IT AUTOMATION
description
Transcript of IT AUTOMATION
![Page 1: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/1.jpg)
School of Computing & Information Sciences
IT AUTOMATION
Developed by Dr. Masoud Sadjadi
Powered by Kaseya & IT Scholars
Last updated on August 20, 2012
Lectures 4-5
![Page 2: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/2.jpg)
School of Computing & Information Sciences
Kaseya Fundamentals Workshop
LAB REVIEW
![Page 3: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/3.jpg)
School of Computing & Information Sciences
Part 1• Define Organization Structure
– Define fiu-<USERNAME> as the organization – Define SCIS, MR, GL and CEC as machine
groups for this organization.
![Page 4: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/4.jpg)
School of Computing & Information Sciences
Org & Machine GroupsScreenshot taken after Part1
![Page 5: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/5.jpg)
School of Computing & Information Sciences
Part 2 & 3• Create agent deployment packages
– “package4mr-<USERNAME>”– “package4scis-<USERNAME>”– “package4gl-<USERNAME>”– “package4cec-<USERNAME>”
• Deploy agents– dc and pc1: Manually– ws1: Using AD Users– guest1: Using AD Computers– laptop1: LAN Watch
![Page 6: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/6.jpg)
School of Computing & Information Sciences
Agent Deployment PackagesScreenshot taken after Part3
![Page 7: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/7.jpg)
School of Computing & Information Sciences
AD UsersScreenshot taken after Part3
![Page 8: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/8.jpg)
School of Computing & Information Sciences
AD ComputersScreenshot taken after Part3
![Page 9: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/9.jpg)
School of Computing & Information Sciences
LAN WatchScreenshot taken after Part3
![Page 10: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/10.jpg)
School of Computing & Information Sciences
Agent StatusScreenshot taken after Part3
![Page 11: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/11.jpg)
School of Computing & Information Sciences
Agent Icon in System TrayScreenshots taken after Part3
![Page 12: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/12.jpg)
School of Computing & Information Sciences
![Page 13: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/13.jpg)
School of Computing & Information Sciences
Part 4• Define a “view” named “Windows 2003
Server-<USERNAME>” that once selected will only show machines with Windows Server 2003 operating system on them.
• Define another “view” named “XP-<USERNAME>” that will only show machines with the Windows XP operating system on them.
• Make sure to check the correctness of this newly created “views” by trying them.
![Page 14: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/14.jpg)
School of Computing & Information Sciences
Views: Windows 2003 ServerScreenshot taken after Part4
![Page 15: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/15.jpg)
School of Computing & Information Sciences
Views: XPScreenshot taken after Part4
![Page 16: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/16.jpg)
School of Computing & Information Sciences
Part 5• Customize Agent Menus
– Remove the agent icon from the servers– On workstations, don’t allow users to exit– Provide an option inside of the agent menu to
go to your company’s website
![Page 17: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/17.jpg)
School of Computing & Information Sciences
Agent MenuScreenshot taken after Part5
![Page 18: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/18.jpg)
School of Computing & Information Sciences
Part 6• Use the Application Blocker to block solitaire.
![Page 19: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/19.jpg)
School of Computing & Information Sciences
Application BlockerScreenshot taken after Part6
![Page 20: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/20.jpg)
School of Computing & Information Sciences
Part 7• Generate a report through the Info Center
module showing the successful check-in and install of agents using Agent Logs report.
![Page 21: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/21.jpg)
School of Computing & Information Sciences
Agent Log ReportScreenshot taken after Part7
![Page 22: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/22.jpg)
School of Computing & Information Sciences
Progress CheckAre you done with all the Agent labs?
Have you checked the correctness of your work?
![Page 23: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/23.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 24: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/24.jpg)
School of Computing & Information Sciences
Kaseya Fundamentals WorkshopAUDIT
![Page 25: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/25.jpg)
School of Computing & Information Sciences
Three Types of Audits• Baseline Audit
– The Baseline Audit captures the configuration of the system in a known working state.
• System Audit– The System Info captures the system’s information that
will rarely change (i.e., processor, disk drive, memory, etc.).
• Latest Audit – Latest Audit captures the most up-to-date
configuration of the system and you will configure it to audit changes made to the machine on a daily basis.
