must be an Administrator in AEM to set up the Webroot Integration. You need at least one valid Webroot Site Key to be able to configure the Webroot Integration. You can obtain it from the Webroot Console once you log into the Console. For assistance, we recommend that you contact Webroot. Supported operating systems Windows For a full list of supported Windows operating systems, as well as general, hardware and software requirements, refer to the following Webroot article and scroll down to the For PC section: Webroot SecureAnywhere System Requirements Mac For a full list of supported Mac operating systems, as well as general, hardware and software requirements, refer to the following Webroot article and scroll down to the For Mac section: Webroot SecureAnywhere System Requirements How to... Download the Webroot component 1. Log into your AEM account and click on the ComStore tab. 2. Search for the Webroot Endpoint Security component. 3. Open it and click Add to my Component Library to download it. This will add the Webroot Security Agent section to Setup > Integrations. As soon as you download Webroot for your account, a new section will be added to Account Settings and Site Settings. Refer to Windows Security Center Audit and "Webroot Security Agent" on page 25. At the same time, the anti-virus summary will slightly change at both account and site level. Refer to "Account Dashboard" on page 365 and "Site Summary" on page 16. Configure your mapping rules You can specify mapping rules that will associate a set of characters from the Webroot site name with a set of characters from the AEM site name. The association of Webroot sites with AEM sites will be performed automatically upon importing your Webroot Site Keys, so you will not have to manually map the imported Site Keys. © 2016 Autotask Corporation l Page 219 of 487 For example, having the rule to associate "location" with "office" will map your Webroot Site Key called "Location 1" to your AEM site called "Office 1". For information about importing your Site Keys, refer to "Add or import your Webroot Site Keys" on page 220. 1. Navigate to Setup > Integrations. 2. Locate Webroot Security Agent. 3. In the Mapping Rules section, click Add New Mapping Rule. 4. In the Add New Mapping Rule window, enter your Webroot variable and AEM site variable and click Add. 5. The new mapping rule will be added to the Mapping Rules section of the Webroot integration. You can now import your Webroot Site Key(s) and if a matching variable is found, your corresponding AEM site(s) will be associated with the Webroot Site Key(s). Add or import your Webroot Site Keys In order to be able to create a Webroot security management policy in AEM, you need to add your Webroot Site Key(s) to the Webroot integration. You have two options to do so: add your Site Keys manually or import them. Add your Site Keys manually 1. In the Site Keys section, click Add Webroot Site Key. The Add New Webroot Site Key window will open. © 2016 Autotask Corporation l Page 220 of 487 2. Complete the following fields: Field Description Name Enter a name for the Webroot Site Key. This field has a limit of 255 characters. Description Enter a description for the Webroot Site Key. Site Key Enter your Webroot Site Key. You can obtain it from the Webroot Console. Mapping to AEM Site Click on Manual Mapping to be able to map your selected AEM site (s) to this Webroot Site Key. 3. Click Add. 4. Should you wish to add more than one Webroot Site Key, repeat steps 1-3. Import your Site Keys 1. You can also import your Webroot Site Keys to AEM. Click on Download CSV Template, Download XLS Template or Download XLSX Template to the right of the screen, just above the Site Keys section. 2. Open the downloaded file and add the following information: Name, Description and Site Key. Save your file. 3. The Name field has a limit of 255 characters. 4. Click Import Webroot Site Keys in the AEM Web Portal. Browse your saved file and upload it to the Web Portal. Your Site Key information will now appear on the Integrations page. © 2016 Autotask Corporation l Page 221 of 487 5. You have the option to set one of the Site Keys as default by selecting the Default Site Key radio button. If you no longer wish to use this Site Key by default, click on its radio button and the selection will be cleared. The default Site Key will be used in Webroot security management policies if there is no Site Key associated with the AEM site that the device belongs to. For further information, refer to "Create a Security Management Policy" on page 227. The Number of Devices column displays the number of devices targeted by a Webroot security management policy. Once a device is added to the policy or removed from it (by being removed from the target of the policy or by getting excluded from the policy associations), the device count will increase or decrease accordingly. To edit a Webroot Site Key, click the pencil icon next to it and update the information. You can also update its mapping rule. To delete a Site Key, click the Remove this License Key icon next to it. Deploy Webroot and enable monitoring Now that you have set up the integration, you can use AEM to deploy Webroot to your endpoints. Set up a Security Management Policy to push out Webroot to your devices and to raise alerts and tickets as per the criteria you set in the monitor details. You can create the policy at either account or site level. For further information, refer to "Create a Security Management Policy" on page 227. Use the Webroot security management commands Once you have downloaded Webroot Endpoint Security from the ComStore, the Webroot Run Security Management Command button becomes available in the Action bar on the Devices page in each Managed site. Selecting a device and clicking this button will allow you to perform quick AEM Webroot actions on your device or run Webroot Console commands on it. The results of the Webroot Console commands will be shown in your Webroot Console. 1. Navigate to Sites and open a Managed site associated with a Webroot security management policy. To learn about Webroot policies, refer to "Create a Security Management Policy" on page 227. 2. Click the Devices tab. 3. Select one or more of your devices targeted by the security management policy, and click the Webroot Run Security Management Command button in the action bar. © 2016 Autotask Corporation l Page 222 of 487 4. The following commands will become available: AEM Webroot Actions Activate Security Management Re-activates the site's Webroot security management policy on the selected device(s) either by including the device(s) in the policy target again or by re-activating a disabled policy. This action will only take place if the selected device has previously been targeted by a Webroot policy. Deactivate Security Management Excludes the selected device(s) from the site's Webroot security management policy. Uninstall Security Product Uninstalls Webroot from the device. If Webroot was installed on the device outside of AEM (via an .exe installer) using a password, enter the same password in the Password field once you have selected the Uninstall Security Product command. The password field should be left blank in any other scenarios. © 2016 Autotask Corporation l Page 223 of 487 AEM Webroot Actions Reset Security Status Webroot Resets the security management status on the device and triggers a deployment of Webroot if it's not installed on it. For example, if the installation of Webroot had been unsuccessful on your device through a Webroot policy but you managed to solve the issue on your device in the meantime, running this command will attempt to install Webroot on your device again. Webroot Console Commands Trigger "Agent Poll" Triggers a poll and program update by forcing the device to check in to the cloud. Run a Deep Scan Runs a deep scan on the device. Run Full System Scan Runs a full system scan on the device. Running a full system scan is slower and uses more resources than the default deep scan, therefore, we recommend you run a default deep scan on your device(s). Run Scan With Clean-Up Runs a scan on the device and automatically removes any detected infections. Verify Authenticity of Webroot Services Forces the device to check in to the cloud to see if Webroot services are authentic. Trigger a File Scan Triggers a scan of a specific file or path on the device. Once the command is selected, you can enter the required path name. Enable Realtime Protection Enables real-time protection if the Webroot agent is offline. The selected device needs to be targeted by a Webroot security management policy so that you can run a security management command on it. If a device is targeted by a security management policy, a security status indicator is displayed next to it. Refer to "Check security status indicators" on page 225. 5. Once you have selected a command, click OK and the requested action will be performed. © 2016 Autotask Corporation l Page 224 of 487 Scans performed by the Webroot agent run silently. The Webroot tray icon will not change when a scan is running. Uninstall Webroot To be able to uninstall Webroot from your endpoints, you must ensure the Webroot Endpoint Security Integration is enabled and set up for your account and your endpoints are targeted with a Webroot security management policy. To uninstall Webroot from these devices: 1. Log into your AEM account and navigate to the account or site policy which targets the devices you want to uninstall Webroot from. 2. Remove the required devices from the list of target devices. 3. Make sure that the Uninstall Webroot option is selected in the Security Management Install Options area. 4. Click Save and click Push changes. You can also run the Uninstall Security Product command on your devices. For more information, refer to "Use the Webroot security management commands" on page 222. Check statistics and report After downloading the Webroot component, you will have access to a Webroot report at account and site level. Refer to "Reports at Account Level" on page 412 and "Reports at Site Level" on page 382. To learn how to see information and statistics about your devices with Webroot installed, refer to "Security Management" on page 205. You can also create a custom filter to search for devices with a specific security management status. Refer to "Filters" on page 130 and "Check security status indicators" on page 225. Check security status indicators If a device is targeted by an active Webroot security management policy, various security status indicators may appear next to it. The same icons are displayed in the AEM Managed Anti-Virus Summary section on the "Site Summary" on page 16 and "Account Dashboard" on page 365 pages. Icon Description Installed & Active Not Installed © 2016 Autotask Corporation l Page 225 of 487 Icon Description Installed, not Active Reboot Required Active Threats Needs Update No Valid License In case your device shows this security status, we recommend that you contact Webroot. One device may have more than one security status. In such cases, the highest priority security status will be shown on device list pages. All other security statuses will be hidden under an arrow to the right of the first security status. You can open the list by clicking on the arrow. © 2016 Autotask Corporation l Page 226 of 487 Create a Security Management Policy In order to be able to create a security management policy, you need to configure the Kaspersky Endpoint Security (KES) Integration or the Webroot Endpoint Security Integration. Refer to "Kaspersky Endpoint Security Integration" on page 208 and "Webroot Endpoint Security Integration" on page 218. Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies What is a security management policy? This type of policy is used with the Kaspersky Endpoint Security (KES) Integration and the Webroot Endpoint Security Integration. Once you have set up any of the two integrations for your Autotask Endpoint Management (AEM) account, you can create a security management policy that will allow you to push out Kaspersky or Webroot to your endpoints and raise alerts and tickets as per the criteria set in the monitor details. You can create the policy at account or site level. A device cannot be targeted by two different kinds of security policy. For example, if your device is targeted by a KES policy, it cannot be targeted by a Webroot policy as well. How to... Specify the security management policy details 1. Navigate to Account > Policies or Sites > click on a site name > Policies. 2. Click New account policy... or New site policy.... 3. Enter a policy Name. 4. Under Type, select Security Management Policy. 5. You will now be able to select the Security Product that you want to create the policy for. Select KES or Webroot from the drop-down. You will only see KES and Webroot in the list, if you have configured the integrations. Refer to "Kaspersky Endpoint Security Integration" on page 208 and "Webroot Endpoint Security Integration" on page 218. © 2016 Autotask Corporation l Page 227 of 487 6. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 7. Click Next and you will be presented with the policy details. Add a target To target your devices with the policy: 1. Click on Add a target. 2. Select the required Target type. For information about target types, refer to "Filters" on page 130 and "Groups" on page 142. 3. Choose the required filter(s) or group(s). Filters will present you with a list of the device filters that are in every account and any custom filters you've created yourself. Devices of "unknown" device type will not be targeted by the policy. 4. Click Add. 5. If you want to add more than one target type, repeat steps 1-4. Configure the security management install options In the Security Management Install Options section, you can configure the following options: © 2016 Autotask Corporation l Page 228 of 487 Security product Install options KES • Password - Enter your KES password. If the password entered here is incorrect, the installation will be unsuccessful. Prior to KES version 10.2.4.674 (Windows) and KES version 10.0.0.327b (Mac), you had to specify a password when adding a configuration file on the KES integration page. The password has now been moved from the configuration file and is used during the installation process. All previous configuration file passwords have been migrated to already existing policies. If you have an already existing KES policy, make sure that the policy password matches the password of your existing configuration file. You can request the last used password of your existing configuration file via email from within the policy. Refer to "Configure the security management policy options" on page 230. The password cannot be changed once the policy has been saved. • Uninstall incompatible products - Uninstalls other anti-virus products from the endpoints. • Allow force reboot - Allows automatic restart of the computer if it's required after the installation of the application. • Microsoft exclusions - Allows adding areas that are recommended by Microsoft to the KES exclusions. • Kaspersky Lab Scan exclusions - You can define processes, files, areas on the disk and some threats as excluded objects which can be added to the trusted zone so that they are excluded from the scan. • Kaspersky Security Network - Kaspersky Security Network (KSN) is a special security network that allows users to get additional protection level, applications' reputation data, websites' reputation data, and quick reaction on new threats. • Uninstall KES from the devices that are removed from the list of target devices - If this option is selected, KES will be uninstalled from the devices if they are removed from the policy's target list. Webroot • Webroot Console Group - Allows you to enter a group name or group ID from the Webroot Console so that specific settings can be applied. • Language - Select any of the following languages from the drop-down: English, Japanese, Spanish, French, German, Italian, Dutch, Korean, Simplified Chinese, Brazilian Portuguese, Russian, Turkish, Traditional Chinese. By default the language is set to English. • Proxy Settings - Select any of these settings: No Proxy, Auto Proxy, Manual Settings. By default, it's set to No Proxy. Should you select Manual Settings, you will be required to fill in the following fields: proxy host, proxy port, proxy username, proxy password and proxy authentication (any, basic, digest, negotiate, NTML). • Uninstall Webroot - If this option is selected, Webroot will be removed from the devices if the Webroot policy is removed or the device is removed from the list of targeted devices. If you already have KES or Webroot installed in your environment, the policy will not attempt to install the agent again. It will simply monitor that agent according to the policy you set up. © 2016 Autotask Corporation l Page 229 of 487 In case of previous compatible KES versions where KES was installed without a password, please ensure to manually set your password in KES. It must match the password used in the KES security management policy so that the policy settings can be applied on the targeted device (s). Configure the security management policy options This section is configurable for KES only. Under the Security Management Policy Options section, you need to select: l The KES license you want the device count to go against l The Windows / Mac Configuration File you want to use for the KES deployment If you have an existing KES policy and would like to find out which password was last used for that installation: 1. Open the policy from the policy list at account or site level. 2. Scroll down to the Configuration Files section. 3. Click the Request Password icon next to the configuration file. 4. An email will be sent to the Account Administrator who registered the account. The email will contain a list of devices that have applied the configuration file along with the last password. By clicking on the Manage Licenses and Manage Configuration Files hyperlinks in the Security Management Policy Options area, you will be directed to the KES integration page where you can edit them. Add a monitor When setting up a KES security management policy, a monitor is applied to the policy by default. You can modify the monitor by clicking on the pencil icon , delete it by clicking on the Remove this monitor icon , or you can add further monitors. You can also apply one or more monitors to your Webroot security management policy, and edit or delete them as required. For more information, refer to "Create a monitor" on page 239. Save the policy and push the changes © 2016 Autotask Corporation l Page 230 of 487 Once you have configured your monitor(s), you will be re-directed to the policy details page. Click Save. This will save the changes you made to the policy which will be confirmed through a pop-up window on the top of the page. You will now see your list of policies. Click Push changes next to the newly created policy. The targeted devices will now be notified that a new policy has been applied and you will start to see alerts (as well as receive them via email if you configured that option) for any device that meets the criteria set in the policy. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. The security product will be installed first (if required). The policy will be pushed out after the install. To learn how to view an alert in the Web Portal, refer to "Manage Alerts" on page 346. Edit the policy 1. Locate your policy on the account or site policy list and click on its name. 2. Edit the policy details. 3. Save your policy and push the changes. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. © 2016 Autotask Corporation l Page 231 of 487 Monitors and Policies About Monitors Monitors keep track of attributes, processes and events on devices they are deployed to, and raise an alert when the device is not operating within specified parameters. They can be created on the Device > Monitor tab and applied to a single device, or they can be created at account and site level as part of a monitoring policy, and can target specific filters and groups at either level. SNMP monitors (that is, the monitors available for Managed network devices) can only be applied at device level. For further information, refer to "Monitor a Managed network device" on page 95. ESXi monitors (that is, the monitors available for ESXi devices) can only be applied as part of a policy. For further information, refer to "Create an ESXi Policy" on page 104. Monitors do not run on mobile operating systems at all. Types of monitors Monitors keep track of a great variety of processes, statuses and settings. They fall into one of these groups: Device health monitors Monitor Type Function Operating system Online Status Monitor A device with the Autotask Endpoint Management (AEM) Agent installed normally checks in with the Web Portal every 90 seconds. If it does not (due to a power or network outage, for example), AEM will see this device as offline. This is particularly useful for servers (since they should never really go offline without you knowing about it). In the case of ESXi servers, the monitor waits for the device to come online first. If the device is already online, monitoring will start immediately. If the device is offline, the monitor will only start monitoring the device once it has come online and then gone back offline. Every network node device will try to contact the ESXi host to see if it responds. Windows Mac Linux VMware ESXi CPU Monitor There may be times when your device runs noticeably slower than usual. While there may be a number of reasons for this, one can be the device's high CPU usage. It is normal to have high CPU usage occasionally, but having it for a longer period of time might indicate hardware or software problems or may even be a sign of virus or adware infection. Monitoring your devices' CPU usage may help you proactively address further issues. Windows Mac Linux © 2016 Autotask Corporation l Page 232 of 487 Monitor Type Function Operating system Memory Monitor There may be times when your device gets slower than usual, freezes, fails to start certain programs or even restarts while you are working on it. While there may be a number of reasons for this, one can be a device's high memory usage. To optimize your device's memory performance, you may want to use monitoring which may help you proactively address further issues. Windows Mac Linux Component Monitor Component monitors are scripts that regularly run on your devices and raise an alert if a specific condition is met. You can find and download a number of pre-configured component monitors from the ComStore, covering anti-virus packages, backup systems, CPU temperature, predicted hard drive failures, etc. Refer to "Download a component to your workstation" on page 334. When one of these components is run on a device, it will raise an alert if an issue occurs, for example, if your anti-virus definitions are out of date or if the anti-virus software is not running. You can also create and add your own monitoring scripts to your Component Library if you need to be able to generate alerts based on specific requirements. To learn how to start writing and uploading these scripts to your account, refer to "Create a Custom Component Monitor" on page 338. Windows Mac Linux Process Monitor There may be times when you would want to prevent end users from being able to use certain programs on their devices (e.g. torrent software). In order to have more control over which programs can run on a device, you can set up a process monitor and instruct the Autotask Endpoint Management (AEM) agent to look out for such processes and kill them once an alert is raised. You can also configure the monitor to raise an alert if a process is not running or if it has reached a certain CPU or memory usage. Note that too many unnecessary or unwanted processes can slow down the device, so being able to control the processes that run in the background may help you to improve the overall system performance. Windows Mac Linux Service Monitor Services are applications that operate in the background on your device and while some of these are useful and necessary for the optimal running of a device, you may not need others. Certain third-party applications install their own services but your operating system has its default services as well. In Windows, for example, they can be configured to start at the same time as the operating system does or they can be set to start delayed. Also, if you don't need a particular service, it can be stopped or disabled to run altogether. To ensure that critical services, such as WSUS (Windows Server Update Services) or Exchange are running on your device, the Autotask Endpoint Management (AEM) agent can be instructed to look out for these services and attempt to restart them, should they have stopped. By applying a service monitor, the AEM Agent can also be instructed to stop services or raise an alert if a service has reached a certain CPU or memory usage. Windows © 2016 Autotask Corporation l Page 233 of 487 Monitor Type Function Operating system Event Log Monitor The Windows Event Log is a rich source of information about the health and status of the devices you manage and support. A huge number of operating system features as well as the applications that are running on the device will write to the Event Log whenever they encounter problems. This means that you can see events like virus infections, backup status or even pending hardware failures by looking at specific event log entries. Autotask Endpoint Management (AEM) can be used to monitor the event logs and raise an alert whenever the entries you're particularly interested in are created. Windows Software Monitor With the help of the Autotask Endpoint Management (AEM) agent, you can easily follow whether a certain software package has been installed or uninstalled on your endpoints or if it has changed version. Windows Security Center Monitor Action Center (formerly known as Windows Security Center) checks the security and maintenance settings of your Windows device and displays a notification if it identifies any issues. To find out more about what settings it looks at, refer to Action Center. The Autotask Endpoint Management (AEM) agent can be instructed to monitor whether the Windows Security Center (Action Center) is enabled or disabled on your device. Windows Disk Usage Monitor Low disk space on a device can result in poor performance, applic- Windows ation problems and, eventually, user complaints when they cannot save any more data. If the available space on your hard drive drops below a certain threshold, the device may not be reliable anymore, therefore, it is important to be aware of any disk space issues. File/Folder Size Monitor At times you may find that opening certain files or folders takes too Windows much time and your device slows down or even freezes. While there may be many reasons behind this, it is probably worth checking the size of these files or folders. Keeping your system organized will help you prevent an overflow of data and may also prevent you from running out of disk space. Special purpose monitors © 2016 Autotask Corporation l Page 234 of 487 Monitor Type Function Operating system KES Security Management Monitor You can set up a Kaspersky Endpoint Security (KES) Security Man- Windows agement Monitor if you have downloaded the KES component Mac from the ComStore and have a valid KES license key. Once you have your monitor configured, it will monitor the endpoints that have KES installed and will raise an alert if the criteria set in the monitor details are met. The monitor can alert you if: • KES is not installed • KES is not active (stopped or disabled) • KES agent requires a reboot (not applicable on Mac devices) • Active threats are found (not applicable on Mac devices) • Configuration file deployment has failed • There is no valid KES license • The definition database is not updated for a number of days that you define For further information about KES and how to configure it, refer to "Kaspersky Endpoint Security Integration" on page 208. Webroot Security Management Monitor You can set up a Webroot Security Management Monitor if you have downloaded the Webroot Endpoint Security component from the ComStore and have a valid Webroot Site Key. Once you have your monitor configured, it will monitor the endpoints that have Webroot installed and will raise an alert if the criteria set in the monitor details are met. The monitor can alert you if: • Webroot is not installed • Webroot is not active • Attention and reboot is required • An infection is found • There is no valid Webroot license • The system has been infected for longer than a specific number of hours • The Webroot license is due to expire within a specific number of days Windows Mac For further information about the Webroot integration and how to configure it, refer to "Webroot Endpoint Security Integration" on page 218. Datto Monitor You can set up a Datto Monitor if you have downloaded the Datto Integration component from the ComStore and your AEM account has been integrated with your Datto subscription. Once you have your Datto Monitor configured, it will monitor the endpoints that are protected by your Datto device. Windows For further information about the Datto Integration and how to configure it, refer to "Datto Backup Integration" on page 202. © 2016 Autotask Corporation l Page 235 of 487 Monitor Type Function Operating system SNMP Monitors Offline Monitoring and Network Monitoring are available for Managed network devices only. SNMP monitors are not available to be added to a policy at account or site level. Refer to "Monitor a Managed network device" on page 95. N/A ESXi monitors ESXi monitors are not available at device level. They can only be applied at account and site level as part of an ESXi policy. Monitor Type Function Operating system ESXi CPU Monitor Similarly to the "CPU Monitor" on page 232 available for Windows, Mac and Linux devices, the ESXi CPU Monitor can alert you if your ESXi host has high CPU usage. VMware ESXi ESXi Memory Monitor Similarly to the "Memory Monitor" on page 233 available for Windows, Mac and Linux devices, the ESXI Memory Monitor can alert you if your ESXi host has high memory usage. VMware ESXi ESXi Data Store Monitor Similarly to the "Disk Usage Monitor" on page 234 available for Windows devices, the ESXi Data Store Monitor can alert you if the available space in any of the datastores on an ESXi host drops below a certain threshold. VMware ESXi ESXi Temperature Sensor Monitor This monitor can alert you if the temperature sensors on the ESXi host exceed a certain threshold. VMware ESXi ESXi Fan Monitor This monitor can alert you if the status of any fan unit on any targeted device is other than "normal". VMware ESXi ESXi Disk Health Monitor This monitor can alert you if any disk on any targeted device registers disk health or RAID errors. VMware ESXi ESXi PSU Monitor This monitor can alert you if the status of any power supply on any targeted device is other than "normal". VMware ESXi Managing monitors Monitors can be created and managed in these places: l l l On the Device > Monitor tab > click the Monitors radio button. Monitors created here are directly associated with the selected device, but not with a monitoring policy. Refer to "Manage Monitors" on page 239. When you are creating or editing a monitoring policy. Refer to "Create a Monitoring Policy" on page 256. When you are creating an ESXi policy. Refer to "Create an ESXi Policy" on page 104. © 2016 Autotask Corporation l Page 236 of 487 About Policies Policies are a tool for bulk operations in Endpoint Management. With a policy you can: l Define something you want to do (configure a setting, run a monitor, install a patch or an update) l Define the target devices you want to do it to, using sites, filters and groups l Push any changes immediately or at a predetermined time Policies can be created at account and site level. Account policies are visible at site level as well, and can be enabled or disabled for a specific site. Policies set at site level will not replace account polices but will work in conjunction with them. For information on how to manage policies, refer to "Managing Policies" on page 250. Types of policies The following types of policies can be created: l l l l l l l l l Agent Policies - Agent policies deploy settings to affect the operation and configuration of the Autotask Endpoint Management (AEM) Agent. Refer to "Create an Agent Policy" on page 74. ESXi Policies - ESXi policies allow the user to monitor the performance, datastore, temperature and hardware of ESXi host devices and their guest machines. Refer to "Create an ESXi Policy" on page 104. Monitoring Maintenance Window Policies - Monitoring Maintenance Window Policies allow you to suspend monitoring while doing scheduled maintenance work on your devices. Refer to "Create a Monitoring Maintenance Window Policy" on page 253. Mobile Device Management Policies - Mobile Device Management policies manage restrictions and settings for enrolled iOS mobile devices. Refer to "Create an iOS Mobile Device Management Policy" on page 86. Monitoring Policies - Monitoring policies allow the user to configure what monitors, component or otherwise, are run on the devices targeted with the policy. Refer to "Create a Monitoring Policy" on page 256. Patch Management Policies - Patch management policies allow you to automate the deployment of software patches to the devices you manage. Refer to "Create a Patch Management Policy" on page 160. Power Policies - Power policies allow you to configure the Windows Control Panel > Power Options on all devices that are targeted with this policy. Refer to "Create a Power Policy" on page 261. Security Management Policies - This type of policy is used with the Kaspersky Endpoint Security Integration or the Webroot Endpoint Security Integration. Refer to "Create a Security Management Policy" on page 227. Windows Update Policies - Windows update policies allow you to control the features of the automatic update settings part of Windows Update. Refer to "Create a Windows Update Policy" on page 174. © 2016 Autotask Corporation l Page 237 of 487 l Software Management Policies - Software management policies target your iOS devices with a list of applications that you previously added to your Component Library from the iOS App Store. Refer to "Create a Software Management policy" on page 193. How are polices different from jobs? Jobs deploy components. While some types of policies can also deploy components (monitoring policies), they can also configure many different types of settings. © 2016 Autotask Corporation l Page 238 of 487 Manage Monitors At account and site level, permission to manage Policies. At device level, permission to manage Sites > Monitor. Sites > select a site > Devices > select a device > Monitor > Monitors radio button Sites > select a site > Policies > add or edit a policy > add, edit or delete a monitor Account > Policies > add or edit a policy > add, edit or delete a monitor How to... Create a monitor For information about adding a monitor to a monitoring policy, refer to "Create a Monitoring Policy" on page 256. 1. Open a site and navigate to Devices > select a device > Monitor > Monitors radio button. 2. Scroll to the bottom of the page and click Add a monitor... 