/build/static/layout/Breadcrumb_cap_w.png

Blog Posts tagged with Kace K1000 Management Appliance

Ask a question

KACE SMA | Bitlocker

04/25/2019 added a compatibility matrix.

03/29/2019 added some modifications. Thanks to Andrew Lubchansky for helping me creating this.



OS Common Name
Build Version
Compatible
1507 (RTM) Pro & Ent
10240
No
1511 Pro & Ent
10586
No
1607 Pro & Ent
14393
No
1703 Pro & Ent
15063
No
1709 Pro & Ent
16299
Yes
1803 Pro  & Ent
17134
Yes
1809 Pro & Ent
17763
Yes

Feel free to check your support status of Windows 10 with this report: https://www.itninja.com/blog/view/kace-sma-windows-10-end-of-life-report


Hi all,

 

It’s a long time since I have posted a blog here. Today I want to share with you my KITLOCKER (KACE & Bitlocker ;) ) stuff. In this article you can download several individual KACE-packages. You can download all of them here:  DOWNLOAD

If you need assistance in importing these files to your KACE SMA feel free to contact your local partner, your local sales rep or have a look to this KB article: https://support.quest.com/kace-systems-management-appliance/kb/116949/how-to-import-and-export-resources

 

First: These scripts are Win10 only and tested with x64 1809 Pro and Ent. Also, you need to have an TPM Module in your devices which needs to be activated and the OS needs to be the owner (default in Win10)! You can double check this in your KACE SMA device inventory:

bitlocker_00.png

 

My scenario is that Win10 devices should use Bitlocker with Aes256 bit to secure the hard disk. The disk should be automatically unlocked by TPM during boot (no password needed). If something went wrong or the hardware has changed there should be a recovery key which can be entered. This key should be stored in KACE SMA and not in AD. Also, there should be no GPO involved.

 

The Bitlocker information in your device inventory should look like this if there is currently nothing set up on your device:

bitlocker_01.png

 

To start we should first create a smart label which groups all devices where a TPM module is ready for the use with Bitlocker and no encryption technology is used. You can download the ready to use KACE-package here: DOWNLOAD

 

TPM Based Bitlocker Ready

bitlocker_02.png


Of course, you could add a filter like “OS Name” contains “Windows 10” (or any other filter which matches your environment) to make sure that only your clients will get Bitlocker enabled.

 

KACE SMA will now put all the devices where we can enable Bitlocker into this Label. There is a simple PowerShell command which will enable Bitlocker and start the encryption. Also it will add a recovery password as a key protector which will be needed in case of hardware changes. You can run this by a daily schedule and all devices which already have Bitlocker enabled will not be affected if you use the “TPM Based Bitlocker Ready” smart label which I have shown above. You can download a ready to use KACE-Script here: DOWNLOAD

 

[TW] Bitlocker enable TPM  & Password

Enable-BitLocker -MountPoint $env:SystemDrive -EncryptionMethod Aes256 -TpmProtector -SkipHardwareTest
sleep -Seconds 15
Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector

This will start the encryption process of the C: drive. The user can’t abort it and it will also survive reboots.

bitlocker_03.png

 

You can also check the actual state in your KACE SMA device inventory:


 

If the encryption has been completed by the device, it will automatically fall out of the “TPM Based Bitlocker Ready” smart label. Now we have a secured hard disk which will be automatically unlocked during the bootup by the TPM module. Now we need a custom inventory to store all the key protector information’s in our SMA device inventory. This can be done with a simple custom inventory rule. You can download the ready to use KACE-package here: DOWNLOAD

 

Inventory: Bitlocker Recovery

Get-BitLockerVolume).KeyProtector


Good to know is that devices which need the recovery key will display a screen where users can see the ID of the numerical password. If they call your helpdesk team and don’t know which computer it is they can give you the ID and you can search for it in your KACE SMA device inventory or build a report for that.


 bitlocker_08.png

 

If you want to be sure that clients will always have a recovery password as a key protector you can additionally create a smart label. This will check the right key protectors after every inventory of the device. This could be used for running a script which will then add a recovery password as a key protector. This could be useful if admins change configurations local on the endpoints. The smart label can be downloaded here: DOWNLOAD


Bitlocker missing Protector


All clients which fall into this label can then run the following KACE script on a daily schedule. You can download the script here: DOWNLOAD


[TW] Bitlocker add protector

Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector


This is the basic setup you can use to manage your hard disk encryption for your endpoints. You can think about creating notification which will alert you if a device has Bitlocker missing or a wrong configuration. I hope that this article helps you, creating your own KITLOCKER strategy. If there is anything unclear feel free to use the comment section.

