{{ $GlobalService.$LoaderService.loadMsg }}

Please log in to view this menu.

Your Alerts ({{ $GlobalService.$FeedService.itemLists['userAlerts'].length }})

{{ alertItem.created_date | date:'medium' }}

Welcome, {{ $GlobalService.$UserService.userData.fname }} {{ $GlobalService.$UserService.userData.lname }}

You are not logged in

LabTech TV

Client Health Report Support Webinar



  1. hard drives29:59, 30:03, 30:54
  2. operating systems18:05
  3. Joseph Smith20:57, 21:06, 21:13
  4. pre configured8:42
  5. virus scanner10:42, 11:17
  6. Knowledge Base articles36:08
  7. CPU usage16:39, 16:59, 17:03
  8. tech software16:13
  9. support channels23:46
  10. individual system22:17

Automatically Generated Transcript (may not be 100% accurate)

Hello and welcome to this week's support webinar. In this week's webinar we are focusing on the Client Health Report. Before we get started I want to make sure that everyone is comfortable with their virtual environments. In the navigation control window of the webinar you have the ability to ask questions. We will silence all communications during the webinar and use the questions window for primary interaction with the audience. We will conduct an overview then move into a demonstration followed by our live Q&A session. It is recommended to send in your questions as soon as you have them. Thanks for joining and let's get started. I would like to introduce our speaker for this weeks webinar, Bill Hennessey. Hello my name is bill Hennessey. And welcome to lab tech support webinar on the client health report. In this webinar we're gonna talk about how to update the current health -- Scripps. Will take a look at the health report overview. And we'll take a look at how the scores are compiled. Before we begin need to make sure the we have the right server control Centre version. In order to update to current script -- -- have version fifty point 170 install. You can find -- at support dot lab -- software dot com. Or I actually found mine on my RSS feed. In order to acquire the new. Daily health -- scripts and health reports will need to get them from the lab tech marketplace. To go to the marketplace you'll need to make sure that you're on your control center server. And go -- the tools. And lab tech marketplace. -- and it opens. So from here. Who wants you scroll down and highlight. Scripps. And look for. Now this is going -- -- to download other scripts that go along with that just go ahead and say yes. And you'll see them popularly down here. So now ready to update these scripts but we also need to make sure that we update. The results -- going to look a little bit different. So we'll go to. -- We need to walk grabbed. Each one of the -- to make sure we have all the updated Scripps. At our disposal. -- and you'll see that they as well population down here. From here you can go ahead and select update. I already have done this so I will. Move on. The first time your on the daily health check -- it creates all the new properties that dictate how the check performs. Once the health checks script runs increase the properties for even the dashboard. It's a good idea awaited near you -- -- the updated strip improperly gather the data. But for our example I'm obviously not going to wait so -- here will go ahead and schedule the health checks script. Will go to a group I'll select the all agents group. And go to scripts. As -- C area have -- scheduled. According to ignites it is a best practice to have this script scheduled. -- 6 AM. No need to add any parameters. You can't just go ahead and save this. Close that out. Now scheduled to report scripts. From the year will go to the dashboard. Go to management tabs. And -- is scheduled client Scripps. Once -- you can see add the schedule already. However according to lab tech ignites it is best practice to have the scheduled at 1:30 PM every day. This gives sufficient time in between both Scripps so you can get the most accurate data. Every day I need to repeat. And safe. See updates. Are close this out as it's ready. It'll open up my company. -- go to the info tab where these daily health check tab resides. On this -- you have many options. Server -- action workstations failed action. What these are asking is how you want the server workstation -- reacted if it gets a failing score in the health check. Do you want to do nothing do you want to record -- and raise alert or create ticket. It's best practice to at least record the stats that -- go back and add them to a report at some point. Some don't want the health -- record. AV or performance stats. For the servers. Here you can disable that. Same with the fire scanner. This works on both servers and workstations. Here you can decide which reports you want to run. And where you want -- -- to. Please note that it is important to have an email address. In putting heralds there will not be airport. Just some information for you. As you see -- several options here for reports. Full is not the most robust report. There's more information on all these reports individually it supports -- lab -- software dot com. However if you want the most robust report -- clearing now that is simply choose health report. And it's just another piece of information for you if reports -- days. -- tech will default to the most thorough report for instance if you have. Daily reports. Running and a monthly airports running the data at the monthly and the daily report -- -- It will default to the monthly. Make sure you save your work. And close out a client. Now we're gonna quickly go over the report itself. This is the first page in the client health report known -- the summary page. You'll notice the top left has overall client health score information for the day. Your top right has -- OS's. Middle left has what type of devices are detected. Mill rates at the -- -- space status. Bottom left is detected commands applications and alert information. And on the bottom right is the top five and the bottom five -- systems. Here you can see the detailed server report. On the top left is useful server information. Top rated CPU and ram usage and this is for the time period that the report -- Enron in this case it is -- the last 24 hours. In the middle is the record of the checks that -- run and the results. On the bottom left -- prevalence event log -- and next to that is available shares on the server. This is the workstation summary page and it gives summarized information on what workstations failed what checks. And the last page of the report -- a -- So where exactly do we get these scores from. Well -- based on properties their pre configured for you. The values can be modified to fit your needs. Each -- scores comprised of multiple checks each check is assigned a way to. The sum of all health check waits equals the health score. In these can be modified like I said at dashboard config configurations. Properties. And they will look like. What you see below you'll see script underscore DHC underscore and then the value. It does need to be noted that if you are. Making changes in the properties to not change the spelling of any of these properties because the check will -- not give you accurate results. If he do you go in and make changes to the properties I wanted -- -- Get an idea of what shall be looking at if you scroll down and find. The daily health check properties you'll notice that they look like this they'll say scripts underscored DHC -- begin with. Mod or -- and then followed by a value -- Mod stands for modify or and that's basically a -- -- -- threshold. And an example -- that would be a defrag percentage. And that value in there would be 15% so you didn't want to the defrag to go over 16%. And weights are used for compiling the actual score that goes in your reports -- an example of this would be if one of the checks is worth 50% -- the actual value of that property would be fifty and once again you can make changes to these. And it is important to note that if you do make changes to the weights. Make sure that if you have the health check weights and another health check way to make sure that -- equal 100. If you do not then -- report will return strange results. Now let's go through each check its weight and how it scored differently. -- start with the anti virus health Jack. This check will go looking for whether you have a virus scanner. Whether -- definitions are current and whether your fire Skinner auto protect. The feature is enabled. And you'll notice that to each one has a weight assigned to it to the -- scanner detected -- is worth 50%. So therefore if the check runs and it does not to detect -- scanner then your check is already down 60%. Next to it there's an example of the wait that is in the properties for this particular check script -- DHC underscore -- virus scanner found. Now like I said he could make changes to these. As long as with any -- they all equal 100% and as you can see in the -- -- fifty plus 25 plus 25 equals 100%. This chart explains the difference between the old way of scoring in the New York. You'll notice that computer one and -- were pretty self explanatory. Computer one passes all checks and to fails -- -- And in both methods -- new way of scoring and the old way of scoring they would either get 100%. Or a 1% failure. The difference comes in computer three. You'll notice that computers three has a scanner installed definitions are up to date to but the auto protect is not enabled. In the old message computer three would -- for the day with a 1%. In the new message -- you now have a 75%. Now let's say for example you didn't want auto protect and able to be part of the scoring. We would go to dashboard configured configurations. And properties. And redistribute this weight of 25%. As long as it equals 100% at the end of the day you can make changes in the properties. Another important note is that scores will not be applied retroactively when you update your health -- Scripps. Running the checks for weekly health report for instance. You'll have to have seven days of news scores to cycle out the old ones and receive accurate results. And we'll take a look at that here. You'll see that one and two produced the same results. If we take a look at day three we apply the new scoring. 3459%. The weekly however doesn't get the same bump yet because the scores are retroactive it's gonna take the rest of the week to cycle out the old scores. They'll take a look at the drive health check this one's a little bit more complicated. These are checked against each internal hard drive. For example the event -- drive check on a PC with three internal drives. Overall this check is -- 30%. With two out of three drives passing -- this check is only worth 20% -- The checks -- -- here are. Checking to see if there is a minimum drive space free and that's for a 15%. Is it below maximum amount of fragmentation and that's waited at 15%. Does it pass Smart tests and that's waited 40%. -- -- a recorded any dried -- errors. -- waited at 30%. They'll take another look at this chart. You'll notice that computer one and two pass and fail in both methods. Computer three has one drive that doesn't pass fragmentation check worth 15%. -- -- on computer three it's only going to receive half credits or seven point five for the frag check. In the old scoring the single drive would -- the entire computer for the entire day. Drive health checks are giving partial credit. All other -- checks like easier performance are pass fail or full or no credit. Now let's take a look at the virtual computer. Notice the big -- zero. The end to not get Smart checks in the old method this BM would return a sale on Smart and -- -- -- for the entire day. When the new health -- script runs it checks for -- If it returns true then the Smart check doesn't run and -- percentage for Smart is redistributed equally. Among the other checks. 