3. Select a Monitor Type and click Next. 4. Configure the Monitor Details. Device health and special purpose monitors Monitor Type Trigger Details Online Status Monitor You can choose: • Whether you want to be alerted if the device goes offline or comes online. • How long the device needs to be in either of these states before the alert is raised. (0-60 minutes) When a device is elected as a network node, an Online Status Monitor will automatically be assigned to it. If the device is offline for 5 minutes, the monitor will raise a Critical alert and send a notification to the default email recipients. For more information on network node devices, refer to "Assign a device to be a network node" on page 183. CPU Monitor You can choose: • What the CPU usage threshold should be. (5-100%) • How long the device's CPU usage needs to be above the threshold before the alert is raised. (0-60 minutes) © 2016 Autotask Corporation l Page 239 of 487 Monitor Type Trigger Details Memory Monitor You can choose: • What the memory usage threshold should be. (5-100%) • How long the device's memory usage needs to be above the threshold before the alert is raised. (0-60 minutes) Component Monitor • From the drop-down list, select the component monitor you wish to run. Note that in order for a component monitor to appear in this list, it needs to be added to your Component Library first by downloading it from the ComStore or by creating and adding your own custom component. Refer to "Download a component to your workstation" on page 334 and "Create a Custom Component Monitor" on page 338. • Specify when the component monitor should be run. Note that the criteria in Trigger Details may differ depending on how the component monitor has been configured. Process Monitor • Enter the process name. • Specify whether an alert should be raised if the process is running or not running OR if it has reached a certain CPU or memory usage (5-100%). • Specify how long the process should be in this state before the alert is raised. (060 minutes) • If you want to kill the process if it triggers an alert as per the criteria you specified, select the check box of Attempt to kill the process if it triggers an alert. Note that this check box will only be active if you chose "the process is running / not running" option before. Service Monitor • Enter the service name. • Specify whether an alert should be raised if the service is stopped or running OR if it has reached a certain CPU or memory usage (5-100%). • Specify how long the service should be in this state (0-60 minutes) and how much time after the device has booted (immediately - 60 minutes) before the alert is raised. • If you want to start or stop the service if it triggers an alert as per the criteria you specified, select the check box of Attempt to take remedial action. Note that this check box will only be active if you chose "the service is stopped / running" option before. • If you would not like to be alerted if the service has been disabled, select the check box of Do not alert Service Stopped messages if service has been disabled. © 2016 Autotask Corporation l Page 240 of 487 Monitor Type Trigger Details Event Log Monitor Trigger Details: • Enter the event log name (e.g. Application, System, etc. as shown in the Windows Event Viewer). • Enter the event source name (as shown in the Event Log). Filter Details: Complete at least one of these fields (as shown in the Event Log): • Event Codes: enter one or more Event IDs, e.g. 1 56 5719. For Event ID examples, refer to "Event Log examples" on page 249. • Event Types: enter one or more of the following types: Critical, Error, Warning, Verbose, Information, 'Success Audit', 'Failure Audit'. • Event Descriptions: enter one or more words or phrases enclosed in quotation marks, of which at least one should be present in the Event Message Body. Additionally, use a - in front of a word or phrase to indicate that it should not be present in the message body (e.g. "backup failed" -partial). Use a space between filters of the same category to have the monitor apply an OR between them. For example, entering "failed" "error" in the Event Descriptions category will raise an alert if the event log entry contains either the words failed OR error (or both). Similarly, entering more than one event ID separated by a space (e.g. 1 56 5719) in the Event Codes field will alert if the event log contains any of these event codes. Software Monitor • Enter the name of the software package you want to monitor. Refer to "Enable monitoring of software licenses " on page 108. • Specify whether an alert should be raised if the software is installed / is uninstalled / changes version. Security Center Monitor Select whether the Windows Security Center (Action Center) should be: • Activated • Disabled Note that it is not possible to configure the settings of the Windows Security Center (Action Center) through this monitor. Disk Usage Monitor Select: • The drive you want to monitor. • The threshold that needs to be passed for the alert to be triggered (% disk space used / GB disk space used / GB disk space free). • How long the device's disk usage needs to be in this state before the alert is raised. (0-60 minutes) File / Folder Size Monitor • Select from the drop-down if you want to monitor a file or a folder and enter its full path. • Select from the drop-down if the size of the file or folder should be over or under the set threshold. • Enter the threshold for the file or folder size (MB) that needs to be passed for the alert to be triggered. •Specify how long the file or folder needs to be in this state before the alert is raised. (0-60 minutes) © 2016 Autotask Corporation l Page 241 of 487 Monitor Type Trigger Details KES Security Management Monitor Select any of these options: • KES is not installed • KES is not active (stopped or disabled) • Reboot is required (not applicable on Mac devices) • Active threats have been found (not applicable on Mac devices) • Configuration File deployment has failed • There is no valid license • Alert if database has not been updated for a specific number of days (maximum value: 365 days) Webroot Security Management Monitor Select any of these options: • Webroot is not installed • Webroot is not active • Attention and reboot is required • Alert when an infection is found • No valid license • Alert if the system has been infected for longer than a specific number of hours (maximum value: 168 hours) • Alert if the Webroot license is due to expire within a specific number of days (maximum value: 365 days) Datto Monitor Set the time window to monitor for errors. (1-48 hours) SNMP monitors (only available for Managed network devices and can only be applied at device level) Monitor Type Trigger Details Offline Monitor • Select a Network Node Device that will be performing the monitoring on your network device. Offline monitors will create an alert if the device has been offline for 1 minute. Network Monitor • Select a Network Node Device that will be performing the monitoring on your network device. • After clicking Next, specify the Trigger Details by selecting a Network Monitor Component from the drop-down list. This will provide the threshold for the monitor to raise an alert. Refer to "Download or Create Network Monitor Components" on page 96. • Once you have selected your Network Monitor Component, you will be able to modify its threshold for this specific device only, if necessary. Printer Monitor A Printer Monitor will be enabled automatically on all sites with Managed printers. By default, this monitor will alert you if any issues are reported or consumables go below 25%. The monitor can be modified under the respective site's Policies tab. ESXi monitors (to be applied at account and site level only, as part of an ESXi policy) © 2016 Autotask Corporation l Page 242 of 487 Monitor Type Trigger Details ESXi CPU Monitor You can choose: • What the CPU usage threshold should be. (5-100%) • How long the device's CPU usage needs to be above the threshold before the alert is raised. (0-60 minutes) ESXi Memory Monitor You can choose: • What the memory usage threshold should be. (5-100%) • How long the device's memory usage needs to be above the threshold before the alert is raised. (0-60 minutes) ESXi Data Store Monitor Specify: • The threshold that needs to be passed for the alert to be triggered (% used / GB used / GB free). • How long the datastore needs to be in this state before the alert is raised. (0-60 minutes) ESXi Temperature Sensor Monitor Specify: • The temperature threshold that needs to be passed for the alert to be triggered (Celsius (°C)). • How long the temperature needs to be above the threshold before the alert is raised. (0-60 minutes) ESXi Fan Monitor An alert will be triggered if the status of any fan unit on any targeted device is other than "normal". ESXi Disk Health Monitor An alert will be triggered if any disk on any targeted device registers disk health or RAID errors. This monitor relies on the presence of CIM providers. ESXi servers must have CIM providers installed to provide the information this monitor requires. Devices that do not have CIM providers installed will not raise any alerts. ESXi PSU Monitor An alert will be triggered if the status of any power supply on any targeted device is other than "normal". 5. Configure the Alert Details and Auto-Resolution Details. Field Description Alert Details You can choose the priority of the alert that will be raised: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5 © 2016 Autotask Corporation l Page 243 of 487 Field Description Auto-Resolution Details You can choose when the alert should auto-resolve itself, i.e., if it's no longer triggered for a certain period of time (1 minute - 1 week), it will be resolved automatically. The monitor will then be reset allowing further alerts to be raised. The following monitor types cannot be auto-resolved: Event Log Monitor, Software Monitor, KES Security Management Monitor, Webroot Security Management Monitor, Datto Monitor, SNMP Monitors (Offline Monitor and Network Monitor), ESXi Fan Monitor, ESXi Disk Health Monitor, ESXi PSU Monitor. 6. Click Next. 7. Configure the Response Details, that is, specify what the response should be to a raised alert. Field What to Choose / Enter Run the following component This field is not available for SNMP and ESXi monitors. Select this check box if you want to run a component as a response to the alert, then select the required component from the drop-down menu. If the selected component has been configured with variables, you can override them here. Note that in order for a component to appear in this list, it needs to be marked as a favorite. For further information on how to do that, refer to "Make a component available as a Quick Job" on page 324. © 2016 Autotask Corporation l Page 244 of 487 Field What to Choose / Enter Email the following recipients Select this check box if you want to send out a notification when the alert is raised. • Select Default recipients if you would like to notify the default Mail Recipients set up in Account Settings and "Site Settings" on page 20. • Enter Additional recipients. Add a name, an email address, choose the correct email type (HTML, text or both) and make sure to click Save. You can add more than one additional recipient. The email field only accepts the following characters: a-z, A-Z, 0-9, @, and !#$%&'`*+-|/=?^_{}~. If the Email the following recipients check box is selected but the Default recipients check box is not selected, you must enter and save a name and an email address in the Additional recipients area. • Advanced Options - Enter a string to be used as the Subject Line of the alert email. You can include the following: • [hostname]: hostname of the device • [description]: description of the device • [os]: operating system of the device • [user-defined X]: user-defined field where X is the user-defined field number. Refer to "User-Defined Fields" on page 38. • [lastuser]: last user login name logged into the device • [sitename]: name of the site in which the device resides • [category]: category of the alert raised (e.g. performance, service, process, event log, etc.) • [type]: type of the alert raised (e.g. memory, disk space, etc.) • [alert]: reason for the alert being raised • [ipaddress]: IP address of the LAN card of the device 8. Click Next. © 2016 Autotask Corporation l Page 245 of 487 9. Configure the Ticket Details if you want to create a ticket for this incident in AEM through standalone or advanced integrated ticketing, or in any PSA tool integration you may have configured in your account. For further information, refer to "Alerts and Tickets" on page 345. Tickets are entirely separate from the alert. If you would like to use monitors to raise tickets in a PSA tool, make sure to configure the Ticket Details section. Alerts alone will not be able to synchronize with the PSA tool. Depending on the type of ticketing you use, complete the following fields: Standalone ticketing Field What to Choose New Ticket Select this check box if you want to create a ticket once the alert is raised. Once this check box has been selected, the remaining fields become editable as well. Assigned Resource Select who this ticket should be assigned to. The drop-down lists all the users of your account. Only one user can be selected per monitor. Priority Select the Priority of the ticket to be raised: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5 Ticket Email Notification Select this check box if you want to notify the ticket owner about the ticket via email. Disable Auto-Resolution of Tickets Select this check box if you would like to prevent the raised tickets from being auto-resolved if the alert is resolved. Advanced integrated ticketing Field What to Choose New Ticket Select this check box if you want to create a ticket once the alert is raised. Once this check box has been selected, the remaining fields will become editable as well. Add related ticket note Select this check box to allow the alerts from this monitor to create a related ticket note. This requires the Autotask Integration's global Related Alerts setting to be enabled. To learn how to enable it, refer to Repeating and Related Alerts. The check box will have no impact when the global Related Alerts setting is OFF. The check box will be checked and disabled when the New Ticket check box is not selected. Autotask PSA Alert Ticket Attributes © 2016 Autotask Corporation l Page 246 of 487 Field What to Choose Use the settings of the monitor type Select this check box if you would like to apply the settings configured in the ticketing section of the Autotask Integration. For further information, refer to the Ticket Attributes section in Configure ticket integration. Source, Queue, Issue, Sub-Issue, Work Type If you do not wish to use the settings above, select the required Source, Queue, Issue, Sub-Issue and Work Type from the drop-down lists. The drop-downs list those values that are currently active in Autotask PSA. If the mapped device (that is, the PSA configuration item) has a contact assigned in PSA, that contact will be selected for the alert ticket by default. Use Subject Line from Response Details You can choose any of these options: • Select this check box to use the Subject Line configured in the monitor's Response Details section as the Ticket Title. • Leave the check box unchecked and add a Subject Line to customize the Ticket Title. • Leave the check box unchecked and leave the Subject Line blank to apply a standard (automated) subject line as the Ticket Title. The Ticket Title field in PSA has a limit of 255 characters. If your Subject Line exceeds this limit, it will be cut off in the ticket's Ticket Title field at 255 characters. 10. Click Next. You will be returned to the monitor list for the device or the policy details page (if you are adding the monitor to a policy). There you can add another monitor if you want. The changes will be pushed instantly on single devices if the Agent is online or as soon as it checks in to the platform. In case you are adding the monitor to a policy, the changes first need to be saved and pushed to be applied. Refer to "Create a Monitoring Policy" on page 256. Edit or delete a monitor You can always edit or delete the monitor by locating it on the Device > Monitors list or the Monitoring Policy page by clicking on the pencil icon or the red X . Suspend or unsuspend monitoring If you want to stop alerts from being generated for a specific device altogether, you have two options: Suspend monitoring manually © 2016 Autotask Corporation l Page 247 of 487 1. Locate your device and click the Monitor tab. 2. Select the Monitors radio button in the top right corner. 3. Click Suspend Monitoring. 4. A dialog will open. Click OK to proceed or Cancel to stop the action. It may take a few minutes to suspend monitoring. 5. To reverse the suspension, click Unsuspend Monitoring. It may take a few minutes to unsuspend monitoring. 6. All devices for which monitoring has been suspended manually are listed on the Account > Suspended Devices list and can also be unsuspended there by clicking on the Unsuspend this device icon at the end of the row. Refer to "Suspended Devices" on page 125. Suspend monitoring through a policy A Monitoring Maintenance Window Policy allows you to specify a maintenance window, during which monitoring is suspended on the targeted devices. For further information, refer to "Create a Monitoring Maintenance Window Policy" on page 253. View alerts generated by your monitors To view an alert in the Web Portal and act on the alert information, go to © 2016 Autotask Corporation l Page 248 of 487 l Account > Monitor > Monitor Alerts or l Sites > click on a site > Monitor or l Sites > click on a site > Devices > click on a device > Monitor > Monitor Alerts You can choose to display the alerts as per category, priority and status. Refer to "Manage Alerts" on page 346. Event Log examples Here are a few examples of important events that might be logged to your device's Event Log if something goes wrong. Event ID Definition 6008 Unexpected shutdown. Refer to Microsoft Support. 51 Error writing to disk. It may be worth taking a look as the hard drive may be coming to an end. Refer to Microsoft Support. 17052 SQL error. This is a catch-all SQL error, which will allow you to see where you've got database problems that need investigating. Refer to Microsoft Support. 13568 Journal wrap error. Refer to Microsoft Support. 5 and/or 32 Almost every anti-virus software will write to the event log when it finds an infection. These are the event codes for Symantec AV and Sophos, but the documentation for the anti-virus software you're using should contain the information you need to monitor for, allowing you to see infection incidents before they become wide-scale outbreaks. You can also monitor built-in Windows backups using an Event Log Monitor. For more information, refer to How do I monitor backups using built-in backup tools in Windows? © 2016 Autotask Corporation l Page 249 of 487 Managing Policies Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies Policies can be created at account and site level. Account policies are visible at site level as well, and can be enabled or disabled for a specific site. Policies set at site level will not replace account polices but will work in conjunction with them. For an introduction to policies, refer to "About Policies" on page 237. How to... Manage policies Policies are managed on the Account > Policies and Site > Policies tabs. On the Site > Policies tab, both account policies and site policies (created for the selected site) are displayed. Software management policies can be created and managed by navigating to Account > Manage > Software Management or Sites > select a site > Manage > Software Management. Refer to "iOS Software Management" on page 189. You will see the following columns: © 2016 Autotask Corporation l Page 250 of 487 Column Descriptions Over- This icon only appears if the policy in question is an Account-level patch management policy AND it is overridden at the Site level. At the same time, an Edit Override button becomes available for the ride actpolicy. Refer to "Override Account-level patch policy options at the Site level" on page 167. ive icon Name The name of the policy. Click on the name to edit the policy. Targets Each policy can have one or many targets, which in turn can consist of one or many device filters, device groups and site groups. Type Indicates the type of policy. Refer to "Types of policies" on page 237. Override / Edit Override The Override button only appears if the policy in question is an Account-level patch management policy that is not overridden at the Site level. The Edit Override button only appears if the policy in question is an Account-level patch management policy that is overridden at the Site level. At the same time, an icon Override active will be visible in front of the policy. Refer to "Override Account-level patch policy options at the Site level" on page 167. Push changes... Target icon Click Push changes... to immediately push any policy changes to all devices targeted by the policy. The target icon changes color when changes are being pushed. Clicking on this icon will open a pop-up window to show included and excluded sites and/or devices targeted by the policy. In the case of patch management policies, the icon will Override active be displayed in front of sites that override the Account-level policy options. In the case of Account-level policies, you can filter by Site Exclusions and Site Manually Enabled (for patch management policies these options change to All Sites, Included Sites, and Excluded Sites), and you can also filter by All Devices, Included Devices, and Excluded Devices in the case of both Account- and Site-level policies. You can turn the policy on or off for your sites and devices by toggling the Enabled button to ON or OFF, and you can push the changes by clicking on the Push changes... button. The target icon changes color when changes are being pushed. Enabled for this site Delete A toggle to turn the policy ON or OFF. Hover over a row and click this icon to delete the policy. Add a policy At account level: © 2016 Autotask Corporation l Page 251 of 487 1. Click on the Account tab. 2. Click on Policies. 3. Click on New account policy.... At site level: 1. Click on the Sites tab. 2. Click on the required site name. 3. Click on Policies. 4. Click on New site policy.... The policy details differ for each policy type. Refer to: "Create an Agent Policy" on page 74 "Create an ESXi Policy" on page 104 "Create a Monitoring Maintenance Window Policy" on page 253 "Create an iOS Mobile Device Management Policy" on page 86 "Create a Monitoring Policy" on page 256 "Create a Patch Management Policy" on page 160 "Create a Power Policy" on page 261 "Create a Security Management Policy" on page 227 "Create a Windows Update Policy" on page 174 Edit a policy 1. On the account or site policy list, click on the name of the policy you want to edit. The Update Policy page opens. 2. Make changes to any field except the Policy type field. For field descriptions, refer to the topics on the various policy types. 3. Click Save. 4. Click Push changes on the account or site policy list so that the changes can be applied. Apply a policy to a new device To learn how you can run newly added devices against already existing policies, refer to "Apply Policies to New Devices" on page 265. © 2016 Autotask Corporation l Page 252 of 487 Create a Monitoring Maintenance Window Policy Permission to manage Policies at Account and/or Site level Account > Policies Sites > select a site > Policies What is a Monitoring Maintenance Window Policy? A Monitoring Maintenance Window Policy allows you to suspend monitoring while doing scheduled maintenance work on your devices. l l l During the maintenance window, alerts will be muted for the targeted devices, which allows you to prevent false alerts, for example during a backup. Alerts created during the maintenance window will not create tickets or send email notifications, however, response components will be executed as normal. When the alert condition is still in effect when the maintenance window ends, a new alert will be generated. Monitoring Maintenance Window Policies can be set up in Autotask Endpoint Management (AEM) at both account and site level. Refer to "Add a policy" on page 251. You can also suspend monitoring on individual devices manually. For more information, refer to "Suspend or unsuspend monitoring" on page 247. How to... Specify the policy details for Monitoring Maintenance Window Policy 1. Navigate to Account > Policies or Sites > click on a site name > Policies. 2. Click New account policy... or New site policy.... 3. Give the policy a Name. 4. Under Type, select Monitoring Maintenance Window. 5. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 6. Click Next and you will see the policy details. © 2016 Autotask Corporation l Page 253 of 487 7. Click on Add a target... to target your devices through a specific filter or group. If you want to target more than one filter or group, add another target to the policy. For more information, refer to "Filters" on page 130 and "Groups" on page 142. Devices of "unknown" device type will not be targeted by the policy. 8. Click Add. 9. Configure the Schedule Options: © 2016 Autotask Corporation l Page 254 of 487 Field Description Schedule Click Click to change... to choose when you want the policy to run. In the Schedule window, select one of the following: At selected date and time - The policy will run once at the selected date and time. Daily - The policy will run every day at the time indicated in the Start field. Weekly - The policy will run every week on all selected days at the time indicated in the Start field. Monthly - The policy will run in the selected months on the selected days. Monthly day of week - The policy will run in the selected months on the specified occurrence of the selected days of the week. Yearly - The policy will run on the selected day (1 - 365) each year. Click OK to close the scheduling window. Duration Specify the duration of the maintenance window (0-24 hours, 0-60 minutes). 10. Click Save. 11. Click Push changes next to your new policy to activate it. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. Edit the policy 1. Locate your policy on the account or site policy list and click on its name. 2. Edit the policy details. 3. Save your policy and push the changes. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. © 2016 Autotask Corporation l Page 255 of 487 Create a Monitoring Policy Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies What is a monitor? Monitors keep track of attributes, processes and events on devices they are deployed to, and raise an alert when the device is not operating within specified parameters. They can be created on the Device > Monitor tab and applied to a single device, or they can be set at account and site level as part of a Monitoring Policy, and can target specific filters and groups at either level. SNMP monitors (that is, the monitors available for Managed network devices) can only be applied at device level. For further information, refer to "Monitor a Managed network device" on page 95. What is a monitoring policy? A monitoring policy is a way to apply one or more monitors to multiple devices in a site, group, or filter, or even all devices in your account. Monitoring policies can be set up in the Web Portal at both account and site level. Two monitoring policies are set up by default at account level in every account: one for desktops (Desktop Monitoring, with a filter of All Desktop O/S) and one for servers (Server Monitoring, with a filter of All Server O/S). How to... Specify the policy details for a monitoring policy 1. Navigate to Account > Policies or Sites > click on a site name > Policies. 2. Click New account policy... or New site policy.... 3. Give the policy a Name. 4. Under Type, select Monitoring. © 2016 Autotask Corporation l Page 256 of 487 5. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. 6. Click Next and you will see the policy details. Add a target To target your devices with the policy: 1. Click on Add a target. 2. Select the required Target type. For information about target types, refer to "Filters" on page 130 and "Groups" on page 142. 3. Choose the required filter(s) or group(s). Filters will present you with a list of the device filters that are in every account and any custom filters you've created yourself. Devices of "unknown" device type will not be targeted by the policy. 4. Click Add. 5. If you want to add more than one target type, repeat steps 1-4. Add a monitor 1. Click Add a monitor. The Add a Monitor page will open. 2. Select a Monitor Type. 3. Configure the Monitor Details, Response Details, and Ticket Details. Refer to "Create a monitor" on page 239. © 2016 Autotask Corporation l Page 257 of 487 4. On the last page, click Next. You will return to the policy details page. 5. To add additional monitors for the policy targets, repeat steps 1-4. Save the policy and push the changes 1. Once you are re-directed to the policy details page, click Save. This will save the changes you made to the policy which will be confirmed through a pop-up window on the top of the page. 2. You will now see your list of policies. Click Push changes next to the newly created policy. 3. The targeted devices will now be notified that a new policy has been applied and you will start to see alerts (as well as receive them via email if you configured that option) for any device that meets the criteria set in the policy. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. To learn how to view an alert in the Web Portal, refer to "Manage Alerts" on page 346. Edit the policy 1. Locate your policy on the account or site policy list and click on its name. 2. You can edit the Name, Targets and Monitors of the policy. 3. Once you have finished editing, click Save. The change will be confirmed through a pop-up window on the top of the page. 4. You will now see your list of policies. Click Push changes next to the policy you have modified. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. Export a monitoring policy You can export any of your monitoring policies and share it with other users who can then import these policies into their own AEM account. Refer to "Import a monitoring policy" on page 259. An exported monitoring policy includes the configured monitors, their thresholds and priority settings, however, it will not include the monitors' Response Details, Ticket Details and targets. Please note that the following monitor types will be excluded from the exported policy: © 2016 Autotask Corporation l Page 258 of 487 l Component Monitor l KES Security Management Monitor l Webroot Security Management Monitor l Datto Monitor To export a monitoring policy: 1. Open a monitoring policy. 2. Click the Export Policy button found at the bottom of the page. 3. Your policy will be saved as a .pcy file. The exported file will contain the following information: Field Exported information Monitor details • Name • Monitor type • Trigger details • Alert details • Auto-resolution details Import a monitoring policy If an exported monitoring policy (.pcy file) has been shared with you, you can import it into your own AEM account. An exported monitoring policy includes the configured monitors, their thresholds and priority settings, however, it excludes certain monitor types and details. For further information, refer to "Export a monitoring policy" on page 258. To import a monitoring policy: 1. Go to Account > Policies or Sites > click on a site name > Policies. 2. Click the Import Policy button. 3. Browse to your .pcy file and click Import Policy. 4. You can edit the policy details including Name, Targets and Monitors. 5. Click Save to save your changes and click Push changes... to activate the policy. © 2016 Autotask Corporation l Page 259 of 487 The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. To save time and to make sure you apply best practices, you can also import monitoring policies created by AEM. Refer to "Best Practice Monitoring Policies" on page 260. Best Practice Monitoring Policies You can import AEM's Best Practice Monitoring Policies into your account. These policies include best practices for monitoring the most common platforms and applications, such as Exchange, SQL and IIS. 1. Access the following link: AEM Importable Monitoring Policies. 2. Download any of the policies. 3. Import any of the downloaded policies (.pcy files) into your AEM account. Refer to "Import a monitoring policy" on page 259. © 2016 Autotask Corporation l Page 260 of 487 Create a Power Policy Permission to manage Policies at account and/or site level Account > Policies Sites > select a site > Policies What is a power policy? A power policy in Autotask Endpoint Management (AEM) allows you to control the Power Options in the Windows Control Panel of the devices that are targeted with this policy. This lets you save energy and increases the security of the targeted devices. A power policy allows you to specify the following settings: l l l l Turn off disk after - Turns off the hard disk after it has been idle for the selected time interval (never 300 minutes). Turn off display after - Turns off the display after the machine has been idle for the selected time interval (never - 300 minutes). Standby after - Puts the computer into sleep mode after it has been idle for the selected time interval (never - 300 minutes). Schedule- Allows you to either disable the Schedule feature, or set a time to put the computer into Sleep, Hibernate or Shutdown each day. © 2016 Autotask Corporation l Page 261 of 487 When a power policy is applied to a device, AEM adds a power plan called AEM that is visible under the Power Options on the local device. The policy can be applied at account level to target all devices in your account or at site level to target the devices within one particular site only. Refer to "Add a policy" on page 251. How to... Specify the Power Policy details 1. On the Policy page, click New account policy... or New site policy... 2. Give the policy a Name. 3. Select the type Power. 4. To copy an already existing policy to use it as a template, choose it from the Based on drop-down list. To create a new policy, select New Policy. © 2016 Autotask Corporation l Page 262 of 487 5. Click Next. 6. Click on Add a target... to target your devices through a specific filter or group. If you want to target more than one filter or group, add another target to the policy. For more information, refer to "Filters" on page 130 and "Groups" on page 142. Devices of "unknown" device type will not be targeted by the policy. 7. Click Add. 8. Choose one or more of the Power Policy Options. © 2016 Autotask Corporation l Page 263 of 487 9. Click Save. 10. Click Push changes to activate the policy. The changes will be pushed instantly if the Agent is online or as soon as it checks in to the platform. Once the change has been applied on the Agent, the newly created power plan will be visible under the Power Options on the local device. © 2016 Autotask Corporation l Page 264 of 487 Apply Policies to New Devices When you add a new device to your Autotask Endpoint Management (AEM) account, you want to make sure that your already existing policies will run against it. This topic will discuss the logic that determines how policy memberships get recalculated. Target your device In order for a policy to be applied to any device, the device needs to be part of a filter or group that the policy targets. To learn how to add a device to a filter or group, refer to "Filters" on page 130 and "Groups" on page 142. When do policies get refreshed? l Every 24 hours, at midnight in your timezone l Immediately after you push the policy l Every few minutes if a "reassigned" flag had been set on the device Policies get recalculated every 24 hours, at midnight in your timezone. If any device has been added to or removed from the policy, the new associations will automatically be applied at midnight. You can expedite this process by turning the policy off and then on again and pushing the changes. This will update the policy memberships immediately. For more information on how to do this, refer to "Managing Policies" on page 250. If you add a new device to your account, move a device to another site, or update the device's group membership, the device will be flagged as "reassigned". A job that runs every few minutes will see this flag and perform some basic policy recalculation for the device. The basic policy recalculation is not a full policy refresh, however, it can: l l Remove any site policies that the device had. (Account policies do not get removed when the "reassigned" flag is detected.) Add all the site and account policies to the device where it is part of the filter or group that the policy targets. © 2016 Autotask Corporation l Page 265 of 487 Components and ComStore A component is a prepackaged script or application that can be deployed to a device via the Web Portal. You can download many useful components from the ComStore, an online library of prepacked components and scripts created by Autotask. Component Categories To make searching for components a bit easier, we have grouped them into different categories: l l l l l Applications - The Applications category contains programs such as web browsers and browser plug-ins, Adobe products, Flash players etc., ready to be pushed out to as many endpoints as required. Monitors - The two monitor categories feature device and network monitors for anti-virus, backups, services, processes, and more. Extensions - Extensions provide additional functionality such as custom branding or patch management. Integrations - Integrations enable Autotask Endpoint Management to connect to PSA platforms such as Autotask PSA. Scripts - This area contains scripts for activities such as installing the uVNC mirror drivers, clearing the print spooler, restarting a specific service, hard drive checks and various other useful tools. Where do I find components? l l l l Autotask makes several hundred components available in the ComStore, an online library of prepacked components and scripts. Refer to "Download Components from the ComStore" on page 268. To see a list of available components, refer to "List of components" on page 270. On the Autotask Endpoint Management Community, you will find the Community Component Exchange. You can import these components into your AEM account. Refer to "Import a component into your Web Portal" on page 335. Finally, you can create your own custom components. Refer to "Create or Edit a Component" on page 301. Manage and Deploy Components l l Components that you have downloaded, imported or created yourself are available in your Component Library that you can find by clicking on the Components tab. Refer to "Manage Components" on page 333. One special category of component you can download or create yourself are Device Monitors that are not directly deployed to the devices, but first incorporated into a monitor. Refer to "Create a Custom Component Monitor" on page 338. © 2016 Autotask Corporation l Page 266 of 487 l Components are deployed to devices using either a Scheduled Job, or a Quick Job. Refer to "Deploy Components Using Jobs" on page 319. © 2016 Autotask Corporation l Page 267 of 487 Download Components from the ComStore Permission to view or manage the ComStore ComStore tab Autotask makes hundreds of components available to all customers. The components can be found in an online library called ComStore. © 2016 Autotask Corporation l Page 268 of 487 To make the components available to yourself or other users in your company, you must first add them to your Component Library that can be accessed by clicking on the Components tab. From there you can deploy the components to your endpoints. How to... Search for a component To check whether a specific component is available in the ComStore, enter a name or part of a name into the Search ComStore field and click the button. All matches will be displayed with version and component category information. If you have already downloaded a component, the status is displayed as Added. Icons will indicate Windows or Apple OS. Download a component 1. Search for your component and click on the component icon in the ComStore. A new window will open, with a description of the component. 2. Click Add to my Component Library. © 2016 Autotask Corporation l Page 269 of 487 3. A message will confirm that the component was downloaded successfully. 