 

Kind Regards

Timo

 

View comments (5)

Managing Dell Servers with the Dell KACE K1000 and Dell Open Manage

Managing servers as part of a systems management solution presents unique challenges that need to be addressed differently from client systems. Dell offers a set of freely available tools, called OpenManage, to help manage servers purchased from Dell. These tools deliver remote access management, BIOS and system chassis management, and active hardware system monitoring via SNMP or IPMI. Integrating the OpenManage toolset with the Dell | KACE K1000 Systems Management Appliance provides a comprehensive end-to-end solution for managing Dell servers. This white paper discusses the issues and the capabilities of addressing those issues with the combined OpenManage and Dell KACE offerings.

View comments (1)

KACE Launches New Help Desk Module For Upgraded KBOX IT Management Applicance

http://www.kace.com

KACE LAUNCHES NEW HELP DESK MODULE FOR UPGRADED KBOX IT MANAGEMENT APPLIANCE

Automated support ticket management and enhanced Microsoft Security Bulletin patch installation process reduces IT staffing costs for mid-market organizations

MOUNTAIN VIEW, Calif. – January 30, 2006 - KACE™, the leader in IT management solutions for mid-market organizations, today announced the general availability of KBOX™ IT Management Suite 2.1. The new version of the automation appliance integrates with a new help desk module and improved patch management, software distribution and the new ability to manage automated installs of all patches in Microsoft Security Bulletins.

"Patch management is a critical part of a comprehensive security program for IT governance,” said Andrew Plato, President / Principal Consultant for Anitian, a nationally recognized leader in information security and network infrastructure solutions. “Manually applying patches consumes valuable time and lacks auditing and accountability capabilities. The ability of KBOX to automate and manage system patching saves time and helps IT departments maintain security compliance."

In a recent review of 33 IT asset and software management tools, industry-leading tools analyst Steven Russman reported in ECPWeb.com's Tools Manager report: “KBOX offers surprisingly robust software-reconciliation and knowledge-base functions for a mid-market product. The user interface is well designed, straightforward and easy to navigate. We give it high ratings for workflow management (e.g., job, policy, and script-scheduling wizards), event notification (i.e., creating custom alerts using a combination of conditions) and the ability to add custom data fields.”

“KACE’s new help desk module brings the end-users of Windows business desktops into the IT management process by helping IT staff identify technical problems in a manageable way,” said Rob Meinhardt, CEO of KACE. “The KBOX is designed to automate IT management and give IT managers more time to keep their networks secure and running smoothly.”

The KBOX IT Management Suite automatically manages, monitors, and controls the inventory, distribution, patch, security, compliance, messaging, licensing and performance demands of every node on the network.

New features in version 2.1 include:

New Help Desk module – Trouble ticket submission, tracking and management integrated with the KBOX knowledge base, hardware and software inventory, remote control, and customizable reporting;

Automation of Microsoft Security Bulletin updates - Automated creation of managed installs for individual patches and all patches in Microsoft Security Bulletins;

Additional Security and Configuration Wizards - New wizards enable IT managers to easily prevent programs from running, set and lift quarantine policies, deploy McAfee SuperDAT Updater and Symantec Norton AntiVirus, enforce remote desktop configuration, and MSI Installer wizard;

Automated Power-on for late night virus scans and patch updates - Wake-On-LAN support allows IT managers to schedule all your machines to power on at midnight for the important virus scan or software distribution;

Support for Multiple Remote Control Packages – Easy integration and customization for VNC, NetOps, XP Remote and Dameware;

User Self-Service Under IT Control – Users can install approved software, download approved files and run approved scripts without the need to have administrative privileges on their desktops;

New hardware design - 1U rack mount with cool silver faceplate; Dual Intel Xeon 3.0 GHz 2MB Cache with 800 MHz Bus; 2 GB Memory; 3x160GB SATA hard drives; Dual NIC cards.

