Tracking Processes on Machines during Patching, Managed Installs & Scripts

________________________________________________

I just wanted to share how I track things during patching, managed installs and script deployments. Initially I did this on my test machines to become familiar with the processes involved and now use these tools just to check status on various things I have running. I've found it particularly useful when working on my remote (VPN connected) machines or manually targeting stubborn machines, particularly when I don't want to remote into a system and disturb a user directly (like when I'm juggling other calls and machines at the same time).

I don't claim this to as a be-all-end-all guide, so if you see anything missing, anything that should be corrected or anything that can be improved, by all means please share. A lot of this will probably be common knowledge for those of us doing this stuff regularly, but I'm just trying to make this comprehensive.

Hope this helps someone, particularly those starting out with the K1000!

John

________________________________________________

________________________________________________

Part 1 - Useful utilities and screens

________________________________________________

________________________________________________

*Local Machine

 

Task Manager

- launch via:

CTRL+SHIFT+ESC

CTRL+ALT+DEL > (Start) Task Manager

right-click Windows Taskbar > (Start) Task Manager

- click on the Processes tab, the click on the Image Name column button to sort by name

 

Windows Explorer

- launch via:

Windows key + E

Right-click Start/Winlogo button > Open Windows Explorer

Double-click My Computer or any other folder

________________________________________________

*Remote Machine

 

PSList

- part of PsTools (http://technet.microsoft.com/en-us/sysinternals/bb896682)

- run "pslist \\machinename" from command line to list all running processes on remote machine

- for Win7 machines, the Remote Registry service needs to be started (see script below)

 

Windows Explorer (admin share)

- \\machinename\c$

________________________________________________

*K1000 General

Settings > Support > Troubleshooting Tools > K1000 Agent tasks

- Patching > patch-ORG1-###

- Managed Installs > kbox-ORG1-###

- Scripts > kbot-ORG1-###

- the numbers vary depending on the process

- if you have more than one ORG, the ORG number may differ

________________________________________________

*K1000 Patching

Security > Patching > Detect and Deploy Patches > select Patch Schedule

- scroll to bottom of page > click on Show All

- current patching phase listed (detecting, deploying, reboot pending, verifying, completed)

________________________________________________

*K1000 Managed Installs

Distribution > Managed Installations > select a Managed Install

- scroll to bottom of page > click on Show All

- current installation status listed (Installed, Not Installed, Failed)

- Not Installed (1 of # attempts) in my experience typically means MI completed, machine just needs to run Inventory again to update its installed software list

________________________________________________

*K1000 Scripts

Scripting > Run Now Status > select a Start Time > Run Failures/Successes

- lists scripts that were run manually (i.e. not scheduled)

- helps to include "Log message - status" to On (Remediation) Success/Failure when setting up a script

________________________________________________

________________________________________________

Part 2 - K1000 Agent and related processes

________________________________________________

________________________________________________

***Windows processes to monitor***

- via Task Manager, PSList, etc

________________________________________________

*General*

 

runkbot.exe

- receives commands used to launch other K1000 agent components

- see airwolf's blog on 5.3 agent commands:

http://www.itninja.com/blog/view/k1000-5-3-agent-commands-runkbot-exe

 

KLaunch.exe

- execution component of K1000 agent

- launches processes on client machine (scripts, etc)

 

KUserAlert.exe

- indicates a K1000 agent user alert is being displayed

________________________________________________

*Patching*

 

KPatch.exe

- indicates patching processes running (detecting, deploying, etc)

 

mcescan.exe

- Lumension patch agent, indicates patch scan in progress

 

wmiprvse.exe

- Windows Management Instrumentation

- used for monitoring purposes

 

wuauclt.exe

- Windows AutoUpdate client

- used to check for available updates

- appears when waiting on response from server

 

patch installer name (i.e. officesuite2010sp1-kb2460049-x86-fullfile-en-us.exe, etc)

________________________________________________

*Managed Installs*

 