4. Click OK to close the dialog. The component is now available in your Component Library and can be used in scripts and policies. You can access your Component Library by clicking on the Components tab. The component level of the components downloaded from the ComStore is set to 1 (Basic) by default and it cannot be edited. List of components The following components are currently available in the ComStore: © 2016 Autotask Corporation l Page 270 of 487 Name Description Category 7-Zip [WIN] 7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: • High compression ratio in new 7z format with LZMA compression • Supported packing / unpacking formats: 7z, ZIP, GZIP, BZIP2 and TAR • Supported formats for unpacking only: ARJ, CAB, CHM, CPIO, DEB, DMG, HFS, ISO, LZH, LZMA, MSI, NSIS, RAR, RPM, UDF, WIM, XAR and Z • Compression ratio for ZIP and GZIP formats: 2-10 % better than the ratio provided by PKZip and WinZip • Strong AES-256 encryption in 7z and ZIP formats • Self-extracting capability for 7z format • Integration with Windows Shell • Powerful File Manager • Powerful command line version. Applications Acronis Backup 10/11 Monitor [WIN] This component monitors Acronis Backup 10 and 11. Device Monitors Acronis Backup and Recovery 10 monitor [WIN] This component monitor will check and alert for: Acronis Backup and Recovery 10 not installed/not running, Not backed up in last X days. Check period is configurable when applying the monitor (default period=2 days) Compatible with: Win XP Pro (32/64) Win Vista (32/64) Win 7 (32/64) Svr 2003/2003 R2 (32/64) Svr 2003/2003 R2/2008/2008 R2 (32/64). Device Monitors Acronis Drive Monitor v1.0 [WIN] Acronis Drive Monitor is a free software application developed by Acronis to report on server, workstation and PC hard disk drives. Applications Active Directory Audit (SPLA) [WIN] Active Directory Audit script for AEM. This script counts the number of Active users on a Windows Domain Controller that have logged in in the last 30 days. It will output to STDOUT and store this number in the user-defined fields. Scripts Adobe AIR [MAC] This component will update or install Adobe AIR to the latest version. The Adobe AIR runtime enables you to have your favorite web applications with you all the time. Since applications built for Adobe AIR run on your desktop computer without a web browser, they provide all the convenience of a desktop application. Applications Adobe AIR [WIN] This component will install or update Adobe AIR to the latest version. The Adobe AIR runtime enables you to have your favorite web applications with you all the time. Since applications built for Adobe AIR run on your desktop computer without a web browser, they provide all the convenience of a desktop application. Applications Adobe Flash Player NP/PPAPI [MAC] Adobe Flash Player is the high performance, lightweight, highly expressive client runtime that delivers powerful and consistent user experiences across major operating systems, browsers, mobile phones and devices. Applications Adobe Flash Player [WIN] This component will install or update Adobe Flash Player to the latest version. Adobe Flash Player is the high performance, lightweight, highly expressive client runtime that delivers powerful and consistent user experiences across major operating systems, browsers, mobile phones and devices. Applications © 2016 Autotask Corporation l Page 271 of 487 Name Description Category Adobe Reader [WIN] This component will update or install Adobe Reader to the latest version. Adobe Reader software is the free trusted standard for reliably viewing, printing, and annotating PDF documents. It's the only PDF file viewer that can open and interact with all types of PDF content, including forms and multimedia. Applications Adobe Reader 11.0.11 [MAC] Adobe Reader software is the free trusted standard for reliably viewing, printing, and annotating PDF documents. It's the only PDF file viewer that can open and interact with all types of PDF content, including forms and multimedia. Applications Adobe Reader DC [WIN] This component will update or install Adobe Reader to the latest version. Adobe Reader software is the free trusted standard for reliably viewing, printing, and annotating PDF documents. It's the only PDF file viewer that can open and interact with all types of PDF content, including forms and multimedia. Applications Adobe Reader DC [MAC] Adobe Reader software is the free trusted standard for reliably viewing, printing, and annotating PDF documents. It's the only PDF file viewer that can open and interact with all types of PDF content, including forms and multimedia. Applications Adobe Shockwave 64-Bit [MAC] This component will install or upgrade your Mac to the latest 64-bit version Applications of Adobe Shockwave. Shockwave Player is the web standard for powerful multimedia playback. The Shockwave Player allows you to view interactive web content like games, business presentations, entertainment, and advertisements from your web browser. Agent - Set Logging Level [WIN] This component will set the Agent service logging level via a job. Options are to set to Warnings (basic logging), Errors (error logging) and Verbose (all Agent events logged). For the configuration to take effect, an Agent service restart is needed. This can be also chosen via this component. Note: The job will remain in the 'running' state if you chose to restart the Agent via this component as it will not be able to report the job completing back to the Platform. Scripts Ahsay Backup Monitor (ACB) This component monitors the state of the Ahsay A-Click Backup 7.7.2.0. It will alert when no backup has been made for X days, the product is not installed or the service is not running. Device Monitors Ahsay Backup Monitor (OBM) This component monitors the state of the Ahsay Online Backup Manager 7.7.2.0. It will alert when no backup has been made for X days, the product is not installed or the service is not running. Device Monitors Attix5 Backup Status Monitor This component monitor will monitor the status of the Attix5 Backup solution. Thanks to Redstor/Attix5 for providing this script. Device Monitors Attix5 Pro DL Version 6 Backup Monitor [WIN] This component monitor will check and alert for: Attix5 not installed/not running, Attix5 not backed up in last 24 hours (check period is configurable when applying the monitor). Device Monitors Attix5 Run Backup now This component will start a Backup job for the Attix5 Backup solution. The script works based on display name, and will only run if: A service name match is found, the service has the right files installed to be a valid Backup Pro installation, the service is running and the backup status is idle. Scripts © 2016 Autotask Corporation l Page 272 of 487 Name Description Category AutoIt 3.3.14.1 + SciTE4AutoIt3 15.729.1555.0 [WIN] AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting. It uses a combination of simulated keystrokes, mouse movement and window/control manipulation in order to automate tasks in a way not possible or reliable with other languages (e.g. VBScript and SendKeys). AutoIt is also very small, self-contained and will run on all versions of Windows out-of-the-box with no annoying 'runtimes' required! Includes customized version of SciTE with lots of additional coding tools for AutoIt. Applications Autoruns 12.00 [WIN] Autoruns shows you what programs are configured to run during system Applications bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns goes way beyond the MSConfig utility bundled with Windows. This is a great tool for combating viruses as you can easily find where they are starting up from and prevent them from running at boot time. Autotask Autotask works hard to deliver a best of class integration of PSA and Endpoint Management. This version adds automated device synchronization from AEM to PSA. It keeps your PSA accounts up to date with the latest audit of your customers' environment, and automatically generates Autotask tickets whenever an alert is raised in Endpoint Management. You can also use LiveLinks to initiate a remote support session from directly within a ticket or configuration item. Autotask Endpoint Backup Monitor [MAC] (refer to Autotask Endpoint Backup Integration) This component monitors Autotask Endpoint Backup for problems and Device Monwarnings. The monitor will also use two user-defined-fields to show the cur- itors rent AEB status, backup size and versions. Autotask Endpoint Backup Monitor [WIN] (refer to Autotask Endpoint Backup Integration) This component monitors Autotask Endpoint Backup for problems and Device Monwarnings. The monitor will also use two user-defined-fields to show the cur- itors rent AEB status, backup size and versions. Autotask Endpoint Backup [MAC] (refer to Autotask Endpoint Backup Integration) This component installs or removes the Autotask Endpoint Backup (AEB) Agent on Mac OS. Use an AEB TeamKey to make this installation silent and fully automatic. The TeamKey can be retrieved from the AEB Manager. Applications Autotask Endpoint Backup [WIN] (refer to Autotask Endpoint Backup Integration) This component installs or removes the Autotask Endpoint Backup (AEB) Agent on Windows. An AEB TeamKey allows for a silent, automatic install that configures AEB to use the correct Team and settings. Applications Autotask Workplace Agent Install/Uninstall [WIN] Install or uninstall the Autotask Workplace (AWP) Agent, previously known as Soonr. Initial installs may warrant a device restart, but this is not performed automatically. Applications Integrations © 2016 Autotask Corporation l Page 273 of 487 Name Description Category Autotask Workplace Opportunity Audit Tool [WIN] This component will scan Windows machines for existing FSS solutions and perform a scan for important file types. The summary data is presented per machine. The information can be used to determine the viability of Autotask Workplace in your working environment. This component may incur a brief performance impact as it scans. Scripts Avast! v6 AV Monitor [WIN] This component monitor will check and alert for: Avast! not installed/not run- Device Monning, Out-of-Date Definitions. Compatible with MS Windows XP Pro itors (32/64), Vista (32/64), Windows 7 (32/64). Avira AntiVir v10 Monitor [WIN] This component monitor will check and alert for: Avira not installed/not running, Out-of-Date Definitions. Compatible with MS Windows XP Pro (32/64), Vista (32/64) and Windows 7 (32/64). Device Monitors Backup Assist v5.x Monitor [WIN] This component monitor will check and alert for: Backup Assist 5.x not installed/not running, Not backed up in last X days. Check period is configurable when applying the monitor (default period=2 days) Compatible with Win XP Pro (32/64) Win Vista (32/64) Win 7 (32/64) Svr 2003/2003 R2 (32/64) Svr 2008 (32/64) Svr 2008 R2 (64). Device Monitors Backup Exec 2010 and 2012 job Monitor This component monitors the state of the Backup Exec Backup solution. It will alert when no backup has been made for X hours, the product is not installed or service is not running. The Backup Exec CLI is a requirement for this monitor to work. Device Monitors BareTail Free 3.50a [WIN] BareTail is a handy, freeware log file monitoring application that is the Windows equivalent of the Unix 'tail' utility. Use the context menu option to open and view log files in real-time without having to reload to see the updated entries. Notepad begone! Applications BitDefender Antivirus 2016 This component monitor will check and alert for: BitDefender Antivirus service not running, Out of Date Signatures. Compatible with: Win 7 (32/64), Win 8 (32/64), Win 8.1 (32/64), Win 10 (32/64). Device Monitors Block Internet Explorer From Critical Windows Updates [WIN] Blocks Internet Explorer 7, 8, 9, 10 or 11 from being downloaded automatically by Windows Updates. Has the effect of moving ANY or ALL of these updates from 'Critical' to 'Optional' in the Windows Updates interface. Scripts Bonjour 3.0.0.10 + Bonjour Print Services 2.0.2.0 [WIN] Bonjour, also known as zero-configuration networking, enables automatic discovery of devices and services on a local network using industry standard IP protocols. Bonjour Print Services for Windows lets you discover and configure Bonjour-enabled printers from your Windows computer using the Bonjour Printer Wizard. 32/64 bit versions included. Applications Bonjour 3.0.0.10 [WIN] Bonjour, also known as zero-configuration networking, enables automatic discovery of devices and services on a local network using industry standard IP protocols. 32/64 bit versions included. Applications BullGuard v10 AV Monitor [Server and Workstation] [WIN] This component monitor will check and alert for: Bullguard v10 not installed/not running, Out-of-Date Definitions. Compatible with XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2008 (32/64), Server 2008 R2 (64), SBS 2008 (64). Device Monitors © 2016 Autotask Corporation l Page 274 of 487 Name Description Category Bunker Backup 5.11 Monitor [WIN] This component monitor will check and alert for: Bunker Backup not installed/not running, Bunker Backup not backed up in last 24 hours (check period is configurable when applying the monitor). Device Monitors CA v7 AntiVirus Monitor [WIN] This component monitor will check and alert for: CA v7 not installed/not run- Device Monning, Out-of-Date Definitions. Compatible with XP Pro (32), Vista (32/64), itors Win 7 (32/64). CCleaner 1.09.313 [MAC] While CCleaner has been the most popular PC maintenance tool for over a decade, it is relatively new to the Mac platform. CCleaner is a quick and easy to use program which makes your Mac faster and more secure. CCleaner removes cookies, temporary files and various other unused data that clogs up your operating system. This frees up valuable hard disk space allowing your system to run faster. Removing this data also protects your anonymity meaning you can browse online more securely. CCleaner Slim [WIN] This component will install CCleaner. CCleaner is a freeware system optim- Applications ization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! Note: The slim version does not contain Yahoo Toolbar. CentraSize [WIN] Show folders in order of largest first for selected drive. Designed to find folders that are taking up too much disk space. Similar in operation to the product TreeSize. Powered by Disksum. CentraTrack [WIN] Designed to be run on devices that have been stolen in order to attempt to Scripts locate them. It puts the Agent into 'Stealth Mode' by performing the following actions: Removing the Agent System Tray icon, removing the Agent from Add/Remove Programs, making all Agent application folders protected operating system files (i.e. SuperHidden), removing Agent shortcuts from the start menu, reporting back external IP Address and performing a TRACEROUTE command to try and get ISP information. The Agent will continue to function in the background as usual but not be easily visible to the thief. The process is irreversible so USE WITH CAUTION! CentraTrash [WIN] Scours all drives on the target device for the supplied file extensions and deletes them using the Pseudorandom Overwrite method. This will defeat all software recovery programs and possibly microscopic forensic analysis also. CAUTION: THIS COMPONENT IS EXTREMELY DANGEROUS AND ANY FILES DELETED WILL BE UNRECOVERABLE BY ANY MEANS! Scripts Change user password [WIN] Changes the password for a user specified at execution time. Run on a Domain Controller will change the password for a domain user. Run on a member workstation, stand-alone workstation or stand-alone server will change the password for a local user. Scripts Clean Internet Browser Caches [WIN] Cleans Internet Browser Caches for all users. Supports IE, Firefox, Chrome and Opera. This will not clean internet history or cookies but all cached images and web pages that accumulate while internet browsing. Scripts Applications Scripts © 2016 Autotask Corporation l Page 275 of 487 Name Description Category Clear Packages Folder [WIN] Script to clear all files and folders from the Agent Packages folder minus the current job. This is good for running as a thorough cleanup of your Packages folder. Note: The Packages folder is where all of your components land on the remote device. Scripts Compatibility Pack for the 2007 Office System [WIN] Microsoft Office Compatibility Pack is an add-on for Microsoft Office 2000, Office XP and Office 2003 to open, edit and save Microsoft's newer Word, Excel and Powerpoint formats that were introduced with Office 2007. The tool also adds support to the 2003 versions of Word Viewer, Excel Viewer and Powerpoint Viewer to open DOCX, DOCM, XSLX and PPTX files. This component will install the 'Compatibility Pack for the 2007 Office System' 12.0.6500.5000, apply the 'Microsoft Office Compatibility Pack Service Pack 3' 12.0.6612.1000 and suppresses reboot. Note: Your system may require a reboot to complete installation. Applications Connectwise Integration ConnectWise Integration Integrations CPU Temperature Deploy OpenHardware Monitor application. Can be used in association Monitor - OpenHard- with the 'CPU Temperature Monitor', also available from the ComStore. ware Monitor Installer [WIN] Applications CPU Temperature OpenHardware Monitor application uninstaller. Monitor - OpenHard- Note: Check if the 'CPU Temperature Monitor' is active on any devices ware Monitor Unin- before running this uninstaller. staller [WIN] Scripts CPU Temperature Monitor Log Management Tool [WIN] Script to retrieve or delete the log file created by the CPU Temperature Monitor. Scripts CPU Temperature Monitor [WIN] Monitors your devices' CPU temperatures. Set the threshold with the variable CSTJMAX (Thermal Junction Maximum) Option to log alerts to .txt file and to retrieve these log files using the script component 'CPU Temperature Monitor Log Management Tool' - also available from the ComStore. Note: This monitor should only be set on devices that have had the 'CPU Temperature Monitor - OpenHardwareMonitor Installer' successfully deployed. Device Monitors Create New Administrative User [WIN] Creates a new user and makes them a member of the local administrators group (For Windows). Scripts Create System Restore Point [WIN] On Windows 8 and above, if a restore point was created within the last 24 hours, a new one will not be created by default. You can edit a registry setting to change this. If system restore is disabled, the script will attempt to enable it before creating the restore point. Scripts © 2016 Autotask Corporation l Page 276 of 487 Name Description Category Cute PDF Writer 3.0.0.7 [WIN] CutePDF Writer (formerly CutePDF Printer) is the free version of comApplications mercial PDF creation software. Portable Document Format (PDF) is the de facto standard for the secure and reliable distribution and exchange of electronic documents and forms around the world. CutePDF Writer installs itself as a printer subsystem. This enables virtually any Windows applications (must be able to print) to create professional quality PDF documents - with just a push of a button! Datto Integration Users can add this extension to enable Datto Integration in their account. To disable the feature, simply delete this component from your Component Library. Extensions Defraggler Defrag [WIN] Defrags selected drive using standalone version of Defraggler (df.exe). Note: It does not require installation of Defraggler to function. Scripts Defraggler Slim 2.18.945 [WIN] Defraggler Installer. Most defrag tools only allow you to defrag an entire drive. Defraggler lets you specify one or more files, folders, or the whole drive to de-fragment. Note: This is the Slim version and does not include any additional toolbars or browser installers. Applications Detect Windows and Office keys [WIN] This component will detect Windows and Office license keys used on a device and write them in the STDOUT and User-Defined Fields 9 and 10. Scripts Detect Windows Product Keys [WIN] Finds product keys for the following products: Microsoft Windows, Office, SQL and Exchange. For more information on ProduKey, please visit http://www.nirsoft.net/utils/product_cd_key_viewer.html [Component submitted by customer: Fernand Jonker 21/03/2012] Scripts Disable the Get Win- This component disables the 'Get Windows 10' (GWX) nagware application dows 10 Update and automatic downloader by removing two Windows Updates and enabling a registry key. Scripts Disk Space Monitor [LINUX] Use this component to monitor an attached disk drive for a machine running the Linux agent. Specify drives as 'sdXY', eg 'sda1'. One monitor per drive. Device Monitors Disk Space Monitor [MAC] Use this component to monitor a disk drive's capacity on a Mac running OS X. The monitor will post a warning once a user-set threshold is breached. One monitor per drive. Device Monitors Domain Controller monitor This component runs DCDIAG on your Active Directory Domain Controllers, and will alert if one of the 6 key tests is failed. Device Monitors doPDF 7.3.393 PDF Converter [WIN] Using doPDF you can create PDF files by selecting the 'Print' command from virtually any application. With one click you can convert your Microsoft Excel, Word or PowerPoint documents or your emails and favorite web sites to PDF files. Applications Drive list change monitor This monitor will write the current drive list to User-Defined Field 6, and then alert if the drive list changes (e.g. drives are added or removed). This will allow you to get alerts when a new disk was added or removed. This monitor will not resolve until HKLM\Software\CentraStageScripts\DriveCheck\Current is removed. Device Monitors © 2016 Autotask Corporation l Page 277 of 487 Name Description Category Empty Recycle Bin [WIN] Empties the Recycle Bin for all users. Scripts Eraser 6.0.10.2620 [WIN] Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Applications eScan ISS v11 AntiVirus Monitor [WIN] This component monitor will check and alert for: eScan not installed/not running, Out-of-Date Definitions. Compatible with MS Windows XP Pro (32/64), Vista (32/64) and Windows 7 (32/64). Device Monitors ESET Antivirus v5 Deployment [Linux] ESET Antivirus v5 deployment for Linux. Applications ESET Antivirus v5 Deployment [MAC] ESET Antivirus v5 deployment for Mac OS X. Applications ESET Antivirus v5 Deployment [Server and Workstation] [WIN] ESET Endpoint Antivirus v5 deployment for 32 and 64-bit computers running Windows. Products will be automatically detected and downloaded based on type and architecture (32 or 64-bit). Workstations can use EEA (Endpoint Antivirus) or EES (Endpoint Security) products. Servers are automatically detected and receive EFSW. To override automatic download, copy this component and attach your own installers. You can declare them by stating the filenames using the pre-defined local32 and local64 variables. Applications ESET Antivirus v6 Deployment [Linux] ESET Antivirus v6 deployment for Linux. Applications ESET Antivirus v6 Deployment [MAC] ESET Antivirus v6 deployment for Mac OS X. Applications ESET Antivirus v6 Deployment [Server and Workstation] [WIN] ESET Endpoint Antivirus v6 deployment for 32 and 64-bit computers running Windows. Products will be automatically detected and downloaded based on type and architecture (32 or 64-bit). Workstations can use EEA (Endpoint Antivirus) or EES (Endpoint Security) products. Servers are automatically detected and receive EFSW. To override automatic download, copy this component and attach your own installers. You can declare them by stating the filenames using the pre-defined local32 and local64 variables. Applications ESET NOD32 v4 AV Monitor [Server and Workstation] [WIN] This component monitor will check and alert for: ESET NOD32 v4 not installed/not running, Out-of-Date Definitions. Compatible with: XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2008 (32/64), Server 2008 R2 (64), SBS 2008 (64). Device Monitors ESET v5/6 AV Monitor [Linux] This component monitor will check and alert for: ESET v5 or v6 not installed/not running, Out of Date Definitions. Device Monitors ESET v5/6 AV Monitor [MAC] This component monitor will check and alert for: ESET v5 or v6 not installed/not running, Out of Date Definitions. Device Monitors ESET v5/6 AV Monitor [WIN] This component monitor will check and alert for: ESET v5 or v6 service not running, Out of Date Definitions. Compatible with: XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2008 (32/64), Server 2008 R2 (64), SBS 2008 (64). Device Monitors © 2016 Autotask Corporation l Page 278 of 487 Name Description Category Evernote 5.8.13.8152 [WIN] Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time, from anywhere. Applications Exchange 2007: Information Store File Size Monitor [WIN] Exchange 2007 Monitor. Monitors: Information Store File Size and will generate an alert once the specified limit is exceeded. Prerequisites: • Compatible with Agent version 1506 and above • Exchange 2007 is 64-bit only and this monitor requires the CAGservice.exe to run as a 64-bit process (check Task Manager on the target device) • Ensure that the latest Service Pack (SP3) and subsequent hotfixes have been applied to your Exchange 2007 Server Device Monitors Exchange 2010: Information Store File Size Monitor [WIN] Exchange 2010 Monitor. Monitors: Information Store File Size and will generate an alert once the specified limit is exceeded. Prerequisites: • Compatible with Agent version 1506 and above • Exchange 2010 is 64-bit only and this monitor requires the CAGservice.exe to run as a 64-bit process (check Task Manager on the target device) • Ensure that the latest Service Pack (SP2) and subsequent hotfixes have been applied to your Exchange 2010 Server Device Monitors Exchange Message Queue Length Monitor This monitor will check the Message Queue Length and alert if the specified threshold is exceeded. Compatible with Exchange 2007/2010/2013. Device Monitors Expired Certificates Monitor [WIN] This component will monitor for expired certificates on a Windows machine. If it is due to expire in 30 days, it will generate an alert and provide more details in the alert message. Device Monitors F-Secure Antivirus Monitor This component monitor will check and alert for: F-Secure Antivirus service not running, Out of Date Signatures. Compatible with: Win 7 (32/64), Win 8 (32/64), Win 8.1 (32/64), Win 10 (32/64). Device Monitors FileZilla Client (32/64-bit) [WIN] FileZilla Client is a fast and reliable cross-platform FTP, FTPS and SFTP cli- Applications ent with lots of useful features and an intuitive graphical user interface. FileZilla Client 3.17.0 [MAC] FileZilla Client is a fast and reliable cross-platform FTP, FTPS and SFTP cli- Applications ent with lots of useful features and an intuitive graphical user interface. Fix incorrect CPU reporting on XP and 2003 [WIN] Windows XP or Server 2003 devices can report incorrect CPU information Scripts to the WMI where the Agent collects audit information. The data that is returned indicates that the CPU name is 'Intel Pentium III Xeon' or 'Intel Pentium III' when it may be a 'Core 2 Duo' or a 'Quad core'. (http://support.microsoft.com/kb/953955). This script Component will fix this problem. Note: A reboot is required to complete the installation but automatic reboot is disabled in the installer. The Component will detect the O/S and install the correct version of KB953955. Foxit PDF Reader 5.5.6.218 [WIN] Foxit Reader is a free PDF document viewer, with incredible small size, breezing-fast launch speed and rich feature set. Its core function is compatible with PDF Standard 1.7. Applications © 2016 Autotask Corporation l Page 279 of 487 Name Description Category Foxit PDF Reader 7.2.0.0722 [WIN] Foxit Reader allows you to create, view and print PDFs. The application is noticeably smaller than Adobe's Acrobat software and therefore makes it ideal for those of you who need a powerful program, which doesn't rely heavily upon system resources. Foxit Reader is a completely configurable program. You can change the way your document looks with read mode, reverse view and text viewer options. You can also configure the page to display in many ways; full screen, single page, continuous scrolling, split, two page facing, continuous facing, separate cover page and auto-scroll. Applications Freemake Video Converter 4.1.6.7 [WIN] Freemake freeware program for video converting. Developed as alternative to popular paid software. Free, easy and of high quality are the fundamental principles of Freemake. Convert video to AVI, MP4, WMV, MKV, SWF, 3GP, DVD, MPEG, MP3, iPod, iPhone, PSP, Android, rip and burn DVD, convert online videos directly from 40 plus sites, burn Blu-ray, and upload to YouTube. Compatibility: Windows XP Pro, Vista and 7. Note: Freemake requires .Net Framework 4 to run .This component will check if .Net FW4 is present and if not found it will be installed. Applications G-Data Antivirus Monitor This component monitor will check and alert for: G-Data Antivirus service not running, Out of Date Signatures. Compatible with: Win 7 (32/64), Win 8 (32/64), Win 8.1 (32/64), Win 10 (32/64). Device Monitors GFI Cloud Agent UNINSTALLER [WIN] This component will uninstall all traces of GFI Cloud from the user's computer, along with all software installed by GFI (VIPRE, TeamViewer etc). Independent installations of these software suites should not be affected. This uninstaller is not suitable for GFI MAX. Scripts GFI MAX Agent UNINSTALLER [WIN] This component uninstalls the GFI MAX Agent from a Windows device. Scripts Google Chrome [WIN] This component will install or update Google Chrome to the latest version. Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Applications Google Chrome [MAC] Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Applications Google Drive 1.25.0468.5720 [MAC] Google Drive is a place where you can create, share, collaborate, and keep all of your stuff. Whether you're working with a friend on a joint research project, planning a wedding with your fiance or tracking a budget with roommates, you can do it in Drive. You can upload and access all of your files, including videos, photos, Google Docs, PDFs and beyond. Applications Google Drive 1.25.523.2491 [WIN] Google Drive is a place where you can create, share, collaborate, and keep all of your stuff. Whether you're working with a friend on a joint research project, planning a wedding with your fiance or tracking a budget with roommates, you can do it in Drive. You can upload and access all of your files, including videos, photos, Google Docs, PDFs and beyond. Applications Google Earth 7.1.5.1557 [WIN] Google Earth lets you fly anywhere on Earth to view satellite imagery, maps, terrain, 3D buildings, from galaxies in outer space to the canyons of the ocean. You can explore rich geographical content, save your toured places, and share with others. Applications © 2016 Autotask Corporation l Page 280 of 487 Name Description Category Google SketchUp 8.0.16846 [WIN] Google SketchUp is software that you can use to create 3D models of anything you like. Get started right away. Most people get rolling with SketchUp in just a few minutes. Dozens of video tutorials, an extensive Help Center and a worldwide user community mean that anyone who wants to make 3D models with SketchUp, can. Applications GreenShot 1.2.6.7 [WIN] Greenshot is a light-weight screenshot software tool for Windows with the following key features: • Quickly create screenshots of a selected region, window or fullscreen; you can even capture complete (scrolling) web pages from Internet Explorer. • Easily annotate, highlight or obfuscate parts of the screenshot. • Export the screenshot in various ways: save to file, send to printer, copy to clipboard, attach to e-mail, send Office programs or upload to photo sites like Flickr or Picasa, and others. Applications Hard Drive predicted failure Monitor [WIN] Monitor S.M.A.R.T hard drive information for all local drives using Windows WMI in order to predict a failing drive. Device Monitors IE - Disable or Enable Browser Extensions [WIN] This component will disable or enable Internet Explorer Browsers Extensions. Handy if you want to ensure your users do not run any nasty Toolbars in IE. Scripts Install recommended updates on OSX [MAC] This component will download and install all recommended updates on Apple OSX devices. Scripts Install uVNC Mirror Driver - NOT XP or Server 2003 [WIN] Installs uVNC Mirror Driver on the following Windows operating systems: Vista, 7, Server 2008, Server 2008R2, 8, Server 2012. Installation will abort if an incompatible operating system is found. Also checks for a previous driver installation and aborts if found. Install this on systems you wish to connect to. http://www.uvnc.com Scripts Internet Explorer 11 32-bit for Windows 7 [WIN] Internet Explorer 11 is fast and fluid, and lets your websites shine and perform just like native apps on your PC. Fast and fluid for Windows 7. • Fast: Internet Explorer 11 harnesses the untapped power of your PC, delivering pages full of vivid graphics, smoother video, and interactive content. • Easy: Experience the web the way you want to with pinned sites, built-in Spellcheck, and seamless integration with your PC running Windows 7. • Safer: Improved features like SmartScreen Filter and Tracking Protection let you be more aware of threats to your PC and your privacy. Applications Internet Explorer 11 64-bit for Win7 and Win Svr 2008 R2 SP1 [WIN] Internet Explorer 11 is fast and fluid, and lets your websites shine and perform just like native apps on your PC. Fast and fluid for Windows 7. • Fast: Internet Explorer 11 harnesses the untapped power of your PC, delivering pages full of vivid graphics, smoother video, and interactive content. • Easy: Experience the web the way you want to with pinned sites, built-in Spellcheck, and seamless integration with your PC running Windows 7. • Safer: Improved features like SmartScreen Filter and Tracking Protection let you be more aware of threats to your PC and your privacy. Applications © 2016 Autotask Corporation l Page 281 of 487 Name Description Category IObit Smart Defrag 3.1.0.319 [WIN] Disk fragmentation is generally the main cause of slow and unstable PC performance. IObit SmartDefrag helps defrag your hard drive most efficiently. With 'Install it and forget it' feature, IObit SmartDefrag works automatically and quietly in the background on your PC, keeping your hard disk running at its speediest. Slow down, freeze-ups and crashes will be a thing of the past. IObit SmartDefrag is 100% free for personal, home and small business. Detected by many strictest tests, IObit SmartDefrag is 100% safe and has no spyware / adware. Applications IObit Uninstaller 4.3.0.122 [WIN] IObit Uninstaller helps you uninstall and remove unwanted programs and folders from your computer fast and easily. Where the built-in and sluggish 'Windows Add or Remove Programs' option fails, IObit Uninstaller works as always and picks up the slack. As well as allowing programs to be batch uninstalled, it can also scan the registry for leftover traces and eliminate them. Applications iTunes 12.2.2.25 32-bit [WIN] iTunes is a free application for Mac and PC. It plays all your digital music and video. It syncs content to your iPod, iPhone, and Apple TV and it's an entertainment superstore that stays open 24/7. Organize your music into playlists. Edit file information. Record compact discs. Copy files to an iPod or other digital audio player. Purchase music and videos on the Internet through the built-in iTunes store. Run a visualizer to display graphical effects in time to the music. Encode music into a number of different audio formats. Applications iTunes 12.2.2.25 64-bit [WIN] iTunes is a free application for Mac and PC. It plays all your digital music and video. It syncs content to your iPod, iPhone, and Apple TV and it's an entertainment superstore that stays open 24/7. Organize your music into playlists. Edit file information. Record compact discs. Copy files to an iPod or other digital audio player. Purchase music and videos on the Internet through the built-in iTunes store. Run a visualizer to display graphical effects in time to the music. Encode music into a number of different audio formats. Applications Java - Modify auto update settings [WIN] Script to enable / disable Java auto update by modifying the registry. Scripts Java Runtime Edition 1.6 [WIN] Java software allows you to run applications called 'applets' that are written in the Java programming language. These applets allow you to have a much richer experience online than simply interacting with static HTML pages. Applications Java Runtime Edition 7 [WIN] Java Runtime Edition 7 [MAC] Java Runtime Edition 8 [WIN] Java Runtime Edition 8 [MAC] © 2016 Autotask Corporation l Page 282 of 487 Name Description Category K-Lite Codec Pack 11.36 [WIN] The K-Lite Codec Pack is a collection of DirectShow filters, VFW/ACM codecs and tools. Codecs and DirectShow filters are needed for encoding and decoding audio and video formats. The K-Lite Codec Pack is designed as a user-friendly solution for playing all your audio and movie files. With the K-Lite Codec Pack you should be able to play all the popular audio and video formats and even several less common formats. Applications Kaseya Agent UNINSTALLER [WIN] This component uninstalls the Kaseya Agent from a Windows device. Applications Kaspersky 2011 Internet Security monitor [WIN] This component monitor will check and alert for: Kaspersky 2011 not installed/not running, Out-of-Date Definitions. Compatible with XP Pro (32/64), Vista (32/64), Win 7 (32/64). Device Monitors Kaspersky Endpoint Security Users can add this extension to enable Kaspersky Endpoint Security Integration in their account. To remove it, simply delete it from the Extensions category in your Component Library. Extensions Labtech Agent UNINSTALLER [WIN] This component uninstalls the Labtech Agent from a Windows device. Scripts LogMeIn Agent UNINSTALLER [WIN] This component uninstalls LogMeIn from a Windows device. Scripts Mac OSX 10.7.5 and above BASH Update 1.0 [MAC] Update for Macs running OS X 10.7.5 and above. This update fixes a secur- Applications ity flaw (Shellshock) present in the bash command interpreter present on all OS X systems. http://support.apple.com/kb/HT6495 Note: Post deployment, run the command "bash –version"; a fixed version of BASh will output the string "GNU bash, version 3.2.53(1)". Malwarebytes AntiMalware 1.75.0.1300 [WIN] Malwarebytes' Anti-Malware can detect and remove malware that even the Applications most well known anti-virus and anti-malware applications fail to detect. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. Malwarebytes AntiMalware 2.2.0.1024 [WIN] Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. Applications Malwarebytes AntiMalware [MAC] This component installs Malwarebytes Anti-Malware for Mac. This application can detect and remove malware that even the most well known antivirus and anti-malware applications fail to detect. Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they even start. Applications Maximum file size [WIN] Monitors whether a specified file exceeds a certain size and alerts if detected. Device Monitors McAfee Anti-Virus 14.5 Monitor [WIN] This component monitor will check and alert for: McAfee 14.5 not installed/not running, Out-of-Date Definitions. Compatible with XP Pro (32), Vista (32/64), Win 7 (32/64). Device Monitors © 2016 Autotask Corporation l Page 283 of 487 Name Description Category Memory Audit [MAC] Reports on memory status and type - Mac OSX. Scripts Microsoft .NET Framework 4 Extended 4.0.30319 [WIN] The .NET Framework is Microsoft's comprehensive and consistent programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes. The Microsoft .NET Framework 4 redistributable package installs the .NET Framework runtime and associated files that are required to run and develop applications to target the .NET Framework 4. The .NET Framework 4 works side by side with older Framework versions. Applications that are based on earlier versions of the Framework will continue to run on the version targeted by default. Note: .NET Framework 4 is NOT supported on Windows XP Service Pack 2 or lower. Supported Operating Systems : Windows 7, Windows 7 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 SP1, Windows Vista Service Pack 1, Windows XP Service Pack 3. Applications Microsoft .NET Framework 4.5 [WIN] The .NET Framework is Microsoft's comprehensive and consistent programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes. The Microsoft .NET Framework 4.5 redistributable package installs the .NET Framework runtime and associated files that are required to run and develop applications to target the .NET Framework 4.5. The .NET Framework 4.5 works side by side with older Framework versions. Applications that are based on earlier versions of the Framework will continue to run on the version targeted by default. Note: .NET Framework 4.5 is NOT supported on Windows XP/Server 2003 or lower. Supported Operating Systems : Windows 7 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Vista SP2. Applications Microsoft .NET Framework 4.5.1 [WIN] The .NET Framework is Microsoft's comprehensive and consistent programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes. The Microsoft .NET Framework 4.5.1 redistributable package installs the .NET Framework runtime and associated files that are required to run and develop applications to target the .NET Framework 4.5.1. The .NET Framework 4.5.1 works side by side with older Framework versions. Applications that are based on earlier versions of the Framework will continue to run on the version targeted by default. Note: .NET Framework 4.5.1 is NOT supported on Windows XP/Server 2003 or lower. Supported Operating Systems : Windows 8 Windows 7 SP1, Windows Server 2012, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Vista SP2. Applications © 2016 Autotask Corporation l Page 284 of 487 Name Description Category Microsoft .NET Framework 4.5.2 [WIN] The .NET Framework is Microsoft's comprehensive and consistent programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes. The Microsoft .NET Framework 4.5.2 redistributable package installs the .NET Framework runtime and associated files that are required to run and develop applications to target the .NET Framework 4.5.2. The .NET Framework 4.5.2 works side by side with older Framework versions. Applications that are based on earlier versions of the Framework will continue to run on the version targeted by default. Note: .NET Framework 4.5.2 is NOT supported on Windows XP/Server 2003 or lower. Supported Operating Systems: Windows 8.1, Windows 8, Windows 7 SP1, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Vista SP2. Applications Microsoft .NET Framework 4.6 The .NET Framework is Microsoft's comprehensive and consistent programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes. The Microsoft .NET Framework 4.6 redistributable package installs the .NET Framework runtime and associated files that are required to run and develop applications to target the .NET Framework 4.6 The .NET Framework 4.6 works side by side with older Framework versions. Applications that are based on earlier versions of the Framework will continue to run on the version targeted by default. Note: .NET Framework 4.6 is NOT supported on Windows XP/Server 2003 or lower. Supported Operating Systems: Windows 8, Windows 7 SP1, Windows Server 2012, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Vista SP2. Applications Microsoft .NET Framework Repair Tool v1.2 The Microsoft .NET Framework Repair Tool detects frequently occurring Scripts issues that affect the Microsoft .NET Framework setup or updates. The tool tries to resolve those issues by applying known fixes or by repairing the corrupted installations of the supported .NET Framework versions. Log output is recorded in the StdOut. http://support.microsoft.com/en-gb/kb/2698555 Microsoft Baseline Security Analyzer 2.3 (32-Bit) [WIN] Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Applications Microsoft Baseline Security Analyzer 2.3 (64-Bit) [WIN] Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Applications Microsoft Silverlight 5.1.30317.0 [MAC] Microsoft Silverlight is a programmable web browser plugin that enables features such as animation, vector graphics and audio-video playback so you can experience rich Internet applications. Applications © 2016 Autotask Corporation l Page 285 of 487 Name Description Category Mobile Device Management Add support for iOS and Android devices. Add this extension to enable Mobile Device Management in your account. Before you can enroll any Apple iOS devices, you will need to upload your Apple Push Notification Certificate. Instructions to do this can be found in Account Settings once the extension has been downloaded. You can then send enrollment emails to your devices within every site. To remove this extension simply delete it from the Extensions category in your Component Library. Extensions Modify .ini file [WIN] Modify a specific value in an .ini file. Variables to determine the path, section, key and value to be modified. Scripts Modify Secure Attention Sequence (SAS) [WIN] This registry edit script enables Services and Ease of Access applications to simulate the Secure Attention Sequence (SAS). This is the CTRL+ALT+DELETE screen that appears on the login page in certain environments and can render the VNC service unable to simulate the necessary key presses to log into Windows Vista, 7, 8, Server 2008 and Server 2012. Scripts Monitor Device Movement This component checks external IP address against site variables to detect movement of the device. This can be used to generate a ticket to ensure assets are ultimately billed to the correct Account within Autotask. Requirement: Create two site variables "EXTIP" and "EXTIPALT" and define the primary and if existing, alternate external IP address (i.e. some sites have redundant connections). Device Monitors Monitor for V2 of MSE [WIN] MS Security Essentials v2 AV Monitor This component is to monitor version 2 only of MSE and will check and alert for: MSE not installed/not running, Out-of-Date Definitions. Compatible with XP Pro (32), Vista (32/64), Win 7 (32/64). Device Monitors Monitor System Restore Status [WIN] This component alerts if System Restore is disabled. (Workstations Only). Thanks to Adam Peterson on the AEM community. Device Monitors Mozilla FireFox [MAC] The Web is all about innovation, and Firefox sets the pace with dozens of Applications new features to deliver a faster, more secure and customizable Web browsing experience for all. Mozilla Firefox [WIN] This component will update or install Mozilla Firefox to the latest version. Applications The Web is all about innovation, and Firefox sets the pace with dozens of new features to deliver a faster, more secure and customizable Web browsing experience for all. MS Security Essentials (32-Bit) (Vista/Win 7) 4.6.305 [WIN] Microsoft Security Essentials provides real-time protection for your PC that guards against viruses, spyware, and other malicious software. Applications MS Security Essentials (32-Bit) (XP) 4.4.304 [WIN] Microsoft Security Essentials provides real-time protection for your PC that guards against viruses, spyware, and other malicious software. Applications MS Security Essentials (32-Bit) (XP) 2.1.1116 [WIN] Microsoft Security Essentials provides real-time protection for your PC that guards against viruses, spyware, and other malicious software. Applications © 2016 Autotask Corporation l Page 286 of 487 Name Description Category MS Security Essentials (64-Bit) (Vista/Win 7) 2.1.1116 [WIN] Microsoft Security Essentials provides real-time protection for your PC that guards against viruses, spyware, and other malicious software. Applications MS Security Essentials (64-Bit) (Vista/Win 7) 4.6.305 [WIN] Microsoft Security Essentials provides real-time protection for your PC that guards against viruses, spyware, and other malicious software. Applications N-Able Agent UNINSTALLER [WIN] This component uninstalls the N-Able Agent from a Windows device. Scripts Network Speed Test [WIN] This component will check the current Ping, Upload and Download speeds by checking the connection to a near server. Check the STDOUT for the results. Scripts Network: 3Com Analogue Telephony 'ELBRUS' Device Monitor This monitor supports 3Com NBX devices that use the OIDs standardized in the A3ComNBX MIB. Network Monitors Network: AdTran Network Devices Monitor Network Monitor for AdTran Network Devices. Network Monitors Network: APC Symetra 40K UPS Battery Monitor Network Monitor for American Power Conversion (APC) UPS Model Symetra 40K. Network Monitors Network: Cisco 800 Series Network Monitor for Cisco 800 Series. Network Monitors Network: Cisco Network Device Monitor Generic resource monitor for Cisco Networking Devices. Network Monitors Network: Compaq ProLiant Servers Monitor Network Monitor for Compaq ProLiant Servers. Network Monitors Network: Dell RAID Controller State Monitor Generic State Monitor for Dell RAID Controller Units. Network Monitors Network: Dell Remote Access Card Global Status Monitor Monitor the global status of managed devices with a Dell Remote-Access Card (DRAC) installed. Network Monitors Network: Dell Servers with OpenManage Monitor Network Monitor for Dell Servers with OpenManage. Network Monitors Network: Dell Switch Monitor Generic Monitor for Dell Switches, checking for Fan and Power Supply status. Network Monitors © 2016 Autotask Corporation l Page 287 of 487 Name Description Category Network: Generic APC Management Card Monitor Generic Network Monitor for Management cards installed in American Power Conversion (APC) UPS devices. Network Monitors Network: Generic APC UPS Battery Monitor Generic Monitor for batteries connected to APC UPS Devices. Network Monitors Network: Generic Dell Storage Array (Global) Monitor Global Monitor for Dell Storage Arrays. Network Monitors Network: Generic Dell Storage Battery Monitor Monitor for Dell Storage Unit Batteries. Network Monitors Network: Generic Dell Storage Controller Monitor Monitor for Dell Storage Unit Controllers. Network Monitors Network: Generic Dell Storage Disk Array Monitor Generic Monitor for Disk Arrays in a Dell Storage Unit. Network Monitors Network: Generic FortiGate Firewall Monitor Generic Monitor for FortiGate Firewall Units. Network Monitors Network: HP ProCurve Monitor Generic Resource and Sensor Monitor for HP ProCurve devices. Network Monitors Network: HP ProLiant Fault-Tolerant Power Supplies Monitor Network Monitor for HP ProLiant Fault-Tolerant Power Supplies. Network Monitors Network: HP ProLiant Thermal Sensor Monitor Network Monitor for HP ProLiant Thermal Sensor. Network Monitors Network: HP Server Health Monitor Monitor for HP Server RAID, Fan, Power and Thermal Sensors for HP Network Boxes running Windows and HP Software - HP Management Agents and Monitors the Insight Manager are both supported, as is Systems Management Homepage. The Windows SNMP Service will need to be installed and functional on the device as well. Network: HP-Compaq ProLiant Controller Board Monitor Monitor for CPU Status in HP-Compaq ProLiant Controller Boards. Network: Linux Network Monitor for Linux CPU and RAM. CPU and RAM Monitor Network Monitors Network Monitors © 2016 Autotask Corporation l Page 288 of 487 Name Description Category Network: MiTel 3300 IP Communication Platform (ICP) Monitor Network Monitor for MiTel 3300 IP Communication Platform (ICP). Network Monitors Network: NetApp Monitors for Filesystem status, CPU and system status. Network Monitors Network: NetScreen Generic Firewall Device Monitor Generic Resource Monitor for NetScreen Firewall Devices. Network Monitors Network: OS X SNMP Device Monitor Resource Monitor for Macs running OS X which are outputting System diagnostics via SNMP. Network Monitors Network: RiverBed SteelHead Device Monitor Network Monitor for RiverBed SteelHead Device. Network Monitors Network: Room Alert 11E ID Box Monitor SNMP Monitor for Room Alert 11E ID Box alerts. Network Monitors Norton Anti-Virus v18 (2011) AV Monitor [WIN] Norton Anti-Virus v18 (2011) AV Monitor. This component will check and alert for: AV not installed/ not running, Out of Date. Compatible with MS Windows XP Pro (32), Vista (32/64), Windows 7 (32/64). Device Monitors Norton Internet Security 18.x (2011) Monitor [WIN] Norton Internet Security 18.x (2011) Monitor. This component will check and alert for: AV not installed/ not running, Out of Date. Compatible with MS Windows XP Pro (32), Vista (32/64), Windows 7 (32/64). Device Monitors Norton Online Backup 2.0 Monitor [WIN] This component monitor will check and alert for: Norton Online Backup not installed/not running, Not backed up in last 24 hours (check period is configurable when applying the monitor), Log file flagged words alerts. Compatible with Windows XP Pro (32/64), Windows Vista (32/64), Windows 7 (32/64), Windows Server 2003 (32/64), Windows Server 2003 R2 (32/64), Windows Server 2008 (32/64), Windows Server 2008 R2 (64). Device Monitors Notepad++ 5.9.8 [WIN] Notepad++ is a free source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License. Based on a powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. Applications Notepad++ 6.8.5 [WIN] Notepad++ is a free source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License. Based on a powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. Applications © 2016 Autotask Corporation l Page 289 of 487 Name Description Category Opera 31.0.1889.99 [WIN] Opera is the fastest web browser available, and offers more features than Applications any other browser to let you take advantage of today's Web. Popular features: • Opera Turbo speeds up browsing on slow connections. • Opera Link can synchronize bookmarks with other computers and mobile phones. • Opera Unite makes it easy to share files, photos and music from your computer. All this is just the beginning - there is so much to discover in Opera. Read more at www.opera.com, or just download Opera now and try a better browser for yourself. OSFMount 1.5.1015 [WIN] OSFMount installer. OSFMount allows you to mount local disk image files (bit-for-bit copies of a disk partition) in Windows with a drive letter. OSFMount also supports the creation of RAM disks, basically a disk mounted into RAM. This generally has a large speed benefit over using a hard disk. As such this is useful with applications requiring high speed disk access, such as database applications, games (such as game cache files) and browsers (cache files). A second benefit is security, as the disk contents are not stored on a physical hard disk (but rather in RAM) and on system shutdown the disk contents are not persistent. OSFMount supports mounting images of CDs in .ISO format, which can be useful when a particular CD is used often and the speed of access is important. Applications Paint.NET .ico and .cur file support [WIN] Adds .ico and .cur file support to Paint.NET in the form of a plugin. Note: The full version of Paint.NET must be installed prior to running this component. Applications Paint.NET 3.5.11 (32-Bit) [WIN] Paint.NET is an image and photo manipulation application. Every feature and user interface element was designed to be immediately intuitive and quickly learnable without assistance. In order to handle multiple images easily, Paint.NET uses a tabbed document interface. The tabs display a live thumbnail of the image instead of a text description. This makes navigation very simple and fast. Applications Paint.NET 3.5.11 (64-Bit) [WIN] Paint.NET is an image and photo manipulation application. Every feature and user interface element was designed to be immediately intuitive and quickly learnable without assistance. In order to handle multiple images easily, Paint.NET uses a tabbed document interface. The tabs display a live thumbnail of the image instead of a text description. This makes navigation very simple and fast. Applications Paint.NET 4.0.6 32bit [WIN] Paint.NET is an image and photo manipulation application. Every feature and user interface element was designed to be immediately intuitive and quickly learnable without assistance. In order to handle multiple images easily, Paint.NET uses a tabbed document interface. The tabs display a live thumbnail of the image instead of a text description. This makes navigation very simple and fast. Note: Paint.NET requires Windows 7 SP1 or above and .NET Framework 4.5.x or above. Applications © 2016 Autotask Corporation l Page 290 of 487 Name Description Category Paint.NET 4.0.6 64bit [WIN] Paint.NET is an image and photo manipulation application. Every feature and user interface element was designed to be immediately intuitive and quickly learnable without assistance. In order to handle multiple images easily, Paint.NET uses a tabbed document interface. The tabs display a live thumbnail of the image instead of a text description. This makes navigation very simple and fast. Note: Paint.NET requires Windows 7 SP1 or above and .NET Framework 4.5.x or above. Applications Panda Anti-Virus 2011 Monitor [WIN] This component monitor will check and alert for: Panda Anti-Virus 2011 not installed/not running, Out of Date Definitions. Compatible with: XP Pro (32), Vista (32/64), Win 7 (32/64). Device Monitors Panda Cloud AntiVirus 1.5.x AV Monitor [WIN] This component monitor will check and alert for: Panda 1.5 not installed/not running, Out of Date Definitions. Compatible with: XP Pro (32), Vista (32/64), Win 7 (32/64). Device Monitors PeaZip 5.7.1 (64Bit) [WIN] PeaZip is an open source file and archive manager. It's freeware and free of charge for any use. PeaZip can extract most of archive formats both from Windows and Unix worlds, ranging from mainstream 7Z, RAR, TAR and ZIP to experimental ones like PAQ/LPAQ family. Currently the most powerful compressor available. Applications PeaZip 5.7.1 (32Bit) [WIN] PeaZip is an open source file and archive manager. It's freeware and free of charge for any use. PeaZip can extract most of archive formats both from Windows and Unix worlds, ranging from mainstream 7Z, RAR, TAR and ZIP to experimental ones like PAQ/LPAQ family, currently the most powerful compressor available. Applications Physical Memory Audit [WIN] Script to output a detailed audit of installed physical memory, free memory slots and maximum supported memory. Powered by CPU-Z and useful for determining if a memory upgrade is possible for a given device. Set to trigger a warning using Post-Conditions if both installed memory is less than maximum supported and at least one free memory slot is available. Scripts Picasa 3.9 Build 139.161 [WIN] Picasa is software that helps you instantly find, edit and share all the pictures on your PC. Every time you open Picasa, it automatically locates all your pictures (even the ones you forgot you had) and sorts them into visual albums organized by date with folder names you will recognize. You can drag and drop to arrange your albums and make labels to create new groups. Picasa makes sure your pictures are always organized. Applications Ping Monitor v2 [WIN] Monitors to ping a specified host/IP address 10 times in a row with a 5 second timeout and returns an alert status if no responses are received. Input: Host (String) - Host/IP Address to check for. Input: Name (String) Name of monitor (user defined). Device Monitors Ping Monitor [WIN] Monitors to ping a specified host/IP address 10 times in a row with a 5 second timeout and returns an alert status if failed (70% success - Warning, 50% success - Critical). Device Monitors © 2016 Autotask Corporation l Page 291 of 487 Name Description Category Port Checker [WIN] This Monitor Component will check whether a specified endpoint address has a specified TCP port reachable from the device that the monitor is applied to. An alert will be triggered when the port is unreachable from that device or if the specified host address is not reachable. Note: This monitor should only be set on devices that have had the 'Portqry Installer' component successfully deployed. Device Monitors Portqry Installer [WIN] Deploy Microsoft's 'Portqry.exe' program. Can be used in association with the Port Checker Monitor, also available in the ComStore. Applications Powershell execution policy [WIN] Script to set powershell execution policy to the value set in the input variable policy_level (default = Unrestricted). Scripts Pre-install Splashtop Streamer [MAC] This component will install the Splashtop Remote Control Stream on a MAC OSX Endpoint. By running this component you can make sure the streamer is present at the time you want to connect to the device. It also allows for more flexibility versus the Account Settings page in the system. For example, you can now schedule this process at a convenient time and also use the LanCache functionality. Applications Pre-install Splashtop Streamer [WIN] This component will install the Splashtop Remote Control Stream on a Win- Applications dows Endpoint. By running this component you can make sure the streamer is present at the time you want to connect to the device. It also allows for more flexibility versus the Account Settings page in the system. For example, you can now schedule this process at a convenient time and also use the LanCache functionality. Printer Spooler Clear and Restart [WIN] Script that will stop the Printer Spooler service, clear down any troublesome pending print jobs and then restart the service. Scripts Process Explorer 14.11 [WIN] Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. Applications Process Explorer 15.40 [WIN] Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. Applications Process Explorer 16.02 [WIN] Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work. Applications Process Monitor 3.10 [WIN] Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Applications © 2016 Autotask Corporation l Page 292 of 487 Name Description Category Process started [WIN] Monitor whether a specified process is started and alert if detected. Device Monitors Process stopped [WIN] Monitor whether a specified process is stopped and alert if detected. Device Monitors RDP Critical Vulnerability Update (KB2621440 and KB2667402) This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Script uses Windows Update API to retrieve updates from Windows Update website. Scripts Reboot Device [WIN] Reboot device forcibly with variable timeout. Scripts Reboot FROM Normal Mode TO Safe Mode (with Networking) [WIN] Reboots the device to safe mode with networking. VNC is possible but not RDP. Note: Once your Safe Mode remote session is finished, run the 'Reboot FROM Safe Mode TO Normal Mode' component. Scripts Reboot FROM Safe Mode TO Normal Mode [WIN] Reboots a device to the normal Windows mode. Note: You must use this script to reboot to normal mode only after using the 'Reboot FROM Normal Mode TO Safe Mode' component successfully. Scripts Reboot If Required This component will reboot a machine forcibly if pending from either Microsoft Patching or a Software Installation. For Windows Server 2008+ the script will query the CBS registry key as another factor in determining pending reboot state. Features input variables to configure alerting on Component Based Servicing, Windows Update, SCCM 2012 or Pending File Rename Operations. Scripts Reboot Required Monitor This Component monitor will determine a pending reboot from either Microsoft Patching or a Software Installation. For Windows Server 2008+ the script will query the CBS registry key as another factor in determining pending reboot state. Features input variables to configure alerting on Component Based Servicing, Windows Update, SCCM 2012 or Pending File Rename Operations. Device Monitors Reboot [MAC] This component will reboot a MAC OSX device immediately. This can be useful as a scheduled task. Scripts Recuva 1.51 [WIN] Recuva (pronounced 'recover') is a freeware Windows utility to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. It will even bring back files that have been deleted from your iPod, or by bugs, crashes and viruses! Applications Remove existing VNC installations and reinstall uVNC [WIN] Removes existing versions of RealVNC 3/4, TightVNC 1.3/2.0.x/2.5.x/2.6.x and uVNC and reinstalls uVNC service (1.0.9.5). To be used in situations where installing the Agent is causing problems with existing installations of VNC. Especially ones using the same service name as the Agent (uvnc_ service). Scripts © 2016 Autotask Corporation l Page 293 of 487 Name Description Category Run ad hoc CMD [WIN] Script to run a single line command from Windows CMD to multiple devices at the same time. The Component allows you to specify a single command at schedule time by inputting the command into the Input Variable field. The command will then be run across all targeted devices. Scripts S.M.A.R.T. Hard Drive Check [WIN] Checks hard drive S.M.A.R.T. data for overall hard drive health on all physical drives. Displays an overall PASSED or FAILED result along with detailed information including drive temperature. If the device reports failing health status, this means either that the device has already failed, or that it is predicting its own failure within the next 24 hours. Powered by smartctl.exe from smartmontools. Post-Conditions set to return a warning state if tests fail. Supports up to 26 physical drives. Scripts Safari 5.1.7 [WIN] At one time, web browsers simply got you to the Internet. But from the day it was released, Safari set the bar higher for web browsers. It introduced sophisticated design elements that made browsing a joy. Easy to use, Safari stayed out of your way and let you effortlessly navigate from site to site. Applications Scratch 2 434a Offline Editor [WIN] With Scratch, you can program your own interactive stories, games, and animations - and share your creations with others in the online community. http://scratch.mit.edu Note: Requires Adobe Air Applications Scratch 2 434a Offline Installer [MAC] With Scratch, you can program your own interactive stories, games, and animations - and share your creations with others in the online community. http://scratch.mit.edu Note: Requires Adobe Air. This installer will remove all previous versions as they conflict. Applications Send Message Sends a message in a VBS popup. Make sure to check "Execution: Only run this job when user is logged in" and "Execute when user is logged in". Scripts Server Role Detection This component gets a comprehensive list of installed service roles and writes these to a user-defined field in the following format, delimited by colon. Allows the creation of custom filters by role. ie :SQL:IIS:HyperV:File:Print: Thanks to Alex Bidhendy for this script. Scripts Shockwave 12.2.0.162 [WIN] Shockwave Player is the web standard for powerful multimedia playback. The Shockwave Player allows you to view interactive web content like games, business presentations, entertainment, and advertisements from your web browser. Applications Shockwave Player 11.6.8.638 [WIN] Shockwave Player is the web standard for powerful multimedia playback. The Shockwave Player allows you to view interactive web content like games, business presentations, entertainment, and advertisements from your web browser. Applications Shut-down Device [WIN] Shut-down device forcibly with variable time-out. Applications Silverlight 4.0.60831 [WIN] Microsoft Silverlight is a programmable web browser plugin that enables features such as animation, vector graphics and audio-video playback so you can experience rich Internet applications. Applications © 2016 Autotask Corporation l Page 294 of 487 Name Description Category Silverlight 5.1.40728 [WIN] Microsoft Silverlight is a programmable web browser plugin that enables features such as animation, vector graphics and audio-video playback so you can experience rich Internet applications. Applications Skitch for Windows 2.3.1.163 [WIN] Skitch is a screenshot editing and sharing utility. Skitch permits the user to add shapes and text to an image, and then share it online. Images can also be exported to various image formats. Applications Skype [MAC] Skype is the most popular free voice-over IP and instant messaging service globally. It allows users to text, video and voice call over the internet. Users can also call landlines and mobiles at competitive rates using Skype credit, premium accounts and subscriptions. Skype uses P2P technology to connect users on a multitude of platforms including desktop, mobile and tablet. The call quality (depending on your internet signal) and additional features like conversation history, conference calling and secure file transfer are excellent. Applications Skype [WIN] This component will install or update the latest version of Skype. Skype is software for calling other people on their computers or phones. Download Skype and start calling for free all over the world. The calls have excellent sound quality and are highly secure with end-to-end encryption. You don't even need to configure your firewall or router or any other networking gear. Applications Sophos AV 10.x Monitor [Server and Workstation] [WIN] Check for last successful definition update on Sophos Anti-Virus 10.x. Device Monitors Sophos AV 9.x Mon- This component monitor will check and alert for: Sophos Event Log errors, itor [Server and Sophos not installed/not running, start Sophos services if not running, OutWorkstation] [WIN] of-Date AV Definitions. Compatible with XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2008 (32/64), Server 2008 R2 (64), SBS 2008 (64). Device Monitors Speccy 1.25.674 [WIN] Installer for Speccy 1.20.446. Speccy will give you detailed statistics on every piece of hardware in your computer. Including CPU, Motherboard, RAM, Graphics Cards, Hard Disks, Optical Drives, Audio support. Additionally Speccy adds the temperatures of your different components, so you can easily see if there's a problem! Applications Splashtop Remote Screen Sharing Splashtop is a leading screen share technology that provides a faster and smoother experience than the default VNC. The streamer can be rolled out to all your connected devices, both Windows and Mac, either automatically or on demand. By purchasing this component you are activating an unlimited trial and can start using Splashtop immediately. Your Autotask account manager will be in touch to discuss any applicable subscription costs. Extensions Splashtop Uninstaller [PC][MAC] This script will uninstall the Splashtop Streamer from a target PC or Mac. Note: The platform will re-install the Streamer if the platform has been configured to do so automatically. Scripts © 2016 Autotask Corporation l Page 295 of 487 Name Description Category Stopped Auto-start Services Monitor [WIN] Monitor to check the status of ALL services that have a startup type of Automatic and alert if any are stopped. Also contains the option to attempt to start ALL stopped automatic services. Set to alert if ANY services are found that meet the criteria and contains summary of attempted start result if this option is selected. Note: Problematic services that successfully start may fail shortly afterwards and generate another alert. Problem services, if they cannot be fixed, can be removed from the monitor by setting the startup type to anything other than 'Automatic'. Device Monitors SumatraPDF 3.0 [WIN] Installer for SumatraPDF, the free, simple, easy-to-use PDF reader by Krzysztof Kowalczyk with an incredibly small footprint. Applications Suppress Process [WIN] Monitor whether a specified process is started and alert/terminate process if detected. Device Monitors Symantec AV EndPoint v11 Monitor [Server and Workstation] [WIN] This component monitor will check and alert for: Symantec AV End-Point v11 not installed/not running, Out-of-Date Definitions. Compatible with XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2008 (32/64), Server 2008 R2 (64). Device Monitors Symantec Backup Exec Monitor 20032008 [WIN] This component monitor will check and alert for: Symantec Backup Exec Device Monnot installed/not running, Not backed up in last X days. Check period is con- itors figurable when applying the monitor (default period=2 days). Compatible with Backup Exec 11d : Svr 2003/2003 R2 (32/64), Backup Exec 12.5 : Svr 2003/2003 R2/2008/2008 R2 (32/64), Backup Exec 13 : Svr 2003/2003 R2/2008/2008 R2 (32/64). Synology NAS Mon- Compatible with Synology Diskstations. Make sure SNMP is turned on on itor the Synology device. Network Monitors Telnet Client Enable [WIN] Telnet Client - Enable. By default Windows Vista, Server 2008 /2008 R2 and Windows 7 do not have the Telnet client available. This component will make the Telnet client available from the command-line. Scripts Thunderbird 38.1.0 [WIN] Thunderbird is a great email client from the same people who brought you the Firefox browser. Thunderbird gives you IMAP/POP support, a built-in RSS reader, support for HTML mail, powerful quick search, saved search folders, advanced message filtering, message grouping, labels, return receipts, smart address book LDAP address completion, import tools, and the ability to manage multiple e-mail and newsgroup accounts. Applications Thunderbird 38.2 [MAC] Thunderbird is a great email client from the same people who brought you the Firefox browser. Thunderbird gives you IMAP/POP support, a built-in RSS reader, support for HTML mail, powerful quick search, saved search folders, advanced message filtering, message grouping, labels, return receipts, smart address book LDAP address completion, import tools, and the ability to manage multiple e-mail and newsgroup accounts. Applications Time Machine Monitor [MAC] Monitor to check if Time Machine has performed a backup within a user-set threshold (in minutes). Users will need to have previously configured a backup drive and performed a successful backup to it. The monitor can be configured to instigate a backup if the time threshold is breached. Device Monitors © 2016 Autotask Corporation l Page 296 of 487 Name Description Category Toggle Windows 10 Update Sharing This component will enable / disable the option in Windows 10 to share Windows Updates with other machines in the network. This will reduce network load when installing updates on many Windows 10 machines. Set value to 0 to disable this feature, when set to 2 it will share updates outside of the LAN as well. Scripts TreeSize Free 2.70 [WIN] Every hard disk is too small if you just wait long enough. TreeSize Free tells you where precious space has gone to. TreeSize Free can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. All results can also be drilled down to the file level. Applications TreeSize Free 3.0.1.200 [WIN] Every hard disk is too small if you just wait long enough. TreeSize Free tells you where precious space has gone to. TreeSize Free can be started from the context menu of a folder or drive and shows you the size of this folder, including its subfolders. You can expand this folder in Explorer-like style and you will see the size of every subfolder. All results can also be drilled down to the file level. Applications Trend Micro Titanium 3 AV Monitor [WIN] This component monitor will check and alert for: Trend Micro Titanium 3 not installed/not running, Out-of-Date Definitions. Compatible with XP Pro (32), Vista (32/64), Win 7 (32/64). Device Monitors Trend Micro WFBS 6 AV Monitor [Server and Workstation] [WIN] Trend Worry-Free Business Security v6 AV Monitor This component monitor will check and alert for: Trend WFBS6 not installed/not running, Out-ofDate Definitions. Compatible with XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2003 R2 (32/64), Server 2008 (32/64) Server 2008 R2 (64). Device Monitors Trend Micro WFBS 7 AV Monitor [Server and Workstation] [WIN] Trend Worry-Free Business Security v7 AV Monitor This component monitor will check and alert for: Trend WFBS7 not installed/not running, Out-ofDate Definitions. Compatible with XP Pro (32/64), Vista (32/64), Win 7 (32/64), Server 2003 (32/64), Server 2003 R2 (32/64), Server 2008 (32/64) Server 2008 R2 (64). Device Monitors Uninstall Quicktime [WIN] This component removes Apple Quicktime from Windows devices. Apple has recommended to remove Quicktime from all Windows devices. Quicktime has security problems that won't be patched. Thanks to Simon Morley on the AEM Community. Scripts Uninstall Software Installed via MSI [WIN] This Component searches for MSI based software installations by name using an input variable and uninstall. Uses the PowerShell -like operator. Supports wildcards (*) but will function as 'equals' if none are included. Use wildcards either side of string to function as 'contains'. Must be at least 3 alphanumeric characters when 'Uninstall' is set to 'True'. Scripts Uninstall Windows Update by KB number This component will uninstall Windows Updates and Security Patches for Windows 7 and Windows 8 ONLY. Note: Uninstalling Windows update can seriously harm a system. Thanks to Brandon Phipps on the AEM Community. Scripts USB - Disable or Enable USB Storage [WIN] This component will disable or enable the USB storage function on the targeted device(s) while keeping all other USB functionality working (e.g. keyboards, mice etc.). Compatible with Windows 7 and above. Applications © 2016 Autotask Corporation l Page 297 of 487 Name Description Category Veeam Backup & Replication Monitor Monitoring of Veeam Backup and Replication for VMware vSphere and Hyper-V. Device Monitors Vipre Anti-Virus 4 and 5 Monitor [WIN] For Vipre AV versions 4 (2011) and 5 (2012). This component monitor will check and alert for: Vipre Anti-Virus not installed/not running, Out-of-Date Definitions. Compatible with Windows XP Pro (32/64), Vista (32/64), Windows 7 (32/64). Device Monitors VLC 2.2.1 [MAC] VLC is a free and open source cross-platform multimedia player and frame- Applications work that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols. VLC Media Player 2.1.5 (No file associations) [WIN] VLC is a free and open source cross-platform multimedia player and frame- Applications work that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols. Modified installer to ignore setting file associations. VLC Media Player 2.1.5 [WIN] VLC is a free and open source cross-platform multimedia player and frame- Applications work that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols. Wake-On-Lan all discovered devices This component looks at the Discovered Devices list that's available on an Agent that's running the Network Node with Scanning function. It will select all Windows device, and sends the MAC address of these devices the Wake-On-Lan Command. Scripts Warranty audit for HP, DELL and Lenovo [WIN] Warranty checker script for AEM. This script will check Dell, Lenovo and HP websites for Warranty Expiration dates; it will output to STDOUT and store this date in the AEM user-defined fields. Scripts Webroot Endpoint Security Business users can download this extension to enable Webroot Endpoint Security Integration in their account. To remove it, simply delete it from the Extensions category in your Component Library. Extensions WinDirStat 1.1.2 [WIN] WinDirStat is a disk usage statistics viewer and cleanup tool for various ver- Applications sions of Microsoft Windows. Windows Server Backup Monitor [WIN] VBScript to monitor Windows Server Backup for completed backups with Device Monerrors and the absence of a completed backup. Input variables can omit itors days of the week where backups are not taking place. Compatible with Windows Server 2008, SBS 2008, 2008 R2, SBS 2011, 2012, 2012R2. 