![Page 26: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/26.jpg)
School of Computing & Information Sciences
AUDIT• Baseline Audit and System Info should be
executed only once. • Baseline Audit, System Info, and Latest
Audit are done by default when an AGENT is installed on a machine.
• Future Topic - Use Policy Management Module to schedule the LATEST AUDIT for a specific Organization or Machine Group.
![Page 27: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/27.jpg)
School of Computing & Information Sciences
AUDIT• Assumption
– The auditing has been completed and scheduled
• Tasks– View the audit information of the computers
![Page 28: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/28.jpg)
School of Computing & Information Sciences
View Audit27. View all the tabs under the two groups, View Group Data and View
Individual Data. Note what type of information can be obtained through audit and what it can be used for future applications.
![Page 29: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/29.jpg)
School of Computing & Information Sciences
Audit Summary• View Audit Information.
– Audit Summary• Provides a view of the data returned by audits of machines.
– Configure Column Sets• Create NEW Column Sets
![Page 30: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/30.jpg)
School of Computing & Information Sciences
Revisit Machine Views• Views (Machine Views)• Review Imported Views from the IT Service
Delivery Kit.• Review specific Machine Views
![Page 31: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/31.jpg)
School of Computing & Information Sciences
Review Inventory Information• Perform an Inventory Data Walkthrough
– Machine Summary– System Information– Installed Applications
• All Executable Files– Add/Remove programs
• Note the Uninstall String for each Application– Software Licenses– Documents
![Page 32: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/32.jpg)
School of Computing & Information Sciences
Progress CheckDo you know the different types of audit?
Do you know how they are different?
Should all different audit types run at the same interval?
![Page 33: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/33.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 34: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/34.jpg)
School of Computing & Information Sciences
Kaseya Fundamentals Workshop
Agent Template vs.
Policy Management
![Page 35: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/35.jpg)
School of Computing & Information Sciences
Benefits of Agent Templates• Consistency of Service delivery
• Standard Practice
• Kaseya Agent Basic Configurations is pushed during initial Kaseya Agent Installation
![Page 36: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/36.jpg)
School of Computing & Information Sciences
Benefits of Policy Management• Consistency of Service delivery
• Standard Practice
• Ensure distributed systems are in Compliance with IT policies
• Simplify the application and management of policies based on Organizations or Machine Groups.
![Page 37: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/37.jpg)
School of Computing & Information Sciences
Agent Template vs.Policy management
• Agent Template will push agent configuration settings during initial Kaseya Agent Installation
• Policy Management will ensure that Agents will follow certain Agent Policies.– Allow for simplified policy enforcement across
distributed organizations.
• STAY TUNED…..
![Page 38: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/38.jpg)
School of Computing & Information Sciences
Agent Templates Settings• Agent settings are copied during
installation of Kaseya Agent– Agent Deployment Package can reference an
Agent Template
![Page 39: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/39.jpg)
School of Computing & Information Sciences
Agent Settings• Menu options• Credentials• Working Directory• Other options
– Audit Scan / Patch Scan– Event Log Settings– Agent – Alerts– Monitor Sets– Agent Procedures
![Page 40: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/40.jpg)
School of Computing & Information Sciences
LAB• Assumptions
– In the next few months a large number of computers will be added to your environment
– You figured that there are only three type of machines in your environment
• Tasks– Develop three customized agent templates
that incorporate the required agent settings for machines with similar roles
• Instructional lab computers• Guest computers• Servers
![Page 41: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/41.jpg)
School of Computing & Information Sciences
A Group for Agent Templates• Create a machine group for templates, called “Templates”.1. Open the System module. Go to Orgs / Groups / Depts > Manage.2. Verify if the Organization “FIU-<USERNAME>” is checked.3. Click on Machine Group on the right hand side of the module. 4. Click on New.
![Page 42: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/42.jpg)
School of Computing & Information Sciences
A Group for Agent Templates5. Create a group by typing its name “Templates” under Machine
Group Name. Click Save.
![Page 43: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/43.jpg)
School of Computing & Information Sciences
Creating Agent Templates• Create three agent templates: “Server”, “Instructional”, and “Guest”6. Open the Agent module. Go to Install Agents > Create.7. Type in “Server” in the textbox under New Machine ID.8. Select “Templates” under the Group ID textbox.9. Click on Create.10. Repeat steps 6-9 for the “InstructionalTemplate” and
“GuestTemplate”.