KDeploy.exe

- distribution component of K1000 agent

- indicates managed install in process, file(s) being copied and executed

 

application installer name (i.e. msiexec.exe, jre-7u4-windows-i586.exe, etc)

________________________________________________

*Scripts*

 

cscript.exe

- may briefly see if running batch files

 

script deployed application name (i.e. ProduKey.exe, etc)

________________________________________________

________________________________________________

Part 3 - K1000 Agent and related files

________________________________________________

*Patching*

 

C:\Documents and Settings\All Users\Dell\KACE (XP)

C:\ProgramDate\Dell\KACE (Win7)

- kpatch.log - lists patch process initialization and patches being detected

- KUserAlert.log - lists agent alerts on machine

 

C:\Windows\Temp

- patch installers copied and run from here, randomly named folders which are typically empty post-install

________________________________________________

*Managed Installs*

 

C:\Documents and Settings\All Users\Dell\KACE\Downloads (XP)

C:\ProgramDate\Dell\KACE\Downloads (Win7)

- MIs deployed via zipped files extracted to numbered folder (####) and run from here

- extracted zip contents not cleaned up due to bug, but can cleanup via script (see script below)

________________________________________________

*Scripts*

 

C:\Documents and Settings\All Users\Dell\KACE\kbots_cache\packages\kbots (XP)

C:\ProgramDate\Dell\KACE\kbots_cache\packages\kbots (Win7)

- scripts' Dependencies (batch files, vbs scripts, etc) saved to numbered folder (###)

- review to determine if file being pushed to client

- can also run manually (as user or admin) if script troubleshooting required

________________________________________________

________________________________________________

Part 4 - Scripts

________________________________________________

________________________________________________

Script to Cleanup Dell KACE Agent Download Folder

________________________________________________

*Name*

Dell KACE Downloads Folder Cleanup

*Description*

Removes the downloads folders left behind by Managed Installs using zip files for deployment.

*Status*

Production

*Enabled*

Checked

*Deployment*

Deploy to All Machines

*Run As*

Run As Local System

*Schedule*

Run Every day at 12:30PM

Allow Run While Logged Off (Checked)

*Task 1*

Verify

*Always Fail

Remediation > Run a batch file...

* Script Name

RemoveDownloads

* Batch file:

if /i %processor_architecture%==AMD64 GOTO x64

if /i %processor_architecture%==x86 GOTO x86

:x64

:: Dell KACE Downloads folder cleanup (Win7 x64)

rmdir /S /Q "C:\ProgramData\Dell\KACE\downloads"

:x86

:: Dell KACE Downloads folder cleanup (WinXP)

rmdir /S /Q "C:\Documents and Settings\All Users\Dell\KACE\downloads"

:END

exit

* Wait for startup

Checked

On Remediation Success

* Log "folder removed" to "status"

On Remediation Failure

* Log "failed to remove folder, please review..." to "status"

________________________________________________

________________________________________________

Script to Enable Remote Registry Service (Win7)

________________________________________________

* Script Type*

Online KScript

*Name*

Enable Remote Registry Service (Win7)

*Description*

Enables the Remote Registry service, necessary for pslist and other utilities to work on Win7 machines.

*Status*

Production

*Enabled*

Checked

*Limit Deployment To Selected Labels*

win7

*Pick Specific OS Versions*

Microsoft Windows 7 Professional x64 SP1

*Run As*

Run As Local System

*Schedule*

Run Every day at 12:45PM

*Task 1*

Verify

* Verify the service "RemoteRegistry" is running

On Success

* Log "service already running" to "status"

Remediation > Run a batch file...

* Script Name

EnableRemoteRegistry

* Batch file:

sc config RemoteRegistry start= auto

net start RemoteRegistry

exit

* Wait for startup

Checked

On Remediation Success

* Log "service enabled" to "status"

On Remediation Failure

* Log "failed to enable service, please review..." to "status"

________________________________________________