32 and 64-bit architecture supported. Windows Update Bugfix Rollup for Windows 7 SP1 x86 This component installs Windows Updates KB3102810, KB3145739, KB3138612 and KB3172605 to introduce a collaborative improvement to Windows Update patch scanning performance. Endpoints will require two reboots to finalise. Not intended for use on Local Caches. Refer to Why are Windows 7 SP1 devices taking so long to download updates and therefore taking a long time to audit?. Applications Windows Update Bugfix Rollup for Windows 7 SP1 x64 This component installs Windows Updates KB3102810, KB3145739, KB3138612 and KB3172605 to introduce a collaborative improvement to Windows Update patch scanning performance. Endpoints will require two reboots to finalise. Not intended for use on Local Caches. Refer to Why are Windows 7 SP1 devices taking so long to download updates and therefore taking a long time to audit?. Applications © 2016 Autotask Corporation l Page 298 of 487 Name Description Category Windows Update History This component retrieves the Windows Update history from a machine. Look at the STDout of this script to see the details. Scripts WinHTTP Proxy (Add) - v2 [WIN] This component will add a system level proxy setting on the target device. The Microsoft Windows Update client requires Microsoft Windows HTTP Services (WinHTTP) to scan for available updates. Microsoft Windows HTTP Services run independently of Microsoft Internet Explorer and cannot auto detect proxy settings that may have been set from within a user account. Please see http://support.microsoft.com/kb/900935 for further details. This is v2 of the 'WinHTTP Proxy (Add)' component and adds full support for 64-bit Operating Systems. Scripts WinHTTP Proxy (Remove) - v2 This component will remove a system level proxy setting on the target device. The Microsoft Windows Update client requires Microsoft Windows HTTP Services (WinHTTP) to scan for available updates. Microsoft Windows HTTP Services run independently of Microsoft Internet Explorer and cannot auto detect proxy settings that may have been set from within a user account. Please see http://support.microsoft.com/kb/900935 for further details. This is v2 of the 'WinHTTP Proxy (Add)' component and adds full support for 64-bit Operating Systems. Scripts Zendesk Business users can add this extension to enable Zendesk in their account. To remove it, simply delete it from the Extensions category in your Component Library. Extensions ZoomIT 4.50 [WIN] ZoomIt is a screen zoom and annotation tool from SysInternals for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. ZoomIt works on all versions of Windows and you can use pen input for ZoomIt drawing on tablet PC. Applications Check for updates Components available in the ComStore are regularly updated. To stay current with the changes, be notified of new components, and be able to provide better management of third-party software, you can opt into a Component Update Digest email notification that is sent to your mailbox once every week (there is no "set time" for the emails). The email will list: l Available updates for the components you already possess in your Component Library l New components that have been added to the ComStore The Component Update Digest is simply a summary of the updates made available since the last notification email, and it does not take into account whether you have already updated/downloaded the component(s) in question. For information on how to opt into or out of the Component Update Digest notification, refer to the Email Recipients section of Account Settings. © 2016 Autotask Corporation l Page 299 of 487 To opt out of the digest, you can also click on the unsubscribe link in the email notification, and you will be directed to the Account Settings page. To update your components: 1. If an update is available for a component, you can view it by clicking on Check for Updates on the left-hand side of the ComStore page. 2. Click Update All to download all available updates, or click Get Update to update an individual component. Request a component If you haven't found the component you were looking for, you can send a request to AEM. 1. Click Request Component. 2. Add a Subject and your Message. 3. Click Send. Download an iOS app You can download iOS apps from the App Store by clicking on Add iOS app. For further information, refer to "Download iOS apps" on page 191. © 2016 Autotask Corporation l Page 300 of 487 Create or Edit a Component Permission to manage Components and to view Sites Components tab In addition to and downloading a component from your Components list, you can create components yourself and share them with other users. A typical component contains a script, written in one of several available languages, and may also contain a program to install or an executable to run. This functionality guarantees that administrators have complete control over the technology they supervise. How to... Create a component 1. Click the Components tab. 2. In the top left corner, click New Component. 3. Select a Category: Applications, Device Monitors, Network Monitors, Scripts. 4. Enter a Name and a Description. 5. Click Save. The Component page will open. 6. If you have chosen the category Network Monitors, follow this guide: "Create a network monitor component" on page 97. If you have chosen any other category, then populate the following fields: Name Favorite Description (available for the categories Applications and Scripts) Copy Makes this component available to be used in Quick Jobs. Refer to "Make a component available as a Quick Job" on page 324. Opens a confirmation dialog. Click OK to create a copy of the component. General © 2016 Autotask Corporation l Page 301 of 487 Name Description Category Displays selection made on the previous page. Change Image Click to select a different image for this component. Name Displays the name entered on the previous page, but can be edited. Description Displays the description entered on the previous page, but can be edited. This should contain a description of what will happen when the component is run. ID The unique identifier of the new component. Component Level Specifies which users can access this component. Refer to Users. The component level of custom components can be set to 1 (Basic), 2 (Low), 3 (Medium), 4 (High) and 5 (Super). Created The date and time the component was created in UTC, and the name of the creator. Modified The date and time the component was last modified. Sites Sites radio button If All sites is selected, the component can be deployed to devices belonging to any site. If Selected sites is selected, you can select the sites this component can be deployed to. Use the Search field above either the Include or Exclude column to search for your sites. As you type, the search results are narrowed to match your search string. By default, all sites are initially excluded. Refer to "Map components to specific sites" on page 336. Commands / Script © 2016 Autotask Corporation l Page 302 of 487 Name Description Install command/Script Select the scripting language you want to use from the dropdown. For an overview of scripting, refer to "Scripting" on page 306. Expand/Collapse Changes the size of the Install command text box. Text field Enter the install command (the script) into the text box. Timeout this script if not completed within: Allows you to set the maximum amount of time, in seconds, until the script will time out. This component requires site credentials If installing this component requires a username and password that is unique for each site, checking this setting will allow AEM to use the cached credentials that you previously entered in your Site > Settings tab. Refer to "Credentials" on page 24. This is useful if you’re running the component on multiple sites that each need different credentials, because you can specify the credentials beforehand for 10 different sites, then just run the component once against 10 different sites at the same time. Files (available for the categories Applications and Scripts) Add File Click Add file... to browse to the installer file and select it. The file will be uploaded and shown on the list. Click the Delete icon to remove it, if necessary. Refer to "Attached Files" on page 308. Variables © 2016 Autotask Corporation l Page 303 of 487 Name Description Input variables Click the plus icon to the right to open the Add Input Variable dialog. Input variables allow you to determine certain parameters at runtime, so you don't have to have them hard coded in the script itself. Moreover, input variables allow you to re-use a single component to carry out multiple tasks. You can add multiple variables, and they can be edited and deleted. Add the following details: Name, Type (Variable Value/Date/Boolean), Default value, Description. Refer to "Using Variables" on page 308. Output data (available for the category Device Monitors) You need to let AEM know what variable name you're using to capture the output. Click the plus icon to the right to open the Add Output Variable dialog. You can add multiple variables, and they can be edited and deleted. Add the following details: Name, Type (String/Number/Timestamp/Boolean/Blob), Description. For more information, refer to "Create a Custom Component Monitor" on page 338. © 2016 Autotask Corporation l Page 304 of 487 Name Description Post-Conditions (available for the categories Applications and Scripts) Warning Text This function will look at the output (Standard Output Stream and/or the Standard Error Stream) from a script you have run and alert if a specific text string is either found or not found. Refer to "Post-Conditions" on page 309. 7. Click Save. The component will now be added to the Component List. Edit a component Custom components and components that are copies of components downloaded from the ComStore can be edited. For components that can be edited, the name appears as a hyperlink. 1. Click the Components tab. 2. Click on a component name that appears as a hyperlink. 3. Edit the fields as required. For field descriptions, refer to "Create a component" on page 301. 4. When you have finished editing the component, click Save. © 2016 Autotask Corporation l Page 305 of 487 Scripting AEM contains powerful functionality that allows users to create and share components (bundles of code, data and even applications) that can be executed across multiple devices. A typical component contains a script, written in one of several available languages, and may also contain a program to install or an executable to run. This functionality guarantees that administrators have complete control over the technology they supervise. Scripting Languages A scripting language is a programming language that supports scripts, programs written for a special run-time environment that can interpret (rather than compile) and automate the execution of tasks that could alternatively be executed one-by-one by a human operator. AEM supports the following scripting languages, which allow you to develop scripts that can be run across a wide range of devices and operating systems: l Batch l Unix (Bash) l VBScript l JavaScript l PowerShell l Python Supported versions: Windows: Python 2.x. Note that Python 2 MSI should be installed for all users or the C:\Python27\ value doesn’t end up in the PATH System Environment Variable and AEM cannot find the Python interpreter. Mac: AEM will only use the Python interpreter that comes pre-installed with OS X as of version 1.8 (Mountain Lion). l Ruby l Groovy We will discuss the three most widely used scripting languages from that list. © 2016 Autotask Corporation l Page 306 of 487 Windows user account permissions By default, all scripts are executed in the Windows LocalSystem Account (otherwise known as NT AUTHORITY\SYSTEM). This has the advantage of running with extensive privileges on the local endpoint, and script execution is possible even if nobody is logged on or the logged on user has Limited User rights. Points of note for the LocalSystem Account: l Does not have a visible desktop, so any windows generated will be hidden. l Does not have a virtual keyboard or mouse, so no macro-based automation is possible. l Does not have a password, so no network authentication is possible. l Does not have access to resources defined per user, such as mapped network drives. Quick Jobs always run in the LocalSystem Account but it is possible to force the execution of a script to run in the context of the local logged on user by opting to a Scheduled Job and using the advanced options under Execution. Refer to "Execution" on page 322. How to... Generate a Batch script (Windows) About Batch Scripts Batch is the most compatible and widely-used scripting language across Windows systems. Although it has been around since MS-DOS times, the syntax and certain commands have remained much the same. A batch file is a kind of script file in DOS, OS/2 and Windows. It consists of a series of commands to be executed by the command line interpreter, stored in a plain text file. It is typically created by using a text editor such as Notepad or a word processor in text mode, and then saving it with a .bat extension. The script could be as simple as a single line, or a more complex process involving loops and subroutines. Generally, scripts that can be run locally can also be executed via AEM, on multiple devices, either one time or on a recurring schedule. Here is an example: @ECHO off ECHO Good Morning, Dave! PAUSE When executed, the following is displayed: © 2016 Autotask Corporation l Page 307 of 487 Good Morning, Dave! Press any key to continue . . . To input a command in batch format, there are no special considerations – your scripts will not require a header to begin the script, and you are not required to precede execution of your script with any special steps. If you have a batch script prepared, simply paste it into the Install command text box. Using Variables Batch scripts support the use of Windows environment variables (such as %username%, or %logonserver%), as well as variables you define yourself in the script. You can define your temporary environment variables using the Variables section of the Component page. The user running this script will receive a prompt to use the default value for the variable when running the script, or to enter a different value. In the above screenshot, we created an input variable called "FileName", with a default value of "Test.txt". When we create a component monitor, for instance, we can specify the value that the component monitor should be set to when it runs: Attached Files Files that have been attached to the component using the file attachment fields beneath the script edit-box can be referenced directly. For example, if your component was to install the Windows Installer file install.msi, your code might look like this: Get-Content file.txt@echo off msiexec /i install.msi © 2016 Autotask Corporation l Page 308 of 487 echo Product Installed Successfully exit The file install.msi can be referred to without hard links, because the command shell is being launched from the same directory that contains the executable. Some users might question the use of the command @echo off which precedes the main script. This function hides the commands being executed from the output, so an end-user, or administrator looking through script output using AEM’s StdOut/StdErr viewer won’t see the codes the command shell is running, only the output from them. It's not necessary to include this in any scripts you run, but it does keep the output looking a bit neater. Post-Conditions Its also possible to set up conditions to look for certain text output strings and alert the user if they appear using the Warning Text function at the bottom of the page. This function will look at the output from a script the user has run and generate an alert if anything from the output matches a criteria the user has defined. If you place the string “ERROR:” (note that it is case-sensitive) into the field, then run the script, AEM will spool through the command’s output and, if a string containing “ERROR:” is found, a warning is posted. These warnings appear as an orange status box (as opposed to the traditional green for success and red for failure) and the caption “Warning” on the Jobs page of the Web Portal. Please note that AEM spools through the output of the command, and not the script. The virtue of such a system is in its extensibility; by setting a post-condition looking for the string "ERROR:", a user is able to place conditions in the script (presumably using the if function) and echo out the string "ERROR: " only in cases where an error occurs in the script. Administrators who take advantage of this intelligent output analysis when writing their scripts will receive notifications instantly when a script error occurs, instead of being forced to check command outputs for each execution. Generate a PowerShell script (Windows) PowerShell is Microsoft's answer to the highly-adaptable terminal systems offered by *nix operating systems. © 2016 Autotask Corporation l Page 309 of 487 More extensive than Batch, it is constantly being developed and revised by Microsoft engineers (and 3rd parties) with modern computing tasks in mind. AEM offer support for this new platform, assuming that PowerShell is installed on the users' computers - in other words, if PowerShell isn't installed on a device, you're not going to be able to run PowerShell scripts on it. Much like Batch, the scripts launched from any PowerShell command prompt are launched from the package directory of the respective script. This directory is produced by the agent and typically contains the script itself – PowerShell scripts typically have a .ps1 extension – along with simple metadata and any files the user has attached. Because of this, to refer to a file that has been attached to a component, no hardlinks are required, and the file can be referred to without any need to change directories. If you are writing a script to type the contents of attached document file.txt so it can be read in StdOut, for example, your script would look like this: Get-Content file.txt You do not have to precede your commands with anything; however, lines in PowerShell scripts can be commented out by preceding them with a hash (#) character. Using Variables You can also define external variables and refer to them in the script using the $ENV: command. Example: $Env:windir will return the path and directory Windows is installed in. Security This is very important! PowerShell is a more powerful scripting solution than Batch and has stronger security features. By default, all Windows machines have the PowerShell execution policy set to Restricted, and this explicitly blocks the execution of such scripts. Moreover, this policy is reset following a reboot. © 2016 Autotask Corporation l Page 310 of 487 To run PowerShell scripts, you must therefore bypass this policy. You can download a component from the ComStore called PowerShell execution policy bypass. You must run this on all computers before you can run any PowerShell scripts. To increase security, we recommend running the same script with the policy set to “Restricted" (case-sensitive) to re-instate the policy after all PowerShell scripts have been run. Generate a Bash script (Unix/OS X) Unix (which includes Linux, as well as a number of other related systems) is less an operating system in and of itself and more a framework built to a set of rigorous standards (“POSIX") from which many compatible forks and projects have been started. Although inconsistencies do exist between *nix projects (referred to in GNU/Linux terminology as “distributions" or “distros"), the scripting technology typically utilized is surprisingly compatible. OS X is itself based on one of these Unix projects (BSD), and as such we can use Unix scripting to run scripts and deployments to OS X devices. AEM provides an agent and scripting capabilities for the *nix-based OS X and various Linux versions. For further information, refer to Supported Operating Systems and Requirements for the Agent. You may be reading this after being sent here via a link in the script creation window of the web portal; the appearance of this link was a conscious decision by AEM to ensure users are fully current with the AEM *nix scripting system before proceeding to use it. After you select Unix from the Install command drop-down menu, a line of code will appear in the script field. #!/bin/bash This line has been included for your convenience. As part of AEM's functionality, this line – an operation to choose a command interpreter – must begin any *nix script, including those intended for use on Mac OS X. The line tells the computer which command interpreter to use – that is to say, it selects a program to manage the lines of the script with. *Nix machines typically have several available, and while certain scripts may demand different interpreters, the Bash interpreter specified in the default line is the most compatible across *nix-based systems. If you are a novice user or are unsure of this line of code's purpose, please leave it alone. It will not alter the functionality of your code, and removing it may cause your code not to work as you had intended. Without a code interpreter explicitly selected as the first line of your script, it will not run on your Mac or other *nix-based system. © 2016 Autotask Corporation l Page 311 of 487 If you are an experienced user, or your choice of command interpreter differs from the default, please feel free to experiment. You are welcome to edit the initial line of the script; you may even decide to remove it entirely. However, such actions may cause your script to act unpredictably or even fail; you make such alterations at your own risk. © 2016 Autotask Corporation l Page 312 of 487 Scripting Ninite using Autotask Endpoint Management (AEM) This guide is for informational purposes only. Autotask does not directly offer support on any issues raised with third party components. Scripting Ninite for automated installs can only be done with a Ninite Pro account. There is a free version, but it doesn't have the same command line or unattended functionality. Ninite is a service that allows you to install or update multiple applications on multiple endpoints through a single executable. The power of that functionality really increases, however, when you start to add the sort of automation, scheduling and alerting that Autotask Endpoint Management (AEM) can deliver. There are two functions that Ninite will commonly be used for alongside AEM: l The installation or updating of a specific application or applications l Managing general application updates for all manageable apps on a device How to... Install and update specific applications To use Ninite and AEM to install and update an application (or multiple applications): 1. Download the AEM Ninite - Install and Update Applications component. 2. Import the component into your Component list. Refer to "Import a component into your Web Portal" on page 335. 3. With the script component open, add your own ninitepro.exe (which is associated with your own Ninite Pro account) in the Files section. Refer to "Attached Files" on page 308. 4. You can, if you wish, edit the command line which is run here to change how Ninite should behave when it runs (for example, adding proxy details if your devices sit behind an authenticating proxy server). More details on the command line options for Ninite can be found in the Ninite Command Line Switch Reference. 5. Click Save to add the component to your library. If you want to be able to use this component as a Quick Job, click the star icon next to it in the list. When you run this component (either as a one time quick job, or as a scheduled job), you will be asked to enter the names of the applications you want to install or update. To see the list of applications which can be installed or managed, refer to Ninite Pro app list. © 2016 Autotask Corporation l Page 313 of 487 If you run this component as a scheduled job, the first time it runs, the applications will be installed from the web. Subsequent runs will check if the application is at the latest version currently available, and if not, it will update to that version. Manage General Application Updates If, rather than deploying and managing specific apps, you just want Ninite to control all of the updates for the applications it manages, you can use this component instead: 1. Download the AEM Ninite - Update Everything component. 2. Import the component into your Component list. Refer to "Import a component into your Web Portal" on page 335. 3. With the script component open, add your own ninitepro.exe (which is associated with your own Ninite Pro account) in the Files section. Refer to "Attached Files" on page 308. 4. You can, if you wish, edit the command line which is run here to change how Ninite should behave when it runs (for example, excluding some applications from being updated - by default, this component excludes Firefox, but you will probably want to add your own list of exceptions). More details on the command line options for Ninite can be found in the Ninite Command Line Switch Reference. 5. Click Save to add the component to your library. General Advice We recommend that, as with all new components, test this out on a couple of devices to make sure you understand what it's doing and how it works, then schedule it to run on a regular basis. Bear in mind that lots of applications updating in the background may make the user feel their device is running slowly, so be careful when you schedule it. You may also want to investigate using the cache feature in Ninite to reduce Internet bandwidth usage, since 100 devices all downloading Google Earth at the same time will be quite a large download. And finally, we can't recommend strongly enough getting signed up for the Community Component Exchange, which was the original source of these scripts and concepts. © 2016 Autotask Corporation l Page 314 of 487 Input Variables What is an Input Variable? One of the facets of the Autotask Endpoint Management (AEM) scripting engine is the ability to use input variables in your scripts. This lets you re-use a single component to carry out multiple tasks without having to modify the script itself, or create (and maintain) duplicate components. Input variables allow you to define values in your script at runtime, rather than having them hard coded into the script. If you regularly had to restart a number of Windows services (netlogon service, DNS client service, DHCP client service), you could create a separate component for each service. They would be identical, except for the name of the service that was being restarted. If you used a variable ("servicename") instead, you would need to create only one component (called "Restart Service"). The script would prompt you for the name of the service to be restarted. How do Input Variables work in AEM? AEM creates Windows environment variables whenever components execute which are set to the names and values of your input variables. You can then call these in your scripts just like you would a "normal" environment variable (such as %computername%). How to... Create input variables Input variables are defined when you create or edit a component. Refer to "Create or Edit a Component" on page 301. 1. Click the plus icon to the right to open the Input Variables dialog. © 2016 Autotask Corporation l Page 315 of 487 2. Enter a Name for the variable. 3. Select a Type for the variable. Options include Value, String, Number, Timestamp, Date, Boolean and Blob. 4. Enter a description. 5. Click Add. The window will close and the variable will appear on the list. When you set up a policy to use this monitor script, you are able to specify the value that this should be set to when it runs: Refer to input variables in a script How you refer to a variable in a script depends on the scripting language you are using. Batch Scripts In batch scripts, you just need to wrap the name of the variable you're referencing in % signs: © 2016 Autotask Corporation l Page 316 of 487 echo Checking for existence of %FileName% VBScript In VBScript, it's a little more complicated: you need to expand the environment variable, and set a 'normal' variable to that value: Set wshShell = CreateObject("WScript.Shell") FileToCheck = wshShell.ExpandEnvironmentStrings("%FileName%") PowerShell And in PowerShell, variables can be treated as child items of a PowerShell drive called Env: Get-Childitem env:FileName or, alternatively: $env:FileName Worked Example In this worked example, we're going to take an existing component and modify it so that the drive, path and filename are no longer hard coded into the script - they'll be variables. The script we are starting with is looking for a hard coded path and file: @echo off echo Checking for file C:\test\test.txt if exist C:\test\test.txt (goto found) ELSE (goto notfound) :found echo File found - script exiting OK exit /B 0 :notfound echo File not found - script exiting with warning exit /B 1 © 2016 Autotask Corporation l Page 317 of 487 To replace the hard coded path and file with variables: 1. Open up the monitor component that's checking for the file "test.txt". 2. Add three new input variables (one for the drive, one for the folder and one for the filename). Notice that we configured default values, so if we run this monitor with no changes to the variables at all, it will check for C:\Test\Test.txt. 3. Modify the script to use these variables as described above instead of the explicit path: echo off echo Checking for file %drive%\%filepath%\%filename% if exist %drive%\%filepath%\%filename% (goto found) ELSE (goto notfound) :found echo File found - script exiting OK exit /B 0 :notfound echo ^<-Start Result-^> echo CSMon_Result=%filename% not found - script exiting with warning echo ^<-End Result-^> exit /B 1 4. Now recreate the policy that uses this monitor, and you'll be able to specify the drive, path and filename on adding this component monitor - so with a single component you can alert on the existence of C:\Test\Test.txt, C:\Test\Check.xlsx & D:\Monitor\File.tmp. © 2016 Autotask Corporation l Page 318 of 487 Deploy Components Using Jobs Permission to manage Jobs Sites > select a site, filter or group > click Schedule a Job A Job is an automated process for deploying components from the Web Portal to a number of devices, either immediately or at a scheduled time. When a job is scheduled, the Web Portal will signal the targeted Agents that a job needs to be run. The Agent will download the job to the local hard drive, unpack the package into its component parts, and run the script. This process takes place in the system session where the AEM Agent runs. If you want a job to run in the user session (for example to copy a shortcut to the desktop), you need to set it up when scheduling the job. Refer to "Execution" on page 322. Jobs can be scheduled for individual devices, sites, filters or groups. You cannot run a job at account level. How to... Schedule a job To schedule a job, do the following: 1. Navigate to the Sites tab. 2. To run the job on all devices in one or more sites, select the required sites. To run the job on an individual device, click on a site and select the device from the devices list. To run a job on a filter or group, click on the name of your filter or group and select all or some devices. 3. Click on the Schedule a Job icon. The Schedule a Job page will open. 4. Populate the following fields: Name Description General © 2016 Autotask Corporation l Page 319 of 487 Name Description Name Give your job a name. This is how it will appear on the list of scheduled and completed jobs. Schedule By default, the job will be executed immediately. To schedule the job for later or for recurring execution, click Click to change... In the Schedule window, select one of the following: Immediately - The job will run as soon as it is saved. At selected date and time - The job will run once at the selected date and time. Daily - The job will run every day at the time indicated in the Start field. Weekly - The job will run every week on all selected days at the time indicated in the Start field. Monthly - The job will run in the selected months on the selected days. Monthly day of week - The job will run in the selected months on the specified occurrence of the selected days of the week. Yearly - The job will run on the selected day (1 - 365) each year. On Connect - Only available if you select an entire site to run the job on. The job will run once on each device associated with the site as soon as the device connects to the platform. By default, offline devices will queue until they come online or the job expires. If the job run is a recurring job, any new devices attaching to the sites will pick up the job at the next run time. Running as Security Level This field is not editable, however, when you edit a job after it's been saved, the field will show the security level used when the job got scheduled. Components © 2016 Autotask Corporation l Page 320 of 487 Name Description Add a Component Click Add a Component and select one or multiple components from the list. You will see all components your component level allows you to see. Refer to Users. Once your components are selected, you can control the order in which components are deployed. To reorder the components, click the green up and down arrows on the right. To remove a component from the job, click the Delete icon. Advanced Options Job disabled Click the check box to disable the job from running. Expire this job after Set a short term expiration for the job (up to 3 days). Duration Once a job is scheduled, it will run in perpetuity. This option allows to set an expiration date/time for a job. © 2016 Autotask Corporation l Page 321 of 487 Name Description Execution These options allow you to run the job in the user session, either automatically or with user interaction. Click Only run this job when user is logged in to enable the additional options. Logged in user must have Administrator rights - Check this box if the end user must be an Administrator of the device before the job will run. It will wait for an Administrator logon even across multiple Limited User logons. Execute when user is logged in - Automatically runs the job in the user session. Advertise to user but do not execute - Prompts the user to run the job. In this instance, the user will be presented with an AEM system tray icon to authorize the execution of the job. When the user clicks on the icon, the software installer will be displayed. Alerts Alert me if Optionally, you can choose to create an alert when the job succeeds, fails, has warnings or expires. Job alerts appear on the Account > Monitor page when you toggle to Job Alerts. Refer to "Manage Job Alerts" on page 329. Automatically Email StdOut/StdErr options Select output choices Here, you configure the notification you will receive when the job is run. Select output choices: Check Stdout if you want to be notified when the job is complete. Select Stderr to receive a notification when an error occurs. Select File Format: Click the radio button to select HTML or Plain text. Selecting Plain text enables two additional choices: Check Output Only to omit job summary information from the message (such as number of devices the job was run on, etc.). Check Use custom file extension to present the output in a certain format (for example, output tab-delimited text as .csv). Job Recipients Send alert to Choose who will receive alert emails: Default recipients - This will send the email to the default recipients set at the account and site levels. Additional recipients - Use this option to add any additional recipients you wish. Note that this field is enabled when you either select an Alert option or an "Automatically email..." option. The email field only accepts the following characters: a-z, A-Z, 0-9, @, and !