![Page 44: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/44.jpg)
School of Computing & Information Sciences
Note• An agent template will have an orange
square icon to emphasize the fact that the agent template will never be installed on a computer.
• Its sole purpose is to provide additional customized settings for agents with similar roles so that such setting can be added to the settings of already deployed agents or be used as part of an agent package.
![Page 45: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/45.jpg)
School of Computing & Information Sciences
Progress CheckDo you know how Agent Templates and
Policy Management are different?
When should you use Agent Templates?
When should you use Policy Management?
Have you created the three agent templates?
![Page 46: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/46.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 47: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/47.jpg)
School of Computing & Information Sciences
Kaseya Fundamentals Workshop
PATCH MANAGEMENT
![Page 48: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/48.jpg)
School of Computing & Information Sciences
Patch Management• Patch Scan• Patch Policy• File Source• Reboot Action• Patch Update
![Page 49: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/49.jpg)
School of Computing & Information Sciences
Background Story• At this time, operating system patches are
applied on an individual basis.• An organized and closely monitored
method is needed to facilitate and monitor distribution and application of all necessary patches to the managed computers.
• Kaseya's Patch Management module allows you to accomplish all these tasks and monitor patch activities.
![Page 50: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/50.jpg)
School of Computing & Information Sciences
Exercises• Implement policies that will keep the
computers updated and avoid potential security risks by having non-patched computers within the environment.
• Set up Kaseya to scan all the computers to allow the VSA to keep a detailed record as to which patches have been installed.
• Configure Kaseya to download the patches from one central server to save bandwidth and decrease redundant network traffic.
![Page 51: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/51.jpg)
School of Computing & Information Sciences
LAB• Tasks
– To keep an accurate record of all the patches installed on each computer, it would be best to schedule a scan, through Kaseya's VSA, to all the computers.
– While this is not a heavy process, it would still be best to schedule the scan during a time when the computer is otherwise idle.
![Page 52: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/52.jpg)
School of Computing & Information Sciences
Patch Scan• Using Scan Machine, schedule a scan to run every day at 3:00am on
all the agent templates.1. Open the Patch Management module. Go to Manage Machines >
Scan Machine.
![Page 53: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/53.jpg)
School of Computing & Information Sciences
Patch Scan1. Go to Manage Machines > Scan Machine.
![Page 54: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/54.jpg)
School of Computing & Information Sciences
Patch Scan2. Select all the agent templates.3. Click on the Schedule button.
![Page 55: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/55.jpg)
School of Computing & Information Sciences
Patch Scan4. Set the scan to run
Daily at 3:00am with a Distribution window of 1 hour.
5. Click on Submit.
![Page 56: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/56.jpg)
School of Computing & Information Sciences
Progress CheckHave you scheduled a patch scan on all
your agent templates?
Have you run an initial patch scan on all your machine?
Note: You need to do this at least once on one Windows 2003 and one XP machines, so that your KServer is aware of what operating systems are in your network.
![Page 57: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/57.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 58: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/58.jpg)
School of Computing & Information Sciences
LAB• Background information
– Policies are like templates in which you can approve/deny a group of patches, or an individual patch.
• Tasks– Create two policies
• One for all the XP machines • One for the Windows 2003 Server machines
– The policies should automatically apply • All Security Updates approved on all machines • All optional updates pending approval.
![Page 59: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/59.jpg)
School of Computing & Information Sciences
Note• We create W2K3 and XP templates.
– If there were Windows 2008 servers or other servers in the environment, it would be better to name the policy for all the Windows servers as just "Servers”
– By the same token, if the were other workstations in the environment, it would be better to name the policy for all the workstations as just "Workstations".
![Page 60: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/60.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K3• Create a patch policy, W2K3-PM-Policy-<USERNAME>• Set it to apply all future Security Updates by
default. • Everything else should be set to Pending
Approval. • Use a filter to deny patches that are optional
and have not been superseded by other updates.