13% is added to each of the other check waits for instance drive space is now worth twenty point 3% instead of fifteen. -- event errors is now worth 43 point 3% instead of just thirty. Here again you can see other weekly health scores applied. Computer three getting credit for the drives that passed and -- not taking Smart -- gives a significant bump once the new scoring has applied. You can see the weekly score slowly rise as we cycle out the old scores. Teachers and health Jack. This -- the event ID is representing a failed login attempt in the event log table. The default for this check is 25 which means that 26 would mean failure. -- you can adjust this in the properties that dashboard config configurations and properties. And there's a list of events that the lab tech looks for at support dot lab tech software dot com. Search how health scores are calculated. Now take a look at performance health. The first checked detects average CPU resource usage over a number of days and this is -- at 30%. The default number of days as -- there's another modify -- associated with this check and that's Max percentage threshold which is forty. So that means if average CPU usage over the last eight days is greater than forty but it fails. The next Jack is the number of hourly CPU spikes. And a CPU spike is defined as the Mac's CPU. Exceeding the average CPU by a certain percentage and this is weighted at 10%. -- -- -- CPU usage. And gets an average every hour -- -- CPU usage goes 10% over that hours average is defined as a spike the script counts how many of those have occurred in the past 24 hours. And if it's anything more than six and it equals the sale don't forget that these can be changed by going to the dashboard. Config configurations. And properties. Next check is to detect the average -- resource usage over a number of days. And this check is -- at 30% to. This works the same as the CPU and uses the same -- fire as CPU with an eight -- default. Again number of hourly -- spikes are rams -- is defined as Macs ran exceeding the average -- by certain percentage. And this is -- at 10% as well once again this works the same as the CPU spike. The last check done here is the minimum OS version and it's worth 20%. What this is looking for is operating systems at XP or 2003 server and above. Here's another example of how the new scoring is applied. Computer three -- checks one and two waited together at 40% -- the new score is 60%. Vs the old scoring which would fail them immediately. And get a 1% score. And again you can see how the -- scoring on. The service health check this checks for automatic critical service is not running since last -- -- Critical services are defined as windows services not drivers and not printers and not on the event blacklist. This check is on weighted so that means it's pass fail. -- take a look at the updates and health store. What this is looking for first is the outstanding critical patches that are not installs. Critical patches are defined. As critical updates and or anything with a critical severity rating. By Microsoft -- has a weight of 75%. It also looks for any outstanding elevated patches that are not install -- An elevated patch is defined as a security update or anything with the severity rating that is not listed -- critical this is listed at 20%. And lasting -- looks for -- any outstanding standard patches that are not installed. A standard patch is something that is not categorized as critical or a security and has no severity assigned to it. This has a weight of 5% to. The way that this is -- it is directly related to -- how many patches are available for each check. For instance if there -- ten standard patches available and you have nine of them installed. You automatically receive. 8090%. For that score because each -- is worth 10%. Here you can see the very large disparity between the old and the new scoring. Computers three has standard patches missing and it would resolve a failing score but not anymore now scores -- 95%. And you can also see what that does to your updated health scores over the course of a week. And as it has been said before the scores are not retroactive. So you see -- rising slowly. It'll take a look at the event health check. This is gonna look for any critical -- from the event logs that have been recorded from certain information gathering Scripps. This check is on waited so it's pass fail in any detected -- equals failing score. At this time I'd like to move to a question and answer session with one of our top developers Joseph Smith. Please feel free to type in your questions through the webinar and jolt you out. Would like to thank you for your participation -- my name's bill Hennessey and notes welcome Joseph Smith joked. This is Joseph Smith from the report developer with -- -- software and address and your culinary questions here we've already got a couple that we're gonna run through so let's go and jump into it. First question was when I go to get daily health checks for from the marketplace. It's listed as having local changes instead of update available how to update the script and that's -- -- Well but we can't do that is that you can just go ahead and check the daily health -- stripped. You'll load in all the dependency is the -- script go to the report you may see local changing on the air and set an update available go hand in just over -- -- and you'll and -- listen tomorrow and the marketplaces. -- update and a go ahead and update -- -- All right so our second question what is the difference between -- health and update helps this is a great question the -- we receive multiple terms -- the past that's part of the reason we update in the daily health check is that you could. Address the concerns that the existence of this difference between actual. It used to be that update -- was more focus on the number of critical patches that -- income on each individual system. If you had at least one credible patch outstanding would -- -- check automatic. Patch help is more focused on the number of hot fixes and patches are available for your windows systems. And we separate them out into three individual levels of critical elevated standard -- this has been -- -- of last year -- -- health impact review reports critic of the -- -- -- see -- patch was not installed and so -- So -- with this release we decided that. Wanted to fix that disparity between up to health -- parent -- partial -- same way. Update health now scores. The same exact message every day that passion health -- so for instance you look at your parents help on Monday that -- seventy check your update help for that day from -- computer is also gonna be at 70%. Instead of a 100% or 1% so you're gonna receive the same exact or that you see on her patch also TC that you're scores low. You insult you catch is you run the -- health reported in -- -- review reported in on that computer you get it up -- -- 95%. For that day the update health will be 95%. So now up to help his shifts from. Running measure of what your parents health has been over the time period for that report. All right so question at three. Hello I just the day of the week in the day of the month -- the health report is emailed us a great question we've had this several times through support channels. You look in the properties list that we direct you to earlier what you believe is the from the dashboard -- you. -- -- And then the properties -- you'll see that there are two properties there -- one is called health report email. -- month and health report -- -- week. Understood it to number values. Of those first one month is gonna be basically matching up -- in -- so if you set that value to -- it's gonna set it on the -- -- she said it's a fifteen minutes instead of on the fifteenth. You have to be careful about when you modify that number is it she said it's just -- 31. Because you want to -- at the end of the month won't not every month has 31 days so she tried to -- -- -- in September on the September 31 that it doesn't exist so people just skip over that instead of nailing it the next day so it's very important that you try to set back to mediate between the first of the twenty. The weekly email day it is a number based off of basic and that number can be sent anywhere between -- range of zero in 60. Representing Monday. So if you set that date due to which can mail it out on Tuesday she said to sixty may hold out on Sunday so on and so. All right so and so the next question. I assume that the updated scripts are already loaded for cloud version of lab -- we actually have not updated the cloud version of web -- for the daily health -- script hasn't yet he's been trying to make sure that a cloud installs are having universalist and that there -- affecting everybody the same time so to make sure that happens right from the -- first so we've held off on that on that version being installed and I believe it will be on the first of them. -- month I will need to double check that so if you have any questions on that you can contact support. The next question was why would you disabled EGM performance section of the reports costs a great question. That would disable section lets you choose for servers only whether you want to cover -- Eighty checks and performance -- throughout the -- process. There are some servers that you would want to disable the -- checks on their some servers he wanted to see what form -- -- excellent. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- System automation folder search let's underscore -- daily health check folder open up the daily health. -- -- And there'll be to have on the right -- you can click on -- -- what you foreign scripts. Will pop up window rebels say do you want to include. All groups in this or something similar to -- question you click yes there until list out all the groups that are calling the script. I think this question might have actually come from an ignore user. You vignali. Agent automation scripts as -- actually calls the daily health -- script it's automated as part of the process within it so. -- questions idea of them. Reports sent email to different people but we've never received -- now what could be causing it not to -- we've had this question coming to support several times it's really difficult for us to tell without taking a closer look at the system it may be something as simple as the way that we entered emails into the health -- email parameters. Or could be something more complicated like -- connection issue with your change server. So in that situation I would recommend contacting support at lab tech and they'll be able to invest -- system walk through with you and see what would be causing them. Station. What can we do about the services war. I'm assuming that -- question is referring to what kind of changes that we make to the properties to table for model fires and waits for services services are pretty much set up the same way that they were before where -- -- service fails the entire -- fails for that day. Now if you have a service says that continues to reappear in your list you can have that service European blacklist. And that'll prevent it from firing your service pork. All right so the next question some of the health reports used to include back up in the health report is that still included if so how -- -- this from the report. Sure in the past is that the report shows 0% for back -- and some clients and are using a back up service from -- that's