Pricing for KBOX™ IT Automation Appliance 2.1 starts at $7,500 for a 100-node network. The KBOX™ Policy and Scripting Module, the KBOX™ Security Enforcement and Audit Module and the KBOX™ Help Desk Module are priced separately. For more information, please contact KACE at 888-522-3638 or via email to sales@kace.com.

About KBOX™ by KACE

The KBOX IT Management Suite is an inclusive secure appliance that instantly manages, monitors, and controls the inventory, distribution, patch, security, configuration, compliance, licensing and performance demands of every node on the network. KBOX automates routine and complex IT maintenance tasks, improves IT productivity and security, and robustly promotes network uptime in an extremely flexible, intelligent and unique approach.

About KACE™

KACE is a privately-held technology company that's Rethinking IT through its KBOX™ product line which delivers easy-to-use, comprehensive IT automation solutions that are affordable and really work. KACE is headquartered in Mountain View, California, and has offices in Charlotte, North Carolina and Chicago, Illinois. To learn more about KACE and its product offerings, please visit www.kace.com or call 1-888-522-3638.

Be the first to comment

New KBOX Appliances Bring Enterprise-Grade, Cross Platform IT Automation to Mid-Market

http://www.kace.com

New KBOX Appliances Bring Enterprise-Grade, Cross Platform IT Automation to Mid-Market

KBOX 1000 Series Offers Affordable, Easy to Use Linux, Windows and Mac IT Management

MOUNTAIN VIEW, Calif. – September 12, 2006 - KACE™, the leader in IT management solutions for mid-market organizations, today announced the new KBOX™ 1000 Series Systems Management Appliances, an easy-to-use, affordable line of turnkey IT Automation appliances that allow comprehensive management of laptops, desktops and servers and other network devices across several operating systems.

“Managing mixed environments has traditionally been difficult - but environments will only become more commonplace as many enterprises dip their toes in the Mac or Linux waters with the impending Microsoft® Windows Vista™ rollout,” said Andi Mann, senior analyst at Enterprise Management Associates. “The KBOX 1000 series will go a long way in making mixed environments an easily-managed reality for organizations in the mid market space.”

The KBOX™ 1000 Series is a significant upgrade to KACE’s flagship product launched in 2005, the KBOX™ IT Management Suite. The new KBOX 1000 Series expands its comprehensive management capabilities from Windows to Linux (Red Hat) and Mac OS X.

“We are excited to see KACE bring some of the robust functionality of the KBOX to mixed-environments that run a combination of Mac, Windows and Linux servers and desktops,” said Michelle Drolet, CEO Conqwest. “The KBOX 1000 Series is going to help our clients more cost-effectively manage all of their software and hardware.”

The KBOX™ 1000 Series is a secure, robust line of appliances that provides affordable, end-to-end systems management including: hardware and software inventory, software distribution, patch management, scripting and policy configuration, remote control, alerting, reporting and dashboards, security audit and enforcement, and a end-user self service portal. New features include:

- Flexible wizard-based reporting with 50+ pre-configured reports and dashboards

- Application metering to ease license compliance and harvesting

- Mac OS X and Linux Support:

· Detailed hardware and software inventory

· Remote installation and distribution of applications, updates, service packs and any digital asset

· Pre-configured remote control with support for most industry standard packages

· Alerting based on network and system events

· LDAP integration

The KBOX 1000 Series also includes an optional help desk module that provides trouble ticket submission, tracking and management. Out-of-the box integration with KBOXÂ’s comprehensive management capabilities, including the new Mac and Linux features, allows organizations to solve problems on all systems in real time-- not simply track them.

“The KBOX 1000 is a response to our customers and prospects with mixed Windows, Mac and Linux environments, who have found that tools such as Microsoft SMS cannot meet their needs.” said Marty Kacin, president and CTO of KACE. “The KBOX 1000 Series supports these mixed environments with a rich set of functionality that is affordable for organizations of all sizes.”

The 1000 Series is available in the following models:

· KBOX 1100 for managing 100-1000 systems

· KBOX 1200 for managing 1000 or more systems

Pricing for KBOX™ 1000 Systems Management Series Appliances starts at $9500 for 100 nodes.