![Page 61: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/61.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K36. Go to Patch Management > Patch Policy > Create/Delete.7. Type “W2K3-PM-Policy-<USERNAME>” for the policy name.8. Click on Create.
![Page 62: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/62.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K39. Go to Patch Policy > Approval by Policy.10. Select “W2K3-PM-Policy-<USERNAME>” under the Policy dropdown
list.11. Click on the green checkmark for all the Security Update rows. The
Green checkmark is under the column Default Approval Status.12. Make sure the other rows’ Default Approval Status is set to Pending
Approval.13. Click on Total at the bottom of the table. A new page will load up.
![Page 63: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/63.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K3
![Page 64: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/64.jpg)
School of Computing & Information Sciences
Note • If the links on this page are not available or
some of the patch categories are not listed, it basically means that you have not yet done any patch scan on your machines.
• Make sure to perform a patch scan on dc and one of the XP machines before defining the patch policies.
![Page 65: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/65.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K314. Click on Filter... A new window will open up.
![Page 66: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/66.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K315. Select Optional Updates from the Classification / Type dropdown.16. Select Not Superseded from the Superseded dropdown.17. Click on Apply
![Page 67: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/67.jpg)
School of Computing & Information Sciences
Creating Patch Policy for W2K318. Click on Select All.19. Click on Deny.
![Page 68: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/68.jpg)
School of Computing & Information Sciences
Creating Patch Policy for XP• A patch policy, XP-PM-Policy-<USERNAME>
• Set it to all future Security Updates by default• Everything else should be set to Pending
Approval.
![Page 69: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/69.jpg)
School of Computing & Information Sciences
Creating Patch Policy for XP20. Go to Patch Management > Patch Policy > Create/Delete.21. Type “XP-PM-Policy-<USERNAME>” for the policy name.22. Click on Create.
![Page 70: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/70.jpg)
School of Computing & Information Sciences
Creating Patch Policy for XP23. Go to Patch Management > Patch Policy > Approval by Policy.24. Select “XP-PM-Policy-<USERNAME>” under the Policy dropdown list.25. Click on the green checkmark for all the Security Update rows..26. Set the other rows’ Default Approval Status to Pending Approval.
![Page 71: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/71.jpg)
School of Computing & Information Sciences
Creating Patch Policy for XP• Approve all Security Updates for all patch policies.27. Go to Patch Management > Patch Policy > Approve By Patch.28. Click on Edit next to Patch View. A new window will open up.
![Page 72: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/72.jpg)
School of Computing & Information Sciences
Creating Patch Policy for XP29. Select All Security
Updates (High Priority) from the Classification / Type dropdown.
30. Select Not Superseded from the Superseded dropdown.
31. Type “<USERNAME> Patch View” in the View Name textbox. Click on Save.
![Page 73: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/73.jpg)
School of Computing & Information Sciences
Creating Patch Policy for XP32. Click on Select All.33. Click on Approve.
![Page 74: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/74.jpg)
School of Computing & Information Sciences
Patch Policy• Policy / Group By Views
– Classification vs. Product Views
Note:Between the two views the Default Approval Status is determined by:
Highest --------------------- LowestDenied Pending
Approved Approval
![Page 75: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/75.jpg)
School of Computing & Information Sciences
Null Patch Policy• A null patch policy is one that all its patches
are set to the default Pending Approval status.
• Note that once this policy is applied to any machine, no patches would be approved, as Pending Approval acts like denied, and when combined with any other policies, the result is not applying any patches.
• This is useful when you want, for example, to temporarily not let any patches to be installed on a group of machines.
![Page 76: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/76.jpg)
School of Computing & Information Sciences
Progress CheckHave you created the two patch policies?
Have you approved and denied the patches for these two patch policies?
Do you know what is a Null Patch Policy?
![Page 77: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/77.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 78: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/78.jpg)
School of Computing & Information Sciences
LAB• Background information
– Downloading all the patches to a file server and distributing it to all the machines on network will allow you to save bandwidth.
• Tasks– Configure all the templates to pull from the file
server • Using the UNC path \\192.168.0.10\PatchTemp • Set the patch directory to “C:\PatchTemp” on the
dc• If the computer cannot access DC, it should then
download from the Internet.