#$%&'`*+-|/=?^_{}~. © 2016 Autotask Corporation l Page 322 of 487 The start and end time for scheduled jobs are based on the time zone set in Setup > My Info. Refer to Edit your user details. 5. Click Save to schedule the job. The window will close, and the job will appear on the list of scheduled jobs, where you can edit or delete it. 6. Once the job has been completed, it will appear on the Completed Jobs tab. Use a Quick Job to deploy one component A Quick Job allows you to immediately deploy one component without having to schedule the job. Similar to Scheduled Jobs, Quick Jobs can be scheduled against individual devices, sites, filters or groups from the Action Bar. There is one restriction: components must be marked as favorites on the Component list to be available for Quick Jobs. Refer to "Make a component available as a Quick Job" on page 324. To schedule a Quick Job, do the following: 1. Navigate to the Sites tab. 2. To run the job on all devices in one or more sites, select the required sites. To run the job on an individual device, click on a site and select the device from the devices list. To run a job on a filter or group, click the name of your filter or group and select all or some devices. 3. Click on the Run a quick job icon in the action bar. A window with all components available for Quick Jobs will open. In order for a component to appear in this list, it needs to be marked as a favorite. For more information, refer to "Make a component available as a Quick Job" on page 324. 4. Select a component to use in the Quick Job and click Save. If the component has variables, they will show below the job in the list and need to be completed first. © 2016 Autotask Corporation l Page 323 of 487 5. By default, the Jobs list will open when you click Save. Optionally, you can deselect Follow to jobs list page on submit to stay on the device list. 6. Quick Jobs are added to the Scheduled Jobs > Active Jobs list with the heading Quick job running component [component name] on [selected devices]. 7. Once completed, the Quick Job results can be accessed on the Completed Jobs tab. Quick Jobs always run in the LocalSystem Account in Windows but it is possible to force the execution of a script to run in the context of the local logged on user by opting to a Scheduled Job and using the advanced options under Execution. Refer to "Execution" on page 322. Edit a scheduled job 1. Click the Scheduled Jobs tab. 2. Click the Edit Job icon at the right side of a row. The Edit Existing Job window will open. 3. Make the required changes and click Save. The job will be reconfigured and run according to the new settings. A user who has the permission to manage jobs but is not assigned the security level that was used when the job got scheduled will not be able to edit the scheduled job. Make a component available as a Quick Job © 2016 Autotask Corporation l Page 324 of 487 1. In the Web Portal, click on the Components tab. 2. On the component you wish to make available as a Quick Job, click on the Toggle favorite icon 3. The star changes to yellow . to show it is now a favorite available for Quick Jobs. Use a local component cache To speed up the deployment process and minimize the bandwidth needed to distribute components to devices in the same site, we recommend that you use a local component cache. For further information, refer to "Designate a Local Cache" on page 111. © 2016 Autotask Corporation l Page 325 of 487 Manage Jobs Permission to manage Jobs Scheduled Jobs > Active Jobs Scheduled Jobs > Completed Jobs A Job is an automated process for deploying components from the Web Portal to a number of devices, either immediately or at a scheduled time. Jobs can be created on a number of pages. Refer to "Deploy Components Using Jobs" on page 319. They are managed on the Scheduled Jobs page where you can view active and completed jobs and perform a variety of management tasks. About the Scheduled Jobs Page Tabs The Scheduled Jobs page has two tabs, Active Jobs and Completed Jobs. The features are identical, except for the status of the jobs. Views The Views radio buttons allow you to filter the jobs on each tab. By default, you will see all active or completed jobs, but you can click the following views: l l l Run Once - This selection will display jobs that were scheduled to run immediately or at a selected date and time. This would include any Quick Jobs. Recurring - This selection will display jobs that were scheduled to run daily, weekly, monthly, monthly day of week, and yearly. On Connect - This selection shows jobs that were scheduled for an entire site. The job will run once on each device associated with the site, and will be shown as active until it has run on all devices. For information on how to schedule jobs, refer to "Schedule" on page 320. Other Field Description Column Chooser The column chooser lets you select which columns should be visible in the results view. You can click on All or None to select or deselect all the options, and you can restore the default view by clicking on Restore Defaults. Drag and drop any of the columns to re-arrange their order in the results view. Click Save to apply the changes or Cancel to discard them. Note: You must select at least one column in the column chooser. © 2016 Autotask Corporation l Page 326 of 487 Field Description User Allows you to filter the list by the user who scheduled the job. Show me It lets you select to show 25 / 50 / 100 / 250 entries per page. Previous / Next Click on Previous / Next to see the previous or next page of results. Actions icons Icon Name Description Export to CSV Allows you to export a list of the selected jobs in .CSV format. Make sure to select the columns you want to include in the export. Refresh Refreshes the current view. On the Active Jobs list, you can also click Auto-refresh on and off. Auto-refresh only happens when an action occurs to trigger it. It does not refresh at set time intervals. Delete job(s) Allows you to delete selected jobs. Column Descriptions Field Description Selection check box Check to select one or multiple jobs Name The name the job was given when it was set up. Schedule Shows the schedule set up for the job. For information on how to schedule jobs, refer to "Schedule" on page 320. Components The number of components that make up the job. Jobs Run If the job is recurring, the number of completed instances is shown. Next Run Date Date, Time and Time Zone when the job is scheduled to be run.. Last Run Date Date, Time and Time Zone when the job was last run. User The user who scheduled the job. Security Level The security level that was used to schedule the job. Edit job When you click this icon, the Edit Existing Job page will open. For field descriptions, refer to "Deploy Components Using Jobs" on page 319. A user who has the permission to manage jobs but is not assigned the security level that was used when the job got scheduled will not be able to edit the scheduled job. © 2016 Autotask Corporation l Page 327 of 487 Field Description Delete this job Deleting a job will move it to the Completed Jobs list and will prevent any devices that have not yet run this job from doing so. © 2016 Autotask Corporation l Page 328 of 487 Manage Job Alerts Permission to manage Monitors at the account, site or device level. Account > Monitor > Job Alerts What is a job alert? When you schedule a job, you can choose to be alerted when the job l succeeds l fails l has warnings l expired All alerts appear on the Account > Monitor page when you click the Job Alerts radio button. About the Job Alerts Page Radio Buttons The Account > Monitor tab displays radio buttons that allow you to toggle between Monitor Alerts and Job Alerts lists. For information about Monitor Alerts, refer to "Manage Alerts" on page 346. Action bar icons Icon Name Description Resolve selected job alerts Manually sets the status of the selected job alerts to Resolved. Refresh Refreshes the current view. You can also click Auto-refresh on and off. Auto-refresh only happens when an action occurs to trigger it. It does not refresh at set time intervals. Column descriptions Field Description Selection check box Check to select one or multiple alerts. © 2016 Autotask Corporation l Page 329 of 487 Field Description Job Displays the job name as a hyperlink. Click on a job to open a detailed job view. Refer to "The Job View" on page 331. Condition(s) Triggered When a job is scheduled, you can choose to create an alert when the job succeeds, fails, has warnings or expires. This column shows the reason the alert was created. Time The time and date the alert was raised. © 2016 Autotask Corporation l Page 330 of 487 The Job View Permission to view Scheduled Jobs Account > Monitor > Job Alerts > click on a job Scheduled Jobs > click on a job You can access information about individual jobs both from the Scheduled Jobs page and the Account > Monitor > Job Alerts page by clicking on the name of the job. Each device the job was targeted at is represented by a row. By default, all devices are displayed, but you can use the radio buttons to display a specific status only. Columns Field Description Hostname (hyperlink) The name of the device. Click on the name to open the Device Summary page. Refer to "Device Summary" on page 119. Site The site the device is associated with. Click on the name to open the Site Summary page. Refer to "Site Summary" on page 16. Run At The date and time the job was run on the device. Status The current status of the job on the device. The job may have succeeded on some devices, and expired or failed on others. You can check expired or failed devices and click the Rerun job on selected devices icon. Result A color indicator of the job result. Green - The job ran successfully. Orange - The job ran but there was a standard output (Stdout) value found based on the component's post-conditions warning text filter. Refer to "Post-Conditions" on page 309. Red - The job failed. Stdout Click on the icon to view the Stdout (standard output) message for the device. Stderr Click on the icon to view the Stderr (standard error) message for the device. © 2016 Autotask Corporation l Page 331 of 487 Field Description Remote takeover tools Connect to Device* Refer to "Remote takeover icons" on page 118. Remote Takeover (RDP)* Remote Takeover (VNC)* Splashtop* *Will not display for offline machines, printers, mobile devices, network devices or devices with an inappropriate operating system. In some cases they do not display at all, e.g. due to incomplete audit. If you experience issues launching the Agent Browser when clicking on the connect icon or any of the remote takeover tools in the Web Portal in Google Chrome, refer to I can't launch the Agent Browser from the Web Portal in Chrome. Why is that? Action bar icons Icon Name Description Add device(s) to group Add the selected device(s) to a group. Refer to "Groups" on page 142. Rerun job on selected devices Use this icon when the job succeeded on some devices but not others. Check the box in front of devices you want to rerun the job for. Schedule a job* Schedule a job for the selected device(s). Refer to "Deploy Components Using Jobs" on page 319. Run a quick job* Run a component through a quick job for the selected device (s). Refer to "Deploy Components Using Jobs" on page 319. Click to download selected Standard Output/Error Launches a window that lets you configure the options for the download of Standard Output / Error messages, such as file format, and how you want to receive the file, download or email. Resend run job message... Use this icon when a device is online, but the job appears to be stuck at the scheduled status. This will resend the message that a job needs to be run. Export to CSV Allows you to export a list of the selected devices in .CSV format. Make sure to select the columns you want to include in the export. Refresh Refreshes the current view. This will show the most up-to-date alert status. You can also click Auto-refresh on and off. Auto-refresh only happens when an action occurs to trigger it. It does not refresh at set time intervals. © 2016 Autotask Corporation l Page 332 of 487 Manage Components Permission to manage Components Components tab The Components tab displays a list of all components that you have downloaded from the ComStore (that is, copied to your Component Library on the Web Portal), or created yourself. These components can now be downloaded to your PC so you can deploy them to devices. About the Component List The Component List can display between 10 and 100 entries per page. l To set the number of entries, select an option from the Show # entries drop-down field. l Scroll to the bottom of the list to navigate to the next page. The component list displays the following columns: Column Description Check box Used for adding multiple components to a group. Icon Icon that identifies the component. Name Name and version of the component. This column also indicates WIN or MAC. Description The description of the component. Click on the row and hover over the description to see additional information. Component Level Determines which users can access this component. Component levels go from 1 (Basic) to 5 (Super). Refer to Users. Files The number of files that are part of this component. Size The total size of the component. Action Icons Delete Will delete the component from the Component List. If the component is part of an active job, you will receive a warning. Click OK or Cancel. Copy Opens the Component page. All fields are exact copies of the original, except the Name, which is labeled as "Copy of...". Make any required changes and click Save. Favorite Makes this component available to be used in Quick Jobs and as alert response in monitors. Refer to "Make a component available as a Quick Job" on page 324 and the Response Details section in "Create a monitor" on page 239. Toggle User Task Makes the component available to all end users with the Agent installed on their computer. Refer to User Tasks. © 2016 Autotask Corporation l Page 333 of 487 Column Description Export Com- This is the first step when you download a component. The gray icon indicates that the component ponent is available on the Web Portal, but is not yet ready to download. The yellow icon indicates that the component is being prepared for downloading, that is, packaged as a .cpt file (a proprietary type of .zip file that includes an XML file and possibly additional files such as a batch file or image file that can be recognized as an AEM file type when it is imported into another web portal). Download Component Once the file has been zipped up, the icon turns blue. When you click on the icon, the component is downloaded to your workstation. How to... Search for a component To check whether a specific component has been downloaded, enter a name or part of a name or description into the Search field. The list display all records that contain a match in the Name or Description field. Download a component to your workstation Components that appear on the Component list can be downloaded to your workstation and deployed to remote devices. If you see a gray Export component icon, the component has either not yet been down- loaded, or the component was edited and must be rebuilt. "Export" and "download" are used interchangeably. 1. Click on the gray Export component icon. A dialog box appears. 2. Click Build now. A note appears at the top of the page that the component is being built, and the icon turns yellow. The .zip file that is generated will have a .cpt extension. When the build is complete, the icon will turn blue. 3. Click the blue Download component icon . Another dialog box opens that includes a download link. © 2016 Autotask Corporation l Page 334 of 487 4. Click Download here to download the component. If you have previously downloaded the file and think it might have been changed, click Rebuild it now. You will be prompted to open or save the file. Note that the file extension might now be .zip. Add a component Refer to "Create or Edit a Component" on page 301. Import a component into your Web Portal You can upload components you have created or downloaded from the Component Exchange to the Web Portal so they are available to other users and can be deployed. To import a component: 1. Click the Components tab. 2. In the top left corner, click Import Component. 3. Click Choose file... and locate the component file you want to upload. Only Autotask Endpoint Management Component files (*.cpt) can be imported. 4. Click Upload. © 2016 Autotask Corporation l Page 335 of 487 When the upload is complete, the Component page will open. 5. Modify the component as required. Refer to "Create a component" on page 301. 6. Click Save. Create a component group By default, components are grouped into categories. Refer to "Component Categories" on page 266. You can, however, create component groups, and associate any component with them, based on your own criteria. This is helpful if you have components that are frequently viewed or edited. To create a component group: 1. Navigate to the Components tab. 2. On the left, under Component Groups, click the plus sign. A pop-up window will open. 3. Enter a name for the group. 4. Click Save. Add components to a group Once the group exists, you can add any component to any group. 1. On the Component List, check the component or components you want to add to a group. 2. Click the Add component(s) to group icon in the Action row. A pop-up window will allow you to select the group to add the components to. 3. Click Add. The components are now added to the group. Map components to specific sites Components that can be edited (i.e. custom components and copies of components downloaded from the © 2016 Autotask Corporation l Page 336 of 487 ComStore) can be made available to some sites but not others. This is known as component site mapping. 1. Click the Components tab. 2. Click on the component name you want to edit. 3. Scroll to the Sites section and click Selected sites. 4. Select the sites you wish to make the component available to and then click Include. Use the Search field above either the Include or Exclude column to search for your sites. As you type, the search results are narrowed to match your search string. Use Shift or Ctrl on your keyboard to select multiple sites. 5. Once the changes are complete, click Save. After you have mapped components to a specific site, it makes sense to specify a local cache or caches to store the components. Refer to "Designate a Local Cache" on page 111. © 2016 Autotask Corporation l Page 337 of 487 Create a Custom Component Monitor Knowledge of a scripting language like Batch or vb script. For scripting languages supported by AEM, refer to "Scripting" on page 306. Permission to manage Components. To create a policy, permission to manage Policies at account or site level. Components > New Component Account > Policies Sites > select a site > Policies About Custom Component Monitors Component monitors are, in essence, scripts that regularly run on your devices. If a specific condition is met, an alert will be raised. You can find and download a number of pre-configured component monitors from the ComStore, covering anti-virus packages, backup systems, CPU temperature, predicted hard drive failures, etc. Refer to "Components and ComStore" on page 266. For example, the status of Autotask's own online file backup service, Autotask Endpoint Backup, can also be monitored through a component monitor. For more information, refer to Autotask Endpoint Backup Integration. Sometimes, however, you want to generate alerts we don't have pre-configured component monitors for. You might, for example, want to: l Monitor a backup or anti-virus package that we don't currently have a ComStore component for. l Check if a specific file or folder exists. l Run some diagnostic command (like dcdiag, or repadmin) and check the output for issues or failure. l Interrogate a database using a command line tool (like osql) and check specific values. For cases like these, and many others, Autotask Endpoint Management (AEM) includes a powerful scripting tool that allows you to write your own monitoring scripts, called custom component monitors. A knowledge of scripting languages is required. How to... Create a script © 2016 Autotask Corporation l Page 338 of 487 In this exercise we are going to write a batch script that looks for a text file called C:\Test\test.txt. If that file exists, the script will terminate with exit code 0 (which means, basically, "success"). If it doesn't, we'll see some output telling us, and it will terminate with exit code 1 (which means "failure"). Our script to do that looks like this: @echo off echo Checking for file C:\test\test.txt if exist C:\test\test.txt (goto found) ELSE (goto notfound) :found echo File found - script exiting OK exit /B 0 :notfound echo File not found - script exiting with warning exit /B 1 Save that as a batch file called doesfilexist.bat to your C:\ directory. Make sure your text editor doesn't add a .txt extension. Run the script on your local machine Before we incorporate the script into a component monitor, we want to make sure that the script does what we expect. The easiest way to do this is to write it to run on a single, local device. 1. In you C:\ directory, create a folder called "test", but do not create the test.txt file yet. 2. Go to the Command prompt and type: doesfileexis.bat > log.txt 3. Hit the Enter key. This will execute the batch file and save the results in a log file. The log file should read: Checking for file C:\test\test.txt File not found - script exiting with warning 4. Then add the test.txt file to the directory and run the batch file again.\ Now the log file should read: Checking for file C:\test\test.txt File found - script exiting OK © 2016 Autotask Corporation l Page 339 of 487 This confirms that we now have a working script, checking for the existence of a file called test.txt in C:\test. Get the output into the right format While this output format works when the script is run on a local device, we need to make some changes so it works for the output for a custom component monitor. AEM is looking for output in this format: <-Start Result-> OUTPUTVARIABLE=Your Warning/error message <-End Result-> where "OUTPUTVARIABLE" is a variable you configure when you create the monitor. Refer to "Turn the script into a Component Monitor" on page 341. To make sure the script generates output that looks like the example above, we modify the output section of the script as follows: @echo off echo Checking for file C:\test\test.txt if exist C:\test\test.txt (goto found) ELSE (goto notfound) :found echo File found - script exiting OK exit /B 0 :notfound echo ^<-Start Result-^> echo CSMon_Result=File not found - script exiting with warning echo ^<-End Result-^> exit /B 1 In this case, the < and > characters have to be escaped so they are parsed correctly in a batch file, otherwise they are treated as though they were piping data into or out of a command. Other monitor script types don't need to do this. - The vbs equivalent would be: wscript.echo "<-Start Result->" wscript.echo "CSMon_Result=File not found - script exiting with warning" © 2016 Autotask Corporation l Page 340 of 487 wscript.echo "<-End Result->" wscript.quit 1 We don't have to put the "Start Result/End Result" section around the output when the file is found, because we only want to raise an alert when it's not there. We only pass the output to the Agent when there is a problem. Now our script is checking the right things, and is outputting in the correct format. Now we are ready to incorporate this script into a component monitor. Turn the script into a Component Monitor To create a monitor component using the script you've written, follow these steps: 1. Log onto the AEM Web Portal as Administrator (or a user who has the relevant permissions to be able to create components). 2. Click the Components tab. 3. In the top left corner, click New Component. 4. In the window that then appears, select the category Device Monitors. 5. Enter a Name and a Description. 6. Click Save. 7. Scroll down to the Script section of the window that appears. 8. In the Script drop-down menu, select Batch (since our example script here is a batch / command shell script). If you're using a different script, choose the appropriate script type. 9. Paste your working and tested script into the main window of the script section. © 2016 Autotask Corporation l Page 341 of 487 10. Next, we need to let AEM know what variable name we're using to capture the output. In this script, we used CSMon_Result, so we need to configure that as Output Data. Click the green "+" alongside the "Output Data" section. 11. In the window that appears, specify the output variable name as CSMon_Result, and the type as String, then click Add. 12. Click Save. Your monitor component will be saved and added to your component list. Create a monitoring policy to use your component Now that we have a Custom Component Monitor, the final step is to deploy it to one or more devices using a monitoring policy. Refer to "Create a Monitoring Policy" on page 256. 1. In the Monitor Type drop-down, choose Component Monitor. 2. Click Next. 3. Your custom component monitor will be listed in the first drop-down in the Monitor Details > Trigger Details section. Select your component monitor. © 2016 Autotask Corporation l Page 342 of 487 4. Configure how often this monitor should be executed. 5. For now, we can leave the Alert Details and Auto-Resolution Details at their default values. 6. Click Next. 7. If you'd like to receive email alerts when this monitor is triggered, check the Email the following recipients box on the Response Details page and enter your email address or just leave the Default recipients check box selected. 8. Then click Next until the monitor is created and you are back to the New Policy page. 9. Add your targets and push out the policy. View the output If the file you are looking for does not exist on a device the monitor was pushed out to, the designated alert recipients will receive an email like this: In addition, you can see all raised alerts when you navigate to Account > Monitor > Monitor Alerts. Refer to "Manage Alerts" on page 346. For more details on a raised alert, just click on the hyperlinked message text: © 2016 Autotask Corporation l Page 343 of 487 © 2016 Autotask Corporation l Page 344 of 487 Alerts and Tickets When a monitor is triggered because its thresholds are being breached, possible responses include: l Sending a notification email to a designated recipient l Raising an alert l Creating a ticket These responses are configured when the monitor is created. Refer to "Monitors and Policies" on page 232. About Alerts An alert is the automatic response to a device operating outside of the parameters defined in the monitor. Alerts appear and can be managed on the Monitor tab at the device, site and account levels, where you can review them and take the appropriate action. Automatic response options include running a component (that is, a script), sending an email to designated recipients, and optionally creating a ticket. For more information on managing and responding to alerts, refer to "Manage Alerts" on page 346. About Tickets Without the advanced Autotask integration enabled, Autotask Endpoint Management (AEM) offers a standalone ticketing feature where the ticket entity lives and gets updated in AEM. However, if you integrate with Autotask PSA, you'll be able to use the advanced integrated ticketing, with the ticket entity living in Autotask PSA and offering much more detailed ticket information. For information on how to enable the Autotask integration and the advanced integrated ticketing, refer to Autotask PSA and Endpoint Management Integration. Tickets can be created in three ways whether or not you have enabled the Autotask integration: l l l In the Web Portal, users with access to the Support tab at the account, site or device level can manually create a ticket. Refer to "Create a Ticket in the Web Portal" on page 358. Monitors can be configured to automatically create a ticket in addition to a notification email. Refer to the documentation on the different types of monitors. Links can be found under "Types of monitors" on page 232. Tickets can be created by end-users in the Agent Browser. Refer to "Create a Ticket in the Agent Browser" on page 361. All tickets are managed in the Web Portal. Refer to "Manage Tickets" on page 352. If the ticketing features AEM offers are not sufficient for your needs, AEM integrates with several other PSA solutions. For information on PSA integrations, refer to Configuring Third Party Integrations. © 2016 Autotask Corporation l Page 345 of 487 Manage Alerts Permission to manage Monitors at Account, Site or Device level Account > Monitor > Monitor Alerts Sites > select a site > Monitor Device > select a device > Monitor > Monitor Alerts What is an alert? An alert is the automatic response to a device operating outside of the parameters defined in a monitor. Alerts appear and can be managed on the Monitor tab at the device, site and account levels, where you can review them and take the appropriate action. Automatic response options include running a component (that is, a script), sending an email to designated recipients, and creating a ticket. About the Monitor Alerts Page Radio Buttons The Account > Monitor tab displays radio buttons that allow you to toggle between Monitor Alerts and Job Alerts lists. For information about Job Alerts, refer to "Manage Job Alerts" on page 329. The Site > Monitor tab displays Monitor Alerts only. The Device > Monitor tab displays radio buttons that allow you to toggle between Monitor Alerts and Monitors. For information about Monitors, refer to "Monitors and Policies" on page 232. Columns and filters Field Description Column Chooser The column chooser lets you select which columns should be visible in the results view. You can click on All or None to select or deselect all the options, and you can restore the default view by clicking on Restore Defaults. Drag and drop any of the columns to re-arrange their order in the results view. Click Save to apply the changes or Cancel to discard them. Note: You must select at least one column in the column chooser. Category By default, alerts of all categories are shown. Click the drop-down to display alerts from a specific monitor type. © 2016 Autotask Corporation l Page 346 of 487 Field Description Priority By default, alerts of all priorities are shown. Click the drop-down to display alerts of a specific priority. The priority legend is as follows: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5 Status By default, only active alerts (that is, Open Alerts) are shown. Click the drop-down to display alerts with a specific status: • Open Alerts • All Alerts • Resolved Alerts • Muted Alerts Action bar icons Icon Name Description Resolve selected alerts Manually sets the status of the selected alerts to Resolved. Standalone ticketing: If your alert raised a ticket, resolving the alert will add a ticket note to the ticket and close the ticket. You may disable the auto-resolution of tickets in the monitor's Ticket Details section. Refer to "Create a monitor" on page 239. Advanced integrated ticketing: If you use advanced integrated ticketing, enabling self-healed and cleared alerts will allow you to handle the corresponding PSA alert ticket's status. Refer to Self-Healed and Cleared Alerts. Mute Monitors for Devices Prevents email notifications that the alert has triggered for the selected devices. The alerts will still appear on the list when the Muted Alerts filter is selected. Un-Mute Monitors for Devices Only available when the alert had been muted. It removes the alert from the Muted Alerts list and allows it to trigger email notifications for the selected devices again. Mute Monitors for Sites Prevents email notifications that the alert has triggered for the selected sites. The alerts will still appear on the list when the Muted Alerts filter is selected. Un-Mute Monitors for Sites Only available when the alert had been muted. It removes the alert from the Muted Alerts list and allows it to trigger email notifications for the selected sites again. Mute Monitors for Account Prevents email notifications that the alert has triggered for your entire account. The alerts will still appear on the list when the Muted Alerts filter is selected. © 2016 Autotask Corporation l Page 347 of 487 Icon Name Description Un-Mute Monitors for Account Only available when the alert had been muted. It removes the alert from the Muted Alerts list and allows it to trigger email notifications for the entire account again. Export to CSV Allows you to export a list of the selected alerts in .CSV format. Make sure to select the columns you want to include in the export. New Ticket Click to create ticket(s) for the selected alert(s). In the pop-up window, you can complete the following fields: • Standalone ticketing: Assigned to, Priority, Ticket Email Notification • Advanced integrated ticketing: Priority, Source, Issue, Sub-Issue, Queue, Primary Resource, Role, Ticket Note Refresh Refreshes the current view. You can also click Auto-refresh on and off at account level. Auto-refresh only happens when an action occurs to trigger it. It does not refresh at set time intervals. Column descriptions The following columns are displayed by default: Field Description Selection check box Check to select one or multiple alerts. Alert type icon Displays an icon that identifies the type of alert that was triggered. Triggered Shows how long ago the alert was raised. You can click the column header to sort by this criterion. Message Displays the alert message. Priority Displays the priority of the alert. You can click the column header to sort by this criterion. Alert Message (at Device level only) Displays the alert message. Alert Triggered (at Device level only) Displays what triggered the alert. Alert Resolved (at Device level only) Displays whether the alert has been resolved. You can click the column header to sort by this criterion. © 2016 Autotask Corporation l Page 348 of 487 Field Description Alert Resolved Date (at Device level only) Displays when the alert got resolved. Alert Muted (at Device level only) Displays whether the alert is muted. Alert Received (at Device level only) Displays when the alert was received. Site (at Account and Device level only) The name of the site associated with the device that triggered the alert. Online / Offline status icon Shows online / offline status, privacy status and network node status of the device. Hostname The hostname of the device that triggered the alert. You can click the column header to sort by this criterion. Ext IP Addr (at Device level only) The external IP address of the device. Resolved Indicates where the issue was resolved (Agent or Platform), and how long ago. You can click the column header to sort by this criterion. How to... View and act on alert information When you click on the hyperlinked message of an individual alert, the Alert Information window is displayed. © 2016 Autotask Corporation l Page 349 of 487 On this page, you will see: l The Device Summary, with links to the device and the site l The Alert Summary, with links to the Policy that deployed the monitor that triggered the alert l The Alert Response, if an automatic response was configured in the monitor l The Resolution Summary, if the alert was resolved l Diagnostic Summary (e.g. CPU or memory usage) Below the title bar, you will see a number of action icons that allow you to act on the information. Refer to "Action bar icons" on page 347. You can also run a quick job on the device or connect to it: Icon Name Description Run a quick job Run a component through a quick job. Refer to "Deploy Components Using Jobs" on page 319. © 2016 Autotask Corporation l Page 350 of 487 Icon Name Description Connect to Device* Refer to "Remote takeover icons" on page 118. Remote Takeover (RDP)* Remote Takeover (VNC)* Splashtop* *Will not display for offline machines, printers, mobile devices, network devices or devices with an inappropriate operating system. In some cases they do not display at all, e.g. due to incomplete audit. If you experience issues launching the Agent Browser when clicking on the connect icon or any of the remote takeover tools in the Web Portal in Google Chrome, refer to I can't launch the Agent Browser from the Web Portal in Chrome. Why is that? © 2016 Autotask Corporation l Page 351 of 487 Manage Tickets Permission to manage Account > Support or Sites > Support Account > Support OR open a site and click the Support tab OR open a device and click the Support tab Tickets are managed by clicking the Support tab at the account, site or device level, using both the standalone and advanced integrated ticketing that AEM offers. l On the Account > Support tab, you have access to all