a great question the backup section of the health report has not been modified from the previous version that's been out for the past year. So we still include this is the way that we have back -- set -- is that that section only runs when we are actually collecting back up data via scripts. I believe there are stats gathering Scripps. In the -- section that you can run that will go ahead and gather that information to -- -- stats table the daily health check is designed to check -- -- and associate with each computer that has a back -- running that's what's actually given us the score for Beckham's successor backup fail. Report that showed a 0% -- backup and some clients -- -- -- -- of service may wanna contact support about that to see if we can find out if there's a script that's pushing the value in for backup health that you may not necessarily want to be pushing in the next question how can we exclude VH DS from health reports. -- is for virtual hard drives. But only exclusion were doing were virtual hard drives this through virtual machines so if we detect that key -- and machine that is a virtual machine system which she conceived fuel into the computer -- screen and in the operating quarter will be about shift to talks -- there's one of -- says virtual machine if that flag is checked -- we -- exclude. Around that virtual machine from the Smart checks are running against the drive. -- We actually don't exclude -- Smart checks we we distribute the -- waiting for that check across to the other three checks so we're basically saying okay you don't wanna run -- its virtual machine because you're gonna come back with false positive so word -- just re distributed and make everything else a little bit easier so that it compensates for the lost amount on that a Smart check. If you have suggestions for other ways that we can detect virtual hard drives or other -- them are being affected by our virtual hard drive for hidden contact customer support and will take that as a feature -- -- access into will be able to change its future. Okay next question daily health check is no longer running after updates. We have any ideas property security missing as well from the dashboard. Like a little bit of follow as we wanna look into that -- I wanna call tech support for this issue if you have downloaded and the newest version of the daily health check and -- Has stopped running those properties are not visible and that means of calling have a problem with the script itself from going through now the properties only appear in the dashboard. After the first time you run the daily health -- scripts what's actually happening in the first couple lines he call me another script called -- properties stashed daily health check. And -- -- goes through and -- the properties table to see if there are any additional properties that need to be added in that may have been deleted the previous day. It also checks to see if you if you have the properties in their at all if it sees the properties in there it's not -- updated policy if it doesn't see that property name listed as an added in. As if she's there with default values so hmmm if you're looking to -- properties you can go in and run the -- properties daily health -- script -- -- that you'll be able to find that under system automation. -- dysfunction is -- of another question do you have a list of services are checked for the service -- we actually do what I can tell you that we filter that list by whether it's -- driver or not it's it's it's it's a windows driver we excluded if its printer we excluded. And finally we look. Look for the of -- blacklist. This is -- blacklist just -- Even 2012 might have been a little bit earlier this event blacklist which you need that the service steps should be automatically running and is coming up the -- -- you run the check so any service that's on that list it is going to be skipped over as part of the -- process. Under tools reporting configure manage risk for. We can change weeks yours well does this do the same things change and in the properties there's also an update client health scores option here to. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- teaching -- some questions user friendly -- the executive summary report in management report are also are actually health reports as part of -- health reports that the executive summary report it is actually the same as the monthly summary report in the management report is actually the same as the Motley -- reports so if you're looking to get those ports are -- scheduled you can go ahead and select those that names won't be the same but they are basically providing the same information. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Scroll all the way down you should see script underscored THE underscore -- -- And there should be a total of five waits for the performance section. Obi -- -- CPU spikes memory -- Memory average CPU average and -- OS version costs you can go in. And and reduces CPU spikes. And 20 and the memory -- -- -- zero. A gesture -- three up bounce between them so that they all add up to a hundred. And at that point you'll have effectively remove the CPU spikes in memory -- from Europe for performance health -- checks will still be performed but they will not impact your overall score for performance. I want to thank everyone for attending this week's webinar. This webinar will be made available both on the forum under Lindsey corner, and on LabTech TV under support webinars. I also wanted to remind everyone about the resources we have available for you online. By going to support.labtechsotware.com we have a variety of educational resources, including documentation, Knowledge Base articles, and LabTech TV. On behalf of LabTech I want to thank everyone for attending and hopefully we see you at a future webinar.