![Page 79: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/79.jpg)
School of Computing & Information Sciences
Note• Note that instead of \\dc\PatchTemp, we
use \\192.168.0.10\PatchTemp, as pc1 and laptop1 cannot resolve “dc”, because they are not part of the FIU domain.
• If you look at the network diagram, you can see that 192.168.0.10 is actually the IP address of one of the cards on dc.
• Yes, you could use the IP address of dc’s other network card (i.e., 192.168.1.10) instead too.
![Page 80: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/80.jpg)
School of Computing & Information Sciences
Setting Patch File Source• Using File Source set up all the machines so that they download their
updates from the DC. If the DC is unreachable, the machine should then download it from the Internet. The UNC path should be “\\dc\PatchTemp” while the local directory should be “C:\PatchTemp”.
39. Open the Patch Management module. Go to Configure > File Source.40. Select all the agent templates.41. Select Pulled from file server using UNC path.42. Type “\\dc\PatchTemp” next to Pulled from file server using UNC
path.43. Select “fiu-<USERNAME>.mr” next to Machine Group Filter.44. Select “dc.mr.fiu-<USERNAME>” next to File share located on.45. Type in “C:\PatchTemp” next to in local directory.46. Select the Download from Internet if machine is unable to connect
to the file server checkbox..Click on Apply.
![Page 81: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/81.jpg)
School of Computing & Information Sciences
Setting Patch File Source
![Page 82: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/82.jpg)
School of Computing & Information Sciences
LAB• Background Information
– Certain updates require the Windows OS to restart to finish installation.
• Tasks – Set up the XP machines so that they restart
only when a user is not online. – For servers, set up an email notification so that
you can plan the restart and notify in advance the users of the server maintenance.
![Page 83: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/83.jpg)
School of Computing & Information Sciences
Setting Reboot Action• Use Reboot Action to set the Guest and Instructor templates to Skip
reboot if user logged in immediately after applying new patches and updates. Then, set the Server template to notify you immediately, via email, when a reboot is required after applying new patches and updates.
47. Open the Patch Management module. Go to Configure > Reboot Action.
48. Select the Guest and Instructor templates. 49. Click on Skip reboot if user logged in.50. Click on Apply.51. Repeat steps 47-50 for the Server template. Set the Server template
to send the reboot notification to your personal email.
Why do we need to change the Server Template Reboot Action from the default Skip reboot if user logged in?
![Page 84: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/84.jpg)
School of Computing & Information Sciences
Setting Reboot Action
![Page 85: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/85.jpg)
School of Computing & Information Sciences
Note• Setting to skip reboot means it may take longer for the
patch to take effect, thus increasing the risk of vulnerability.
• The instructional computers are set to reboot at night automatically after an install, since no user work at night and we do not worry about losing open files.
• However if the target machines were end user machines, the best policy would be to set the workstations to "ask" and reboot if not logged in.
• The KaUsrTsk.exe is the application that determines whether a user is logged in or not.
![Page 86: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/86.jpg)
School of Computing & Information Sciences
LAB• Assumptions
– We have setup the patch policies to our liking.• Tasks
– We need to setup Kaseya to apply the patches automatically to the machines.
![Page 87: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/87.jpg)
School of Computing & Information Sciences
Applying Patch Policies52. Go to Patch Management > Manage Machines > Automatic Update.
![Page 88: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/88.jpg)
School of Computing & Information Sciences
Applying Patch Policies53. Select all the template agents in the list
![Page 89: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/89.jpg)
School of Computing & Information Sciences
Applying Patch Policies54. Click on Schedule
![Page 90: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/90.jpg)
School of Computing & Information Sciences
Applying Patch Policies55. Click on Daily56. Set the run time to
5:00 AM with a distribution window of 1 hour.
57. Click on Submit
![Page 91: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/91.jpg)
School of Computing & Information Sciences
LAB• Assumptions
– All three agents templates contain all the patch management settings.
• Tasks– Push the settings captured in the templates to
all the currently deployed agents with the similar roles.
![Page 92: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/92.jpg)
School of Computing & Information Sciences
Copy Settings• Copy the settings from the templates to the
specified computers on the network. – Server template will be used for the MR
building. – Instructional template will be used for the SCIS
and CEC buildings. – Guest template will be used for the GL
building.