The KBOX family also includes the KBOX 2000 Series Systems Deployment Appliances for OS and application provisioning of Windows and Linux desktops, laptops, and servers.

About KACE™

KACE, a privately-held technology company, is the leader in IT automation appliances. KACE is headquartered in Mountain View, California, and has offices in Charlotte, North Carolina and Chicago, Illinois. To learn more about KACE and its product offerings, please visit www.kace.com or call 1-888-522-3638.

Be the first to comment

Education Market Manages Networks with KACE

http://www.kace.com/

KBOX Family of Appliances Helps Education Sector Ensure FERPA Compliance, Manage Mixed Network Environments

MOUNTAIN VIEW, Calif. - November 29, 2006 - KACE, the leader in IT management solutions for mid-market organizations, today announced that its KBOX™ family of systems management and deployment appliances is gaining popularity in the education sector, where mixed-environment, location-independent networks are the norm and managing them is a daily challenge.

KBOX™ 1000 Series Systems Management Appliances and KBOX™ 2000 Systems Deployment Appliances allow budget-minded education organizations affordable enterprise-grade network management functionality, and they help ensure compliance with the Family Educational Rights and Privacy Act (FERPA), the Federal law that protects the privacy of student education records.

Portland Community College, Portland, Oregon, (PCC), one of the largest community colleges in the country, uses KBOX 1000 Series to manage more than 2,100 endpoints throughout its three main campuses and the many remote locations of its Extended Learning Campus.

“We’ve been using the KBOX 1000 for 6 months, and its robust security functionality has been the cornerstone of our Administrative Electronic Information Policy management,” said Michael Heuer, TSS Customer Support Manager, Portland Community College. “Its appliance-based software delivery architecture made deployment so simple it was almost plug-and-play, it works with our existing tools and apps, and its reporting abilities are helping us make smart equipment purchase and replacement decisions.”

A partial listing of KACE customers in the education sector includes:

•Academy School District 20 (Colorado Springs, Colorado)

•Edmonds Community College (Lynnwood, Washington)

•Holmesdale Technology College (Snodland, Kent, England)

•Rancho Santiago Community College District (Orange County, California)

•Teachers' Curriculum Institute (Palo Alto, California)

“With the KBOX 2000, we’re able to sidestep machine-to-machine provisioning hassles and view the deployment status of every end point in our network from the centralized console,” said Chris Carey, IT Manager, Bellarmine College Preparatory (San Jose, California). “The appliance was ready to use in a matter of days, packs a lot of functionality like remote systems repair and recovery, and still fits our budget.”

The KBOX™ 1000 Series offers comprehensive cross-platform management of networked machines running Windows®, Linux (Red Hat) and Mac OS X. The KBOX 1000 Series is a secure, robust line of appliances that provides affordable, end-to-end systems management, including: hardware and software inventory, software distribution, patch management, scripting and policy configuration, remote control, alerting, reporting and dashboards, security audit and enforcement, help desk and a end-user self service portal.

Pricing for KBOX™ 1000 Series Systems Management Appliances starts at $9500 for 100 managed nodes.

The KBOX™ 2000 Series is the only appliance-based solution to combine disk imaging, scripted installation and remote system recovery into a centralized, affordable and easy-to-use solution for automating the end-to-end systems provisioning of desktops, laptops and servers.

Pricing for KBOX™ 2000 Series Systems Deployment Appliances starts at $12,900 for 100 managed nodes.

About KACE

KACE™, a privately held technology company, is the leader in IT automation appliances. The KBOX™ 1000 family of systems management appliances delivers easy-to-use, comprehensive IT automation, is affordable and really works. The KBOX™ 2000 Series provides centralized systems provisioning and remote system recovery for mid-market organizations. KACE is headquartered in Mountain View, California, and has offices in Charlotte, North Carolina, and Chicago, Illinois. To learn more about KACE and its product offerings, please visit http://www.kace.com or call 1-888-522-3638.

©KACE 2006. Note to editors: KACE and KBOX are trademarks or registered trademarks of KACE Networks, Inc. All other trademarks, brand names, or product names belong to their respective holders.

Editorial Contact:

Bret Clement

Page One PR

(303) 462-3057

bret@pageonepr.com

Be the first to comment
Showing 1 - 5 of 576 results

Top Contributors

Talk About Registry