Related Videos:

  1. Offline Server Monitors Support Webinar

    Wed, 9 Sep 2015

    Hello and welcome to this week's support webinar. Which webinar will be focusing on troubleshooting offline server monitors before we get started I just wanna make sure that everyone is comfortable with their virtual environment in the navigation control window of the webinar you have the ability to ask questions we'll silence all communication during the webinar and use the questions window for primary interaction with the audience we'll have a live Q&A session at the end of our demonstration. It is recommended that you send in your questions as soon as you have that. Thank you very much for joining in let's go ahead get started. A like teachers are speaker for this week's support webinar aired Alberts. Good afternoon everyone and thanks for joining I've heard Albertson and today will be discussing wrap text offline server monitors. We're also joined today by Joseph Lombardo who is our key support I would LabTech monetary. Senate time to waste let's get started. I want to discuss the differences between their offline server monitors. I'm speaking asked specifically. About the offline location. Vs but offline servers. Vs the offline master servers monitors in you're not tech says. We're gonna touch on some best practices related. We'll look at a workflow of these monitors. What kinda get a step by step of what happens when these monitors start to fire op. Will look at what groups are tied to and how they're alerting. Will be discussing things to look for when attempting to troubleshoot. Especially in regards to false positives with these monitors. Answer we'll talk about customizing properties. In order to change the alerting behavior. So my goal today is to familiarize you all with these monitors and how they function. There are expected behavior and ways to manipulate they're alerting. I hope you all will walk away from this webinar with a better understanding. Out how to utilize and maintain these monitors to benefit your business. Okay so first thing is first we have three different offline monitors. We have one designated for offline locations which we're going to discuss in a moment. And then weight have the offline map. Your servers and the offline servers. So it's important to understand the difference between the last two we're gonna talk about. So first and foremost. We have different groups that push this monitor down to your agents. These are offline monitors and there any feature set up late nineties so bear for BC ignite service plan groups. Pushing these monitors. Be offline servers monitor has to capture a wider picture up all servers. That were monitoring. And because of this week's CNET monitor enabled on multiple operating system service plans. Whereas the offline master server monitor we do not so let's take a look at this side by side. We can see on the left side for the offline master servers monitor or only really utilizing new windows operating system service points. On the ready for the regular offline servers is where we're taking advantage out all the operating service. Op service playing grips. Next we have the intervals for which the monitor runs. So a rule of thumb in LabTech is master computers. Those which have designated as a master per the check on individual machines computer screen. These are checking in every thirty seconds and therefore it the quickest answerable for which the monitor can run. Is thirty seconds. So there for our offline maps. Stir servers monitor will see the frequency run at thirty seconds. Non master computers. Are checking in every five minutes. So therefore we'll see that offline servers monitor. Run at a interval frequency out five minutes. So that's another main difference between these two monitors. So let's talk about some best packets. So our best practice is to use these. Offline monitors. And enabled them within your service plan groups. By default we saw the ignite managed when it will seven. And managed eight I five service and groups and they were pushing these monitors automatically via the service plans. If you've