![Page 93: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/93.jpg)
School of Computing & Information Sciences
Copy Settings58. Open the Agent module. Go to Configure Agents > Copy Settings.59. Click on select machine ID link and a new window will open up.
![Page 94: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/94.jpg)
School of Computing & Information Sciences
Copy Settings60. Select “fiu-<USERNAME>.templates”.61. Click on “Server” from the list of templates shown.
![Page 95: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/95.jpg)
School of Computing & Information Sciences
Copy Settings62. Select All under Do Not Copy, Replace for Patch Settings, Patch File
Source and Patch Policy Memberships, Agent Procedure Schedules.
![Page 96: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/96.jpg)
School of Computing & Information Sciences
Copy Settings• Note: When you have a schedule in Agent Procedures activity on an
agent template, you need to make sure Agent Procedure Schedules is selected in copy settings.
63. Select all the computers in the MR building and click on the Copy button.
64. Repeat steps 52-57 for the Instructional and Guest templates.
![Page 97: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/97.jpg)
School of Computing & Information Sciences
Progress CheckHave you setup the File Source?
Did you apply the policies to the machines?
Did you see some patches to appear in the File Source on dc?
Does the reboot actions are set as instructed?
![Page 98: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/98.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 99: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/99.jpg)
School of Computing & Information Sciences
LAB• Background Information
– Windows Automatic Update can interfere with the functionality of Kaseya's Patch Management and must be disabled.
• Tasks– Disable Windows Automatic Update for all computers.
Note: In previous versions of Kaseya, Kaseya did not support applying Windows auto update option to agent templates. In the current version, however, this is supported.
![Page 100: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/100.jpg)
School of Computing & Information Sciences
Disabling Windows Auto Update65. Open the Patch Management
module. Go to Configure > Windows Auto Update.
66. Select all the computers.67. Select Disable – Disable Windows
automatic Update to let patch management control system patching.
68. Click on Apply.
![Page 101: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/101.jpg)
School of Computing & Information Sciences
Note• If the checkboxes are missing, please wait
5-10 minutes and refresh the page as the Patch Scan is not completed yet.
• Checkboxes will not display for any machine that either has an operating system that does not support Windows Automatic Updates, or for which an initial Scan Machine has not been completed.
![Page 102: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/102.jpg)
School of Computing & Information Sciences
LAB• Assumptions
– Microsoft has released a new KB article and it entails a new version of Internet Explorer; however, management has asked you not to install it and to prevent future installations of it via Windows Updates.
• Tasks– Use KB Override to accomplish this task since it
will override all current patch policies and future patches.
– KB article (KB944036) for IE8.
![Page 103: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/103.jpg)
School of Computing & Information Sciences
Denying a Patch Globally• Prevent Internet Explorer from installing by using KB Override.69. Go to Patch Management > Patch Policy > KB Override.70. Type in “944036” in the KB Article textbox.71. Click Deny.
![Page 104: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/104.jpg)
School of Computing & Information Sciences
Note• If this patch has already been denied, it
means that another administrator who shares this Kaseya server with you have already performed this task.
• If this is the case, you can first remove it, by clicking on the X icon, and add this setting by going through the above steps.
• This way, you will make sure that your work is reflected in the system logs for future reference.
![Page 105: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/105.jpg)
School of Computing & Information Sciences
Initial Update• One Time Patch Update
– Initial Update will complete a patch update process on machines
• NOTE: All patches that are approved will be installed. If no Patch Policy is assigned all patches will be installed
• NOTE: It will automatically reboot the machines without any warning.
![Page 106: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/106.jpg)
School of Computing & Information Sciences
Progress CheckHave you turned off the Windows auto
update?
Were you able to use the KB Override?
![Page 107: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/107.jpg)
School of Computing & Information Sciences
Questions?• Please type your questions in the chat
section of your GoToMeeting window.
• Remember that you can always send your questions to [email protected] too.
• If you are falling behind the steps in the lab, please just watch the presentation, take some notes, and perform your labs after the lecture.
![Page 108: IT AUTOMATION](https://reader035.fdocuments.us/reader035/viewer/2022070420/56815db7550346895dcbe541/html5/thumbnails/108.jpg)
School of Computing & Information Sciences
THE END!