tickets in your AEM account. l On the Sites > Support tab, you have access to all tickets for the selected site. l On the Device > Support tab, you have access to all tickets associated with the selected device. The list features on these three pages are identical. About the Ticket List Page Views Standalone ticketing The Tickets radio buttons allow you to filter the tickets on the list. By default, you will see all open tickets, but you can click the following views: Radio button Description Open Tickets This selection will display tickets where the status is something other than Closed. All Tickets This selection will display all tickets that have ever been created, regardless of status. My tickets This selection shows all tickets assigned to the logged-in user. Advanced integrated ticketing By default, you will see all tickets, but you can filter them by selecting one or more options from the following drop-downs: Drop-down Description Queue Select any or all the queues. The drop-down lists all active queues as configured in Autotask PSA. Status Select any or all the statuses. The drop-down lists all active statuses as configured in Autotask PSA. Priority Select any or all the priorities. The drop-down lists all active priorities as configured in Autotask PSA. © 2016 Autotask Corporation l Page 352 of 487 Drop-down Description Assigned To Select any or all the resources. The drop-down lists all active resources as configured in Autotask PSA. The query displays tickets for a maximum of 100 sites within the past 30 days. Actions icons Standalone ticketing Icon Name Description Update status of selected tickets Allows you to update the status of multiple selected tickets. Refresh Refreshes the current view. Auto-refresh Switch auto-refresh ON or OFF to enable or disable auto-refresh of the page. Auto-refresh only happens when an action occurs to trigger it. It does not refresh at set time intervals. Advanced integrated ticketing Icon Name Description Refresh Refreshes the current view. Auto-refresh Switch auto-refresh ON or OFF to enable or disable auto-refresh of the page. Auto-refresh only happens when an action occurs to trigger it. It does not refresh at set time intervals. Save Once you have selected the required Queues, Statuses, Priorities and Assigned Resources, click Save to update the results. Column Descriptions Standalone ticketing Field Description Selection check box Check to select one or multiple tickets. The check box is used in conjunction with the Edit icon. Number The ticket number. You can click the column header to sort by ticket number. Click the hyperlinked ticket number to edit the ticket. © 2016 Autotask Corporation l Page 353 of 487 Field Description Site The site the ticket is associated with. Created by Displays the device name for which the ticket was created, or the user who created the ticket in the Web Portal. You can click the hyperlinked device name to open the device. Ticket Title The title of the ticket. You can click the column header to sort by ticket title. Description The ticket description. You can click the column header to sort by ticket description. Priority The ticket priority between 1 and 5. You can click the column header to sort by priority. The priority legend is as follows: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5 Status Indicates the progress that has been made on the ticket. Options are New, In Progress, Waiting and Closed. You can click the column header to sort by status. Create Date Date, time and time zone when the ticket was created. You can click the column header to sort by date. Assigned to The user responsible for resolving the ticket. Advanced integrated ticketing Field Description Site The site the ticket is associated with. Ticket Number The ticket number. You can click the column header to sort by ticket number. Click the hyperlinked ticket number to edit the ticket. Title The title of the ticket. You can click the column header to sort by ticket title. Created By The name of the user who created the ticket. If the ticket was raised through a monitor, the user who created the monitor is listed as the creator. Queue The queue where the ticket got assigned. You can click the column header to sort by queue. Issue The ticket issue type. You can click the column header to sort by issue type. Sub-Issue The ticket sub-issue type. You can click the column header to sort by sub-issue type. Status The ticket status. Both open and complete tickets are listed. You can click the column header to sort by status. Priority The ticket priority between Critical and Low. You can click the column header to sort by priority. The priority legend is as follows: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5 © 2016 Autotask Corporation l Page 354 of 487 Field Description Created Date, time and time zone when the ticket was created. You can click the column header to sort by date. Assigned To The primary resource responsible for resolving the ticket. How to... Edit a ticket All tickets, even completed ones, can be edited at any time. Depending on the type of ticketing you use, you can update different fields. Standalone ticketing 1. Click on the ticket number. The Ticket window will open. 2. You can edit the Status, Priority, Assigned To, or Comments fields. If your ticket was raised by a monitor alert, setting the ticket's status to Complete will resolve the alert as well. 3. Click Save or Submit (if you are adding a new comment), and close the window. Advanced integrated ticketing 1. Click on the ticket number. The Ticket window will open. © 2016 Autotask Corporation l Page 355 of 487 2. Update any of the following fields: Title, Description, Status, Priority, Source, Issue, Sub-Issue, Queue, Primary Resource, Role. If your ticket was raised by a monitor alert and it gets completed through an Autotask PSA workflow rule, you can use the same workflow rule to fire off an extension callout to resolve your AEM alert as well. Automatic alert closure will not occur if the ticket was completed manually. For further information, refer to Automatic AEM alert closure when completing the PSA alert ticket. 3. You can also add a new ticket note by clicking on Add a new note to this ticket. 4. Once you have finished editing the ticket, click Save. Click the View in Autotask button in the top right corner of the ticket window to open and edit the ticket in Autotask PSA. If you were already logged into PSA or single sign-on is configured for you, you will be directed to the ticket detail page. If you are not logged into PSA, you will be required to enter your login credentials. © 2016 Autotask Corporation l Page 356 of 487 For information about how to create a ticket, refer to "Create a Ticket in the Web Portal" on page 358 and "Create a Ticket in the Agent Browser" on page 361. © 2016 Autotask Corporation l Page 357 of 487 Create a Ticket in the Web Portal In the AEM Web Portal, tickets can be created manually at account, site and device level, using both the standalone and advanced integrated ticketing that AEM offers. You can also configure monitors or monitoring policies to create tickets when an alert is raised. For more information, refer to "Alerts and Tickets" on page 345. How to... Manually create a ticket 1. Log into the AEM Web Portal. 2. Navigate to the account level, or the desired site or device. 3. Click on the Support tab. 4. On the left hand side, click on New Ticket. 5. Depending on the type of ticketing you use, complete the following fields: Standalone ticketing Field Description Ticket Title Enter a ticket title. This field has a limit of 255 characters. Description Enter a ticket description. © 2016 Autotask Corporation l Page 358 of 487 Priority Select a ticket priority: • Critical - Priority 1 • High - Priority 2 • Moderate - Priority 3 • Low - Priority 4 • Information - Priority 5 Assigned to Select an AEM user who will be responsible for resolving the issue. Advanced integrated ticketing Fields marked with an * are required fields. Field Description Ticket Information Title* Enter a ticket title. This field has a limit of 255 characters. Description Enter a ticket description. © 2016 Autotask Corporation l Page 359 of 487 Site* At account level, start typing to get a list of matching site names and select a site. At site and device level, the site name is filled in for you. Status* The default value is New. This field is not editable. Priority* Select a ticket priority. The drop-down lists all active priorities as configured in Autotask PSA. Source Select a ticket source. The drop-down lists all active sources as configured in Autotask PSA. Issue Select a ticket issue type. The drop-down lists all active issue types as configured in Autotask PSA. Sub-Issue Select a sub-issue type for the selected issue type. The drop-down lists all active sub-issue types for the selected issue type as configured in Autotask PSA. Assignment Queue* Select a queue where the ticket should be assigned. The drop-down lists all active queues as configured in Autotask PSA. Primary Resource* Select a resource who will be responsible for resolving the issue. The dropdown lists all resources that are currently active in Autotask PSA. Role* Select a role for the selected resource. The drop-down lists all the roles that the selected resource is associated with in Autotask PSA. Activity Ticket Notes If you would like to add further information to your ticket, click on Add a new note to this ticket. This will open a box where you can enter a title and a description for your note. By clicking on Discard, you can delete the note entered. 6. Click Save. A dialog that includes the ticket number will confirm that the ticket has been created. The newly created ticket will appear at the top of the ticket list. Configure a monitor or monitoring policy to create a ticket When you create or edit a monitor or a monitoring policy, you configure the alert responses that will be triggered when a monitor threshold is breached. One of the possible response options is the automatic creation of a ticket. For information on how to configure the Ticket Details in a monitor or a monitoring policy, refer to "Manage Monitors" on page 239. © 2016 Autotask Corporation l Page 360 of 487 Create a Ticket in the Agent Browser In addition to the Web Portal, tickets can also be created in the Agent Browser. This allows end users to submit tickets using the AEM Agent installed on their local device. The ticket will appear in the Web Portal. How to... Create a ticket 1. Open the Agent Browser on the local device by double-clicking on the AEM system tray icon. 2. Select the Tickets tab . 3. Click New Ticket. 4. Complete the Ticket Title and Description fields. 5. Click OK to submit the ticket. © 2016 Autotask Corporation l Page 361 of 487 An email notification is sent to the assigned resource, and the ticket appears in the AEM Web Portal. The end user is able to view open tickets from the Tickets tab in the Agent Browser. Edit or close a ticket If you are using the AEM standalone ticketing, end users can edit and close tickets on the Tickets tab in their Agent Browser. If you have integrated with Autotask PSA and are using the advanced integrated ticketing, tickets can be edited in the Web Portal. l l You can edit a ticket by clicking on the pencil icon next to it. You will be able to see any notes added by the technician from the AEM Web Portal and you can also add further notes. Closing the ticket will change the status to Closed in the Web Portal, and the ticket will no longer be visible in the Agent Browser. AEM administrators will still be able to access the ticket via the Web Portal. Configure assigned resources for tickets The assigned resource for tickets submitted via the Agent Browser can be configured in the AEM Web Portal. The selected recipient will receive email notifications of new tickets when submitted. The assigned © 2016 Autotask Corporation l Page 362 of 487 resources can be configured at account and site level as well. Resources configured at site level will override any set at account level. For further information, refer to Account Settings and "Site Settings" on page 20. © 2016 Autotask Corporation l Page 363 of 487 Activity Logs and Reports Activity Logs Autotask Endpoint Management creates an audit trail of all human activity in the account. The logs can be found on the following pages: "Device Activity" on page 372 "User Activity" on page 373 "Account Activity" on page 371 Reports Autotask Endpoint Management features a large number of reports that can be generated by users with sufficient permissions. Report Levels Reports can be run for a single device, all devices in a site, or at account level. On the Sites tab, you can also select a filter or group, and generate a report at the device or account level, depending on the type of group or filter you selected. Security levels can have granular permission for each reporting level. Refer to Security Levels. Output File Types Reports can be generated in PDF or Excel format. The default output format is PDF. Running or Scheduling a Report Reports can be run immediately or at a preset schedule. Refer to "Schedule and Run a Report" on page 476. Finding the Right Report To assist you with locating the right report, refer to "Find the Right Report" on page 376. These topics contain descriptions and screen shots of all available reports. © 2016 Autotask Corporation l Page 364 of 487 Account Dashboard Permission to view or manage Account > Dashboard Account > Dashboard tab Autotask Endpoint Management (AEM) allows you to proactively monitor and manage your endpoints at device, site and account level. At device level, the Device Summary page displays audit information, notes, activity and performance information about a single device. For more information, refer to "Device Summary" on page 119. At site level, the Site Summary page lets you see statistical information, such as security or energy usage information, about one site's endpoints, that is, about all the devices that have been added to the same site. For more information, refer to "Site Summary" on page 16. At account level, the Account Dashboard provides a summary of the health and security status of all your endpoints across all your sites. To access the Account Dashboard tab: 1. Log into the Web Portal. 2. Click the Account tab. This will bring you to the Account Dashboard tab that displays two sections: Dashboards and Security Status. Dashboards Dashboards can be viewed by clicking on the Account Dashboard hyperlink. This is a default account © 2016 Autotask Corporation l Page 365 of 487 dashboard and cannot be edited. Clicking on the Kiosk Mode hyperlink will launch the Account Dashboard in a separate window. Once you click on Account Dashboard or Kiosk Mode, the following information will be displayed: Field Description Devices Displays the following information: • Total - The number of all devices in the account. Refer to "Manage Devices" on page 115. • Online - The number of devices that are online at the moment. • Offline for 7+ days - The number of devices that have been offline for more than 7 days. © 2016 Autotask Corporation l Page 366 of 487 Field Description Components Displays the following information: • Total - The number of components in your Component Library that you can find by clicking on the Components tab. For more information, refer to "Components and ComStore" on page 266. • ComStore - The number of components available in the ComStore. For more information, refer to "Download Components from the ComStore" on page 268. • Updates - The number of components that have updates available. For more information, refer to "Check for updates" on page 299. Notifications Displays the alert notifications across the entire account. Hover over each line to see and/or click for further details: • Alert type icon - Displays an icon that identifies the type of alert that was triggered. Hover over it to see the name displayed. • Site name - The name of the site in which the alert was raised. Click on the name to open the Site > Monitor page. Refer to "About the Monitor Alerts Page" on page 346. • Device name - The hostname of the device for which the alert was raised. Click on the name to open the Device > Monitor page. Refer to "About the Monitor Alerts Page" on page 346. • Alert Information - Click on the message to review the Alert Information. Refer to "View and act on alert information" on page 349. • Time stamp - Hover over the end of the row to see the exact date and time when the alert was raised. The priority level of the alerts is indicated by different colors. For more information, refer to "About the Monitor Alerts Page" on page 346. Active Jobs Displays the following information: • Devices scheduled - The number of devices which currently have a job scheduled against them. If one device has two scheduled jobs, the device will be counted only once. • Devices running - The number of devices which are currently running a job. • Devices with warnings - The number of devices where post-conditions have been triggered when running the job. For more information, refer to "Create or Edit a Component" on page 301 and "Post-Conditions" on page 309. • Devices with failures - The number of devices that exited with an error when running the job. For more information, refer to "Create or Edit a Component" on page 301 and "Post-Conditions" on page 309. To see information about the job results, refer to "The Job View" on page 331. © 2016 Autotask Corporation l Page 367 of 487 Field Description Open Alerts Displays the number of devices with open alerts of priority 1 - 5. Refer to "About the Monitor Alerts Page" on page 346. Icons on the page: Icon Name Description Refresh Hover over each section and click on the Refresh icon to refresh the data displayed. In Kiosk Mode, you can also click on the Refresh Now button on the top of the page. Information Hover over the Notifications section to see the icon and display the priority legend of the raised alerts. Security Status Field Description Anti-Spyware Summary Shows the number of devices that have: • At least one active and updated anti-spyware product • At least one active but not up-to-date anti-spyware product • No active anti-spyware product © 2016 Autotask Corporation l Page 368 of 487 Field Description Anti-Virus Summary / AEM Managed Anti-Virus Summary This section will display a different name and information, depending on whether you have configured the Kaspersky Endpoint Security (KES) Integration or the Webroot Endpoint Security Integration. Refer to "Kaspersky Endpoint Security Integration" on page 208 and "Webroot Endpoint Security Integration" on page 218. Without any of the above integrations enabled, the section is called Anti-Virus Summary and shows the number of devices that have: • At least one active and updated anti-virus product • At least one active but not up-to-date anti-virus product • No active anti-virus product With any of the above integrations enabled, the section is called AEM Managed Anti-Virus Summary and shows: • The total number of devices targeted in security management policies. Note that this number may not match the sum of devices listed for the various statuses below as one device may be listed for more than one status. (For example, the same device may be listed for the status "Installed, not active" and "No valid license".) The following device statuses are displayed: • Installed & Active • Not Installed • Installed, not Active • Reboot Required • Active Threats • Needs Update • No Valid License Firewall Summary It shows the number of devices that have: • At least one active firewall product • No active firewall product Security Status information is displayed for Windows devices only. It does not include anti-spyware status for Windows XP devices and the status of servers (as they do not report security center information). Click the hyperlinked number of devices next to any status to see the list of devices of that status. The name of the anti-spyware, anti-virus and firewall products is listed under each section, along with their status: Icon Description Enabled and up to date Enabled but not up to date Disabled © 2016 Autotask Corporation l Page 369 of 487 By clicking on the Show/Hide Graph icon in the Anti-Spyware Summary, Anti-Virus Summary and Firewall Summary areas, you can see a graphical representation of the data. © 2016 Autotask Corporation l Page 370 of 487 Account Activity Permission to view or manage Account > Report Account > Report > toggle to Activity Log At account level, the Report > Activity Log page only shows devices that were moved between sites. This is used primarily in billing to show the movement of devices between Managed sites and the nonchargeable OnDemand sites. © 2016 Autotask Corporation l Page 371 of 487 Device Activity Permission to view Sites > Devices Sites > click on a site > Devices > click on a device > Report > toggle to the Activity Log view The Activity Log view shows a list of all activities associated with a specific device, no matter who performed the activity. The listed items include patch installations, jobs, remote takeovers, password changes, or even data about when the device was moved from one site to another. The following information is displayed in this area: Field Description Type Type of activity represented by its icon. Name Name of the activity. Job names are hyperlinked. Clicking on the link will direct you to "The Job View" on page 331. Started Start date of the activity. Ended End date of the activity. Policy Name of the policy that targeted the device. Status Status of the activity. For patches, it shows failure error codes where applicable. Results If a summary icon Progress A color indicator of the progress of the activity. Green - Completed. Red - Failed. For more information on job results, click on the name of the job and refer to "The Job View" on page 331. Stdout Click on the icon to view the Stdout (standard output) message for the device. Although Stdout is normally used for jobs, patch run information is also stored here. Stderr Click on the icon to view the Stderr (standard error) message for the device. is displayed, you can click on it for more information about the activity results. The most recent activities are also displayed on the "Device Summary" on page 119 page. © 2016 Autotask Corporation l Page 372 of 487 User Activity Administrator Setup > Activity Log Setup > Users > toggle to Activity Log AEM creates a log of all user activity in both the Web Portal and the Agent. This log is accessible by folowing either of these paths: l Setup > Activity Log l Setup > Users > toggle to the Activity Log view Activities associated with a specific device can be viewed on the Device > Report tab when you toggle to the Activity Log view. Refer to "Device Activity" on page 372. How to... Review the activity log The activity log is a list that can display up to 250 records per page. It can be sorted by Date/Time, User or IP Address. The default sort order is Date/Time. Name Description Selection check box Click the check box in the header row to select all rows, or click one or more rows to perform an action. Date/Time It displays the time zone, date and time when the activity was carried out. © 2016 Autotask Corporation l Page 373 of 487 Name Description User It displays the username of the user who performed the activity. IP Address It displays the public IP address the user logged in from. Details It displays the entity the activity was performed on, and the action that was performed. Parameters It displays the fields and values of the affected entity. Search for activities of a specific user 1. In the Users field, select a Username and click Search. 2. To display the full list, select All and click Search. Search for activities during a date range 1. In the Date field, select the range from the list or specify a custom date and time range. 2. Click Apply. 3. To display the full list, clear the Date field. Export the activity log To export the Activity Log: 1. Search for the records you would like to export by performing one of the searches above. 2. Click the Export to CSV icon in the Action bar above the list. © 2016 Autotask Corporation l Page 374 of 487 3. Select the columns you want to export. 4. Click Save. The file will be downloaded to your workstation. © 2016 Autotask Corporation l Page 375 of 487 Find the Right Report Find reports by report level "Reports at Device Level" on page 377 "Reports at Site Level" on page 382 "Reports at Account Level" on page 412 Find reports by type "Reports on Alerts" on page 428 "Reports on Activities" on page 423 "Reports on Endpoints" on page 434 "Status and Health Reports" on page 449 "User Reports" on page 473 © 2016 Autotask Corporation l Page 376 of 487 Reports at Device Level Permission to view or manage Sites > Report Sites > select a site > Devices > select a Device > Report The date format for all reports is dd/mm/yy. Device reports report on one specific endpoint. The following reports are available at device level: 30 Day Device Activity Summary | 7 Day Device Activity Summary Description For the selected device, the report provides total activities and times by category of Jobs, Notes, Remote Shell and Remote Support for the previous 7 or 30 days. Then it lists details for each activity event, including username, date/time started and ended, and total time. 30 Day Device Alert Summary | 7 Day Device Alert Summary Description For the selected device, the report provides the total number of alerts and average response time by category for the previous 7 or 30 days. Then it lists details for each alert, including priority, alert date and time, end time and time of response. © 2016 Autotask Corporation l Page 377 of 487 Device Change Log Description For the selected device, the report lists changes to the system since the Agent was first installed, when software was changed, added or deleted. It includes date and IP address. © 2016 Autotask Corporation l Page 378 of 487 Device Summary Description The report lists system, hardware and software information for the selected device. It includes Agent version, domain, last user, last audit date, last seen date, if the device is online and if the web port is OK, manufacturer, model, operating system, service pack, and serial number. It also reports on status of security options such as antivirus, firewall and updates, hardware information such as ID, motherboard, processor, memory, storage, display and network adapters, and monitor information. It lists all software with version number. © 2016 Autotask Corporation l Page 379 of 487 Monitor Alerts Report (Device Level) Description The report lists each alert for the selected device by type and includes alert message, priority and time of alert. © 2016 Autotask Corporation l Page 380 of 487 © 2016 Autotask Corporation l Page 381 of 487 Reports at Site Level Permission to view or manage Sites > Report Sites > select a site > Report The date format for all reports is dd/mm/yy. Site reports report data on the selected site only. The following reports are available at site level: 30 Day - Executive Summary Report (Site Level) For the selected site, this monthly report provides quick access to information on the performance and health of your IT systems. It provides an overview of the current status of your servers (inventory, disk usage, patch status, approved pending patches, % of time when connected to the platform) and workstations (replacement recommendations, operating systems in use, inventory checks). It details your workstations' hardware inventory, as well as their disk usage, patch status and Description approved pending patches. It lists your managed network devices and managed mobile devices. It summarizes the monitoring alerts (by totals per category) and the activity on your devices (by totals per category, total time and the number of activities of the top 5 devices). The report is also available in German upon request by contacting Autotask Customer Support. © 2016 Autotask Corporation l Page 382 of 487 © 2016 Autotask Corporation l Page 383 of 487 © 2016 Autotask Corporation l Page 384 of 487 30 Day - Executive Summary Report - Only Servers and Workstations (Site Level) For the selected site, this monthly report provides quick access to information on the current status of your servers (inventory, disk usage, patch status, approved pending patches, % of time when connected to the platform) and workstations (replacement recommendations, operating systems in use, inventory Description checks). It also details your workstations' hardware inventory, as well as their disk usage, patch status and approved pending patches. The report is also available in German upon request by contacting Autotask Customer Support. © 2016 Autotask Corporation l Page 385 of 487 © 2016 Autotask Corporation l Page 386 of 487 30 Day Site Activity Summary | 7 Day Site Activity Summary Description For the selected site, the report provides total activities and times by category of Jobs, Notes, Remote Shell and Remote Support for the previous 7 or 30 days. It also lists the top 5 devices associated with the site by number of activities. Then lists details for each activity, by device. © 2016 Autotask Corporation l Page 387 of 487 30 Day Site Alert Summary | 7 Day Site Alert Summary Description For the selected site, the report provides the total number of alerts and average response time by category for the previous 7 or 30 days. It also lists the top 5 devices associated with the site by number of alerts. Then it lists details for each alert by device, including priority, alert date and time, end time and time of response. © 2016 Autotask Corporation l Page 388 of 487 30 Day Site Executive Summary | 7 Day Site Executive Summary Description For the selected site, the report provides a snapshot for the last 7 or 30 days of the site's overall health as measured by server uptime and desktop anti-virus coverage. It lists the top 5 devices by activity and by alerts. It summarizes activities and alerts by totals per category, total time and average response time. It lists assets and top 5 storage devices, broken down by servers and desktops. © 2016 Autotask Corporation l Page 389 of 487 Computer Summary Description The report lists the computers associated with the selected site. It includes name, processor, operating system and service pack, memory, letter label, total drive space, amount and percentage of free space. © 2016 Autotask Corporation l Page 390 of 487 Critical 3rd-Party Software Summary Report Description The report lists all Windows and Mac devices in the site (sorted by operating system and device name) showing the version or multiple versions of critical 3rd-party software. If no application is found, the cell remains empty. Customer Health Summary Description The report lists health information for all devices in selected site. It displays a summary about hardware, security and maintenance software, and players and readers installed on the devices. The summary section shows how many devices have failed or passed the test and if there is any device with a warning. The report also lists the results for each individual device in the details section. © 2016 Autotask Corporation l Page 391 of 487 Detailed Computer Audit Description For the selected site, detailed information on each computer, including hardware information such as asset tag and date, serial number, domain and username, virus scanner details, Windows update, date of last contact, OS, processor, memory, motherboard, BIOS, IP and MAC addresses, video, and physical disk drive size and free space. © 2016 Autotask Corporation l Page 392 of 487 Exception Report Description For the selected site, a summary of all MS Windows devices, including warnings for devices without updated anti-virus, MS updates, or firewall, and devices with low free disk space or not online this month. © 2016 Autotask Corporation l Page 393 of 487 Health Report Description Summary for all devices associated with the selected site, broken down by servers and workstations, with and without warnings. The report lists alerts, jobs run, and remote takeover minutes. It shows alert turnaround time summary. It lists individual devices by hostname, IP address, and last logged in user. It shows warnings for devices without updated anti-virus, anti-spyware, MS updates or firewalls. It also shows warnings for devices with low disk space and not online this month. © 2016 Autotask Corporation l Page 394 of 487 Inventory Age Description Inventory age report on all devices associated with the selected site. It displays replacement recommendations for the next 12 months to two years. It lists operating systems in use. It lists individual devices by name, last user, serial number and build date. It includes warnings for low memory, free disk space or not online this month. © 2016 Autotask Corporation l Page 395 of 487 Microsoft License Description Microsoft license report for devices in the selected site, listing software type, Microsoft product name, and quantity of devices with that product installed. © 2016 Autotask Corporation l Page 396 of 487 Monitor Alerts Report (Site Level) Description Lists device name, alert type, alert message and priority, and date/time of alert. Patch Management Activity Report (30-days) Description For the selected site, the report lists all Windows devices and all patches installed on them in the last 30 days. The devices are listed by name, and the patches installed on each device are sorted by installation time stamp (newest on top). The patch information includes the name, type, priority, publish date (the date when Microsoft made the patch available), and install status of the patch. The total number of patches installed in the site is displayed at the top of the report. © 2016 Autotask Corporation l Page 397 of 487 Patch Management Detailed Report Description The report lists each device in the selected site, with number of patches released, patches installed and approved pending patches, percent of approved pending patches, and number of alerts. It separately lists devices requiring attention, and provides a summary and analysis of fully patched/not fully patched devices. It includes a detailed list of patches by device, with name, critical rating and installation status. © 2016 Autotask Corporation l Page 398 of 487 Patch Management Summary Report Description The report graphically shows percentage of devices in a site that are fully patched or missing specific number of patches. It lists devices with the number of approved pending patches. It lists each device in the site with the number of patches released, patches installed and approved pending patches. © 2016 Autotask Corporation l Page 399 of 487 Server Performance Report (Site Level) Description The report shows the CPU, Memory and Disk performance of the servers in a site over the last 30 days, including the average of the CPU and Memory, and the delta of the available disk space. © 2016 Autotask Corporation l Page 400 of 487 Site Activity Description The report lists Jobs, Notes and Remote Takeover sessions for all devices in the selected site over the last 30 days. © 2016 Autotask Corporation l Page 401 of 487 Site Device Description The report lists all devices in the selected site with their IP Address, last updated date, model, serial number and last logged-on user. Site Health Description The report displays the number of devices in the selected site by operating system, including build number. It lists the number of devices without updated anti-virus, MS updates or firewall, with low free disk space or memory, and devices not online this month. It lists each device by name with last logged-in user, and their individual status for previous mentioned criteria. © 2016 Autotask Corporation l Page 402 of 487 Site IP Information Description The report lists each device in the selected site with adapter name and IP address. Site Remote Takeover Report Description The report lists all the remote control sessions for a site in the last 30 days. The report includes username, site and hostname, start and end date and time, length, and the icon of the remote takeover tool that was used. © 2016 Autotask Corporation l Page 403 of 487 Site Serial Numbers Description The report lists each device in the selected site with serial number. Site Server Storage Description The report lists all servers associated with a site with drive letter, size, amount and percentage of free space. © 2016 Autotask Corporation l Page 404 of 487 Site Software Description The report lists all software (excluding hotfixes and updates) for all devices in the selected site, with number of installations. Site Software and Hotfixes Description The report lists all software (including hotfixes and updates) for all devices in the selected site, with number of installations. © 2016 Autotask Corporation l Page 405 of 487 Site Storage Description The report displays fixed storage information for all devices in the selected site. It lists device by name, with drive letter, size, and amount and percentage of free space. © 2016 Autotask Corporation l Page 406 of 487 Site User-Defined Fields 1-10 Description Report on User-Defined Fields 1-10 in the selected site. Site User-Defined Fields 1-3 Description Report on User-Defined Fields 1-3 in the selected site. Site User-Defined Fields 1-5 Description Report on User-Defined Fields 1-5 in the selected site. © 2016 Autotask Corporation l Page 407 of 487 Software Audit Report Description For the selected site, for each device grouped separately, the report lists all software installed on that device, including software package name and version. The report displays Windows, Mac, Linux, and mobile devices. © 2016 Autotask Corporation l Page 408 of 487 User Software Install Description For the selected site, the report lists all software installed on all devices in the previous month, including software name, version, whether the software was changed, added or deleted, and the date the action was taken. © 2016 Autotask Corporation l Page 409 of 487 Webroot Report Description The report lists total number of devices targeted/not targeted by a Webroot policy. It shows number of devices that require attention and number of devices that are currently infected. It displays number of active and removed threats. It details security status of devices targeted by a Webroot policy, including Webroot Console Group, Site Key, Webroot status, whether remediation is enabled, attention is required and if the device is currently infected. © 2016 Autotask Corporation l Page 410 of 487 © 2016 Autotask Corporation l Page 411 of 487 Reports at Account Level Permission to view or manage Account > Report Account > Report The date format for all reports is dd/mm/yy. Account reports report data on everything in your account. The following reports are available at account level: 30 Day Account Activity Summary | 7 Day Account Activity Summary Description For the previous 7 or 30 days, the report lists the top 5 sites by number of activities. Then for each site in the database, it lists activities by category with totals and detail amounts. Categories include Jobs, Notes, Remote Shell and Remote Support. © 2016 Autotask Corporation l Page 412 of 487 30 Day Account Alert Summary | 7 Day Account Alert Summary Description For the previous 7 or 30 days, the report lists the top 5 sites by number of alerts. Then for each site in the database, it lists alerts by type with total number and total time. © 2016 Autotask Corporation l Page 413 of 487 30 Day Account Executive Summary | 7 Day Account Executive Summary Description For the last 7 or 30 days, the report lists the top 5 sites by activities and by alerts. Then for each site in the database, it lists totals for activities and alerts by category, and individual user activity. © 2016 Autotask Corporation l Page 414 of 487 30 Day Account User Summary | 7 Day Account User Summary Description For the previous 7 or 30 days, the report lists activities by category, with total quantity and details such as number of devices or total time. Then for each username, it lists associated site, activity, time started and ended and total time. © 2016 Autotask Corporation l Page 415 of 487 Account Server IP Information Description IP address information for all servers in the account, listed by site. © 2016 Autotask Corporation l Page 416 of 487 Account Server Storage Description Fixed storage information for all servers in the account, listed by site. It includes drive label, size, amount and percentage of space, graphically displayed. Account Server Summary Description The report lists all servers in the account, with detailed information including domain name, model, operating system, serial number, motherboard, processor, memory, storage and network adapters. © 2016 Autotask Corporation l Page 417 of 487 KES Report Description The report lists total number of devices targeted/not targeted by a Kaspersky Endpoint Security (KES) policy. It shows number of devices that require reboot and number of devices that are currently infected. It displays number of active and removed threats. It details security status of devices targeted by a KES policy, including KES license key and activation code, KES status, whether reboot is required and if the device is currently infected. It lists number of detected threats and number of active threats. © 2016 Autotask Corporation l Page 418 of 487 Monitor Alerts Report (Account Level) Description In order of number of active alerts, the report lists site, device name, total number of active alerts, and number of active alerts broken down by device and priority. © 2016 Autotask Corporation l Page 419 of 487 Remote Activity Description The report lists all the remote control sessions in the account in the last calendar month. The report includes username, site and hostname, start and end date and time, length, and the remote takeover tool that was used. Server Performance Report (Account Level) Description The report shows the CPU, Memory and Disk performance of the servers in the entire account over the last 30 days, including the average of the CPU and Memory, and the delta of the available disk space. © 2016 Autotask Corporation l Page 420 of 487 Webroot Report Description The report lists total number of devices targeted/not targeted by a Webroot policy. It shows number of devices that require attention and number of devices that are currently infected. It displays number of active and removed threats. It details security status of devices targeted by a Webroot policy, including Webroot Console Group, Site Key, Webroot status, whether remediation is enabled, attention is required and if the device is currently infected. © 2016 Autotask Corporation l Page 421 of 487 © 2016 Autotask Corporation l Page 422 of 487 Reports on Activities Device and site reports: permission to view or manage Sites > Report Account reports: permission to view or manage Account > Report Sites > click on a site > Devices > click on a device > Report Sites > click on a site > Report Account > Report Activities are the response to an issue or a proactive measure that involves a user. Activities include running jobs, entering notes, or launching a RemoteShell or Remote Support Session using the Agent Browser. Reports on activities can be run at device, site and account level. The date format for all reports is dd/mm/yy. 30 Day Device Activity Summary | 7 Day Device Activity Summary Description For the selected device, the report provides total activities and times by category of Jobs, Notes, Remote Shell and Remote Support for the previous 7 or 30 days. Then it lists details for each activity event, including username, date/time started and ended, and total time. © 2016 Autotask Corporation l Page 423 of 487 30 Day Site Activity Summary | 7 Day Site Activity Summary Description For the selected site, the report provides total activities and times by category of Jobs, Notes, Remote Shell and Remote Support for the previous 7 or 30 days. It also lists the top 5 devices associated with the site by number of activities. Then lists details for each activity, by device. © 2016 Autotask Corporation l Page 424 of 487 Site Activity Description The report lists Jobs, Notes and Remote Takeover sessions for all devices in the selected site over the last 30 days. 30 Day Account Activity Summary | 7 Day Account Activity Summary Description For the previous 7 or 30 days, the report lists the top 5 sites by number of activities. Then for each site in the database, it lists activities by category with totals and detail amounts. Categories include Jobs, Notes, Remote Shell and Remote Support. © 2016 Autotask Corporation l Page 425 of 487 Remote Activity Description The report lists all the remote control sessions in the account in the last calendar month. The report includes username, site and hostname, start and end date and time, length, and the remote takeover tool that was used. © 2016 Autotask Corporation l Page 426 of 487 Site Remote Takeover Report Description The report lists all the remote control sessions for a site in the last 30 days. The report includes username, site and hostname, start and end date and time, length, and the icon of the remote takeover tool that was used. © 2016 Autotask Corporation l Page 427 of 487 Reports on Alerts Device and site reports: permission to view or manage Sites > Report Account reports: permission to view or manage Account > Report Sites > click on a site > Devices > click on a device > Report Sites > click on a site > Report Account > Report An alert is the automatic response to a device operating outside of the parameters defined in a monitor. Reports on alerts can be run at device, site and account level. The date format for all reports is dd/mm/yy. 30 Day Device Alert Summary | 7 Day Device Alert Summary Description For the selected device, the report provides the total number of alerts and average response time by category for the previous 7 or 30 days. Then it lists details for each alert, including priority, alert date and time, end time and time of response. © 2016 Autotask Corporation l Page 428 of 487 30 Day Site Alert Summary | 7 Day Site Alert Summary Description For the selected site, the report provides the total number of alerts and average response time by category for the previous 7 or 30 days. It also lists the top 5 devices associated with the site by number of alerts. Then it lists details for each alert by device, including priority, alert date and time, end time and time of response. © 2016 Autotask Corporation l Page 429 of 487 30 Day Account Alert Summary | 7 Day Account Alert Summary Description For the previous 7 or 30 days, the report lists the top 5 sites by number of alerts. Then for each site in the database, it lists alerts by type with total number and total time. © 2016 Autotask Corporation l Page 430 of 487 Monitor Alerts Report (Device Level) Description The report lists each alert for the selected device by type and includes alert message, priority and time of alert. © 2016 Autotask Corporation l Page 431 of 487 Monitor Alerts Report (Site Level) Description Lists device name, alert type, alert message and priority, and date/time of alert. Monitor Alerts Report (Account Level) Description In order of number of active alerts, the report lists site, device name, total number of active alerts, and number of active alerts broken down by device and priority. © 2016 Autotask Corporation l Page 432 of 487 © 2016 Autotask Corporation l Page 433 of 487 Reports on Endpoints Device and site reports: permission to view or manage Sites > Report Account reports: permission to view or manage Account > Report Sites > click on a site > Devices > click on a device > Report Sites > click on a site > Report Account > Report Reports on Endpoints contain information about the hardware and software of endpoints, including OS, processor, memory, motherboard, BIOS, IP and MAC addresses, video, and physical disk drive size and free space, installed software, Microsoft licenses etc. The date format for all reports is dd/mm/yy. At device level Device Change Log Description For the selected device, the report lists changes to the system since the Agent was first installed, when software was changed, added or deleted. It includes date and IP address. © 2016 Autotask Corporation l Page 434 of 487 Device Summary Description The report lists system, hardware and software information for the selected device. It includes Agent version, domain, last user, last audit date, last seen date, if the device is online and if the web port is OK, manufacturer, model, operating system, service pack, and serial number. It also reports on status of security options such as antivirus, firewall and updates, hardware information such as ID, motherboard, processor, memory, storage, display and network adapters, and monitor information. It lists all software with version number. © 2016 Autotask Corporation l Page 435 of 487 At site level Computer Summary Description The report lists the computers associated with the selected site. It includes name, processor, operating system and service pack, memory, letter label, total drive space, amount and percentage of free space. © 2016 Autotask Corporation l Page 436 of 487 Critical 3rd-Party Software Summary Report Description The report lists all Windows and Mac devices in the site (sorted by operating system and device name) showing the version or multiple versions of critical 3rd-party software. If no application is found, the cell remains empty. Detailed Computer Audit Description For the selected site, detailed information on each computer, including hardware information such as asset tag and date, serial number, domain and username, virus scanner details, Windows update, date of last contact, OS, processor, memory, motherboard, BIOS, IP and MAC addresses, video, and physical disk drive size and free space. © 2016 Autotask Corporation l Page 437 of 487 Microsoft License Description Microsoft license report for devices in the selected site, listing software type, Microsoft product name, and quantity of devices with that product installed. © 2016 Autotask Corporation l Page 438 of 487 Server Performance Report (Site Level) Description The report shows the CPU, Memory and Disk performance of the servers in a site over the last 30 days, including the average of the CPU and Memory, and the delta of the available disk space. © 2016 Autotask Corporation l Page 439 of 487 Site Device Description The report lists all devices in the selected site with their IP Address, last updated date, model, serial number and last logged-on user. © 2016 Autotask Corporation l Page 440 of 487 Site IP Information Description The report lists each device in the selected site with adapter name and IP address. Site Server Storage Description The report lists all servers associated with a site with drive letter, size, amount and percentage of free space. © 2016 Autotask Corporation l Page 441 of 487 Site Storage Description The report displays fixed storage information for all devices in the selected site. It lists device by name, with drive letter, size, and amount and percentage of free space. Site Software Description The report lists all software (excluding hotfixes and updates) for all devices in the selected site, with number of installations. © 2016 Autotask Corporation l Page 442 of 487 Software Audit Report Description For the selected site, for each device grouped separately, the report lists all software installed on that device, including software package name and version. The report displays Windows, Mac, Linux, and mobile devices. © 2016 Autotask Corporation l Page 443 of 487 User Software Install Description For the selected site, the report lists all software installed on all devices in the previous month, including software name, version, whether the software was changed, added or deleted, and the date the action was taken. © 2016 Autotask Corporation l Page 444 of 487 At account level Account Server IP Information Description IP address information for all servers in the account, listed by site. © 2016 Autotask Corporation l Page 445 of 487 Account Server Storage Description Fixed storage information for all servers in the account, listed by site. It includes drive label, size, amount and percentage of space, graphically displayed. Account Server Summary Description The report lists all servers in the account, with detailed information including domain name, model, operating system, serial number, motherboard, processor, memory, storage and network adapters. © 2016 Autotask Corporation l Page 446 of 487 Server Performance Report (Account Level) Description The report shows the CPU, Memory and Disk performance of the servers in the entire account over the last 30 days, including the average of the CPU and Memory, and the delta of the available disk space. © 2016 Autotask Corporation l Page 447 of 487 © 2016 Autotask Corporation l Page 448 of 487 Status and Health Reports Device and site reports: permission to view or manage Sites > Report Account reports: permission to view or manage Account > Report Sites > click on a site > Devices > click on a device > Report Sites > click on a site > Report Account > Report The reports in this group assess the status and health of the account, sites or devices, and give warnings about things like missing anti-virus software, critical 3rd-party software, low disk space or machines with lots of alerts. The date format for all reports is dd/mm/yy. 30 Day - Executive Summary Report (Site Level) For the selected site, this monthly report provides quick access to information on the performance and health of your IT systems. It provides an overview of the current status of your servers (inventory, disk usage, patch status, approved pending patches, % of time when connected to the platform) and workstations (replacement recommendations, operating systems in use, inventory checks). It details your workstations' hardware inventory, as well as their disk usage, patch status and Description approved pending patches. It lists your managed network devices and managed mobile devices. It summarizes the monitoring alerts (by totals per category) and the activity on your devices (by totals per category, total time and the number of activities of the top 5 devices). The report is also available in German upon request by contacting Autotask Customer Support. © 2016 Autotask Corporation l Page 449 of 487 © 2016 Autotask Corporation l Page 450 of 487 © 2016 Autotask Corporation l Page 451 of 487 30 Day - Executive Summary Report - Only Servers and Workstations (Site Level) For the selected site, this monthly report provides quick access to information on the current status of your servers (inventory, disk usage, patch status, approved pending patches, % of time when connected to the platform) and workstations (replacement recommendations, operating systems in use, inventory Description checks). It also details your workstations' hardware inventory, as well as their disk usage, patch status and approved pending patches. The report is also available in German upon request by contacting Autotask Customer Support. © 2016 Autotask Corporation l Page 452 of 487 © 2016 Autotask Corporation l Page 453 of 487 30 Day Site Executive Summary | 7 Day Site Executive Summary Description For the selected site, the report provides a snapshot for the last 7 or 30 days of the site's overall health as measured by server uptime and desktop anti-virus coverage. It lists the top 5 devices by activity and by alerts. It summarizes activities and alerts by totals per category, total time and average response time. It lists assets and top 5 storage devices, broken down by servers and desktops. © 2016 Autotask Corporation l Page 454 of 487 30 Day Account Executive Summary | 7 Day Account Executive Summary Description For the last 7 or 30 days, the report lists the top 5 sites by activities and by alerts. Then for each site in the database, it lists totals for activities and alerts by category, and individual user activity. © 2016 Autotask Corporation l Page 455 of 487 Critical 3rd-Party Software Summary Report Description The report lists all Windows and Mac devices in the site (sorted by operating system and device name) showing the version or multiple versions of critical 3rd-party software. If no application is found, the cell remains empty. © 2016 Autotask Corporation l Page 456 of 487 Customer Health Summary Description The report lists health information for all devices in selected site. It displays a summary about hardware, security and maintenance software, and players and readers installed on the devices. The summary section shows how many devices have failed or passed the test and if there is any device with a warning. The report also lists the results for each individual device in the details section. © 2016 Autotask Corporation l Page 457 of 487 Detailed Computer Audit Description For the selected site, detailed information on each computer, including hardware information such as asset tag and date, serial number, domain and username, virus scanner details, Windows update, date of last contact, OS, processor, memory, motherboard, BIOS, IP and MAC addresses, video, and physical disk drive size and free space. © 2016 Autotask Corporation l Page 458 of 487 Device Summary Description The report lists system, hardware and software information for the selected device. It includes Agent version, domain, last user, last audit date, last seen date, if the device is online and if the web port is OK, manufacturer, model, operating system, service pack, and serial number. It also reports on status of security options such as antivirus, firewall and updates, hardware information such as ID, motherboard, processor, memory, storage, display and network adapters, and monitor information. It lists all software with version number. © 2016 Autotask Corporation l Page 459 of 487 Exception Report Description For the selected site, a summary of all MS Windows devices, including warnings for devices without updated anti-virus, MS updates, or firewall, and devices with low free disk space or not online this month. © 2016 Autotask Corporation l Page 460 of 487 Health Report Description Summary for all devices associated with the selected site, broken down by servers and workstations, with and without warnings. The report lists alerts, jobs run, and remote takeover minutes. It shows alert turnaround time summary. It lists individual devices by hostname, IP address, and last logged in user. It shows warnings for devices without updated anti-virus, anti-spyware, MS updates or firewalls. It also shows warnings for devices with low disk space and not online this month. © 2016 Autotask Corporation l Page 461 of 487 Inventory Age Description Inventory age report on all devices associated with the selected site. It displays replacement recommendations for the next 12 months to two years. It lists operating systems in use. It lists individual devices by name, last user, serial number and build date. It includes warnings for low memory, free disk space or not online this month. © 2016 Autotask Corporation l Page 462 of 487 KES Report Description The report lists total number of devices targeted/not targeted by a Kaspersky Endpoint Security (KES) policy. It shows number of devices that require reboot and number of devices that are currently infected. It displays number of active and removed threats. It details security status of devices targeted by a KES policy, including KES license key and activation code, KES status, whether reboot is required and if the device is currently infected. It lists number of detected threats and number of active threats. © 2016 Autotask Corporation l Page 463 of 487 Patch Management Activity Report (30-days) Description For the selected site, the report lists all Windows devices and all patches installed on them in the last 30 days. The devices are listed by name, and the patches installed on each device are sorted by installation time stamp (newest on top). The patch information includes the name, type, priority, publish date (the date when Microsoft made the patch available), and install status of the patch. The total number of patches installed in the site is displayed at the top of the report. © 2016 Autotask Corporation l Page 464 of 487 Patch Management Detailed Report Description The report lists each device in the selected site, with number of patches released, patches installed and approved pending patches, percent of approved pending patches, and number of alerts. It separately lists devices requiring attention, and provides a summary and analysis of fully patched/not fully patched devices. It includes a detailed list of patches by device, with name, critical rating and installation status. © 2016 Autotask Corporation l Page 465 of 487 Patch Management Summary Report Description The report graphically shows percentage of devices in a site that are fully patched or missing specific number of patches. It lists devices with the number of approved pending patches. It lists each device in the site with the number of patches released, patches installed and approved pending patches. © 2016 Autotask Corporation l Page 466 of 487 Site Health Description The report displays the number of devices in the selected site by operating system, including build number. It lists the number of devices without updated anti-virus, MS updates or firewall, with low free disk space or memory, and devices not online this month. It lists each device by name with last logged-in user, and their individual status for previous mentioned criteria. © 2016 Autotask Corporation l Page 467 of 487 Site Software Description The report lists all software (excluding hotfixes and updates) for all devices in the selected site, with number of installations. © 2016 Autotask Corporation l Page 468 of 487 Site Software and Hotfixes Description The report lists all software (including hotfixes and updates) for all devices in the selected site, with number of installations. © 2016 Autotask Corporation l Page 469 of 487 Software Audit Report Description For the selected site, for each device grouped separately, the report lists all software installed on that device, including software package name and version. The report displays Windows, Mac, Linux, and mobile devices. © 2016 Autotask Corporation l Page 470 of 487 Webroot Report Description The report lists total number of devices targeted/not targeted by a Webroot policy. It shows number of devices that require attention and number of devices that are currently infected. It displays number of active and removed threats. It details security status of devices targeted by a Webroot policy, including Webroot Console Group, Site Key, Webroot status, whether remediation is enabled, attention is required and if the device is currently infected. © 2016 Autotask Corporation l Page 471 of 487 © 2016 Autotask Corporation l Page 472 of 487 User Reports Permission to view or manage Account > Report Account > Report The date format for all reports is dd/mm/yy. 30 Day Account User Summary | 7 Day Account User Summary Description For the previous 7 or 30 days, the report lists activities by category, with total quantity and details such as number of devices or total time. Then for each username, it lists associated site, activity, time started and ended and total time. © 2016 Autotask Corporation l Page 473 of 487 Remote Activity Description The report lists all the remote control sessions in the account in the last calendar month. The report includes username, site and hostname, start and end date and time, length, and the remote takeover tool that was used. © 2016 Autotask Corporation l Page 474 of 487 Site Remote Takeover Report Description The report lists all the remote control sessions for a site in the last 30 days. The report includes username, site and hostname, start and end date and time, length, and the icon of the remote takeover tool that was used. © 2016 Autotask Corporation l Page 475 of 487 Schedule and Run a Report Permission to view Account > Report and/or Sites > Report Account > Report Sites > click on a site > Report Sites > click on a site > Devices > click on a device > Report You can run reports at the account, site and device level either immediately, or at a preset schedule. To schedule or run a report: 1. Log into the Web Portal. 2. Navigate to one of the locations you can run a report from: a. Account > Report b. Sites > click on a site > Report c. Sites > click on a site > Devices > click on a device > Report 3. To immediately run a report, click the PDF or Excel icon in the Run Now column. 4. Once the report is created, you'll see a notification appear in the top right of the browser window. Click the Download link to download and view the report. 5. To create a schedule for running one or multiple reports once or on a recurring schedule, select the report or reports you want to schedule. 6. Click the Schedule selected reports icon. The New Report Schedule page opens. 7. Complete the following fields: Field Description General Name Enter a name for the report schedule. Best Practice: Include the report level (account, site, device, group or filter) in the name. © 2016 Autotask Corporation l Page 476 of 487 Field Description Description Enter a more detailed description. Schedule By default, the report will be executed immediately. To schedule the report for later or for recurring execution, click Click to change... In the Schedule window, select one of the following: Immediately - The report will run as soon as it is saved. At selected date and time - The report will run once at the selected date and time. Weekly - The report will run every week on all selected days at the time indicated in the Start field. Monthly - The report will run in the selected months on the selected days. Monthly day of week - The report will run in the selected months on the specified occurrence of the selected days of the week. Yearly - The report will run on the selected day (1 - 365) each year. Click OK to close the scheduling window. Enabled By default, the report schedule is enabled. If you want to disable the report schedule without deleting it, uncheck this option. Reports Select... Select the reports you would like to run at the scheduled time. For each report, select PDF or Excel output. The default is PDF. Email Recipients Subject Enter the Subject line for the email the report will be attached to. Body Compose the text that will appear in the body of the email. Default Account Report Recipients Checked by default. The email will be sent to all mail recipients that are identified in Account Settings in the Mail Recipients section that also have Reports checked in the Receives column. Default Site Report Recipients (at Site level) Unchecked by default. The email will be sent to all mail recipients that are identified on the Site > Settings page in the Mail Recipients section that also have Reports checked in the Receives column. Additional Recipients Click the plus icon to enter the name and email address of additional report recipients. The email field only accepts the following characters: a-z, A-Z, 0-9, @, and !#$%&'`*+-|/=?^_{}~. 8. Click Save. The report schedule is now created and, if the report was scheduled for immediate delivery, the report is generated and emailed to all recipients. © 2016 Autotask Corporation l Page 477 of 487 If the report was scheduled for one-time delivery in the future, or was scheduled for recurring delivery, it will appear on the Scheduled Reports > Active Reports tab. Completed reports or report instances will appear on the Completed Reports tab. Refer to "Manage Reports" on page 479. © 2016 Autotask Corporation l Page 478 of 487 Manage Reports Permission to view or manage Reports Scheduled Reports About the Scheduled Reports Page Tabs The Scheduled Reports page has two tabs, Active Reports and Completed Reports. l l Active reports are scheduled to be run in the future, or in the case of recurring reports, have instances that will be run in the future Completed reports have already been run, and the status shows Completed The columns and list features are identical. Views The Views radio buttons allow you to filter the reports on each tab. By default, you will see all active or completed reports, but you can click the following views: l l Run Once - This selection will display reports that were scheduled to run immediately or at a selected date and time. Recurring - This selection will display reports that were scheduled to run daily, weekly, monthly, monthly day of week, and yearly. For information on how to schedule reports, refer to "Schedule and Run a Report" on page 476. Actions icons Icon Name Description Delete Scheduled Report(s) Allows you to delete selected reports. Refresh Refreshes the current view. Column Descriptions Field Description Selection check box Check to select one or multiple reports. © 2016 Autotask Corporation l Page 479 of 487 Field Description Report Inform- Hovering over the information icon will show a tooltip with the details of this report schedule. ation Name The name the report was given when it was set up. Click on the name to edit the report schedule. Refer to "Edit report " on page 480. Schedule Shows the schedule set up for the report. For information on how to schedule reports, refer to "Schedule and Run a Report" on page 476. Report Type Indicates the report level: account, site or device. Refer to "Activity Logs and Reports" on page 364. Reports The number of reports that are included in this schedule. Next Run Time Date, Time and Time Zone when the report is scheduled to be run. Last Run Time Date, Time and Time Zone when the report was last run. Status The status of the report schedule: Scheduled or Completed. On the Active Reports tab, the status will remain Scheduled until the last run has been completed. Edit report When you click this icon, the Report Schedule page will open in a collapsed view. Click Edit in the header rows to change any settings. For field descriptions, refer to "Schedule and Run a Report" on page 476. Delete report Click this icon to delete a report schedule. © 2016 Autotask Corporation l Page 480 of 487 Index C A command prompt 38 compliant devices 189 active threats 205 component cache 34, 111 advanced integrated ticketing 345 component monitor 240, 338 agent component profile mapping 333 deploy and install 50 components 266 agent browser mode 74 create or edit 301 agent deployment 20 download 268 agent deployment methods 51 manage 333 agent policy 74 ComStore 189, 268 alert details 239 connect to device 119 alerts 345 connection broker 20, 29, 32 manage 346 CPU monitor 239 overview 345 custom agent settings 20 app store 189 custom component monitor 338 apple push certificate 82 custom fields 20, 38, 119 approved pending patches 147 custom labels 20 audit 106 D automatic suspension 125 B dashboard 365 Datto 198, 202 backup management 198 Datto device 198 Backup Management 145 Datto monitor 242 Bash 306 delete device 127 Batch 306, 338 delete job 326 best practice monitoring policies 256 delete profile 9 branded reboot reminder 160 ©2016 Autotask Corporation l Page 481 of 487 deploy agent energy usage 16 Active Directory 53 enroll iOS 82 email or download 57 enrollment 82 LAN / Agent Browser 59 ESXi CPU monitor 243 LAN / Web Portal 62 ESXi data store monitor 243 detected threats 205 ESXi datastore monitor 243 device ESXi devices 100 add discovered device as managed device 92 ESXi disk health monitor 243 ESXi fan monitor 243 cloning 73 ESXi host 100 delete 127 ESXi memory monitor 243 manage using SNMP 92 ESXi monitoring 104 summary 119 ESXi policy 104 device activity 372 ESXi PSU monitor 243 device discovery 183 ESXi temperature sensor monitor 243 device movement 371 Event Log Monitor 241 device overview 42 export policy 256 devices 16, 42 F ESXi 100 favorites 16 view discovered 92 favourites 16 devices list 115 disable Windows Updates 174 discovered network device 178 file / folder size monitor 241 filter definitions 130 filters 130 disk usage monitor 241 filters and groups 129 E G edit job 326 endpoint management 145 Gold List 189 ©2016 Autotask Corporation l Page 482 of 487 groups 142 iPad 82 guest machine 100 iPhone 82 H J hibernate 261 job alert 329 hidden discovered device 178 job view 331 hide AEM icon 74 K hide agent icon 74 Kaspersky 208 HTTP 27 Kaspersky Endpoint Security 205, 227 hypervisor 100 Kaspersky monitor 242 I import policy 256 KES monitor 242 kiosk mode 365 input variables 315 install agent 66 L license 106 Android 80 local cache 20, 34, 111 iOS 82 local storage 198 Linux 72 Mac 70 OS X 70 Windows 67 integrations Datto 202 Kaspersky 208 iOS 86 iOS agent 82 iOS app 189 iOS software management 189 M mail recipients 20 maintenance window 253 manage 100, 178 manage devices 115 manage monitors 239 manage policies 250 manage profiles 13 managed network device 178 Managed network device 96 Managed profile 7 ©2016 Autotask Corporation l Page 483 of 487 MDM 78, 82 non-compliant devices 189 MDM policy 86 notes 16 memory monitor 240 O message 124 offline monitoring 242 mobile 82 OnDemand profile 7 mobile app 189 online status monitor 239 mobile device management 78, 82, 86, 189 override 160 monitor 256 P monitor types 256 passcode 86 monitoring policy 256 patch cache 34, 111, 160 monitoring policy file 256 monitors 232, 239 patch dashboard 147 patch filter 160 overview 232 patch management 147 N network devices 178, 242 Patch Management 145 patch policies 174 manage 92 patch policy 160 monitor 92 patching 160 network management 92, 178, 183 pcy file 256 Network Management 145 policies 232, 250 network monitor component 96 Agent 74 network monitoring 242 ESXi 104 network monitors 96 Monitoring Maintenance 253 network node 92, 100, 183 overview 232 network printer 92 Patch Management 160 network scanning 92, 183 Power 261 Ninite 313 Windows Update 174 node score 29, 32 ©2016 Autotask Corporation l Page 484 of 487 policy refresh 265 R power options 261 RDP 119 power plan 261 reboot 160 power policy 261 redemption code 189 power rating 20 reg edit 38 PowerShell 306 regedit 38 process monitor 240 registry editor 38 profile 13 remove with MDM 189 add 9 reports summary 16 device level 377 profile credentials 20 find 376 profile device groups 142 introduction 364 profile policy 250 manage 479 profile settings 20 on activities 423 profiles 7 on alerts 428 overview 7 on endpoints 434 protected devices 198 profile level 382 protection status 198 run and schedule 476 proxy details 27 status and health 449 proxy server 27 system level 412 proxy settings 20, 27 user reports 473 proxy type 27 S push policy 265 scheduled job 319 Q scripting 306, 313, 338 QR code 16 security 16 quick fix 189 Security Center monitor 241 Quick Job 319 ©2016 Autotask Corporation l Page 485 of 487 security management 205, 227 Security Management 145, 218 summary profile 16 security management command 218 support 345 security management monitor 242 suspend monitoring 125, 239 security management policy 205, 227 suspended devices 125 security status 16, 365 system activity 371 service monitor 240 system dashboard 365 shut down 261 system device groups 142 simple network management protocol 92, 178 system policy 250 Site Key 218 system profile groups 142 sleep 261 system summary 365 SNMP 92, 96, 178 T SNMP credentials 20 target a device 265 SNMP monitor 242, 256 threats 205 SNMP monitoring 96 ticket assignee 20, 358, 361 SNMP OID 96 tickets 345 SNMP setting 96 create in agent browser 361 Socks4 27 create in Web Portal 358 Socks5 27 manage 352 software management 189 overview 345 Software Management 145 types of policies 250 software management policy 189 software monitor 241 Splashtop 119 standalone ticketing 345 standby 261 U uninstall agent 66 Android 80 iOS 82 Linux 72 subnet 29 ©2016 Autotask Corporation l Page 486 of 487 Mac 70 OS X 70 Windows 67 unsuspend 125 user activity 373 V variables 20, 315 vb script 338 virtual machine 100 virus 205 VMware 100 VNC 119 W Web Portal 6 Webroot 218, 227 Webroot monitor 242 Webroot Security Agent 218 windows registry 38 Windows Update 160 ©2016 Autotask Corporation l Page 487 of 487