created your own groups and your not utilizing the ignite feature sad. You might think about enabling v.s monitors on those custom groups who created it. He can simply mirror the alert templates calls within the ignite managed service and groups. And in a minute I'll discuss how we can leverage the properties in the dashboard with those alert templates. Also it's important let's meet all those critical servers at a location. Master computers. And utilize the offline masters server monitor. Because of the frequencies for which it checks and remember we had talked about. Masters checking in thirty seconds non masters every minute. So masters a lot for a more frequent check again. And its ability to respond to commands so again it's always best practice to me on your critical servers at a specific location. Masters. Okay so let's discuss the offline location monetary and it's work well. Here's how it goes. If you navigate to the computer screen under the effective policy. You might see that the LT offline locations monitor is being applied to the all agents group. And that the alert template type to it it's set to default do nothing. This is actually a bug in should be fixed in 2013 however. If you come across this where your patrons. Are getting signs the offline locations monitor. By the all agents group. You're gonna want to follow these simple snaps to remedy past okay. So from our monitors. Button. You want to select the als he off locations monitor and go to the monitor target tap. You should CD all agents group listed in the groups section. Simply double click to remove that group. So when you see and now this. Becomes a global. Monitor. Now I know that because there's no groups appearing on my monitor target tab. It can be a little deceiving but when there's no group groups showing up on these internal monitors on this monitor target cap. That means that the monitor is essentially global. And is now getting applied to all agents. Print this specific monitor are offline locations monitor we want this sat as default. We want every agent checking into your control center to get this offline locations monitor. So bite removing any groups. And inclined to locations computers X Sadr attacked the monitor where essentially making this global monitor. So now you'll want to control. The alerting for this monitor. At the monitor level. If you want to customize and create different alerting options for different locations. You can do here one offs by creating a copy. Out the monitor then make your custom alerting configurations. Such. Don't forget. To green name your copied monitors renamed them however you're customizing them. Name them accordingly so that the mark marketplace does not over write them. Okay so here's attempt to reduce the amount a false positives. For that offline locations monitor. First let's create a location. This new location while house our laptops. Only. So we're gonna put those laptops in the newly created location. So why are we going to do this air and why I'm so glad you asked. Weakened then exclude. The location and from that offline check. Simply oak. Relocation. And under the night's tab you'll see the offline attack simply checked that box to exclude any locations. Or any agents belonging to a location. From this off line locations. Server monitor. Okay so that's kinda how work. Do in the specs practices. Reduce those false positives especially be seen as a lot of times with laptops. Because of the frequency for which laptops come. Edit all our network. A case and now let's discuss another way to exclude location. By customizing within the monitor. So you can choose to exclude locations. By manually. Inserting the location ID EE. Isn't an additional conditions. Section on the monitor. Here in the additional conditions section. We can read further action this monitors configured form. If you want to exclude additional location I can annually answer. Me here you see it highlight it. Com on your screen. Don't forget that you can separate with a comma for multiple entries as you can see an example with locations one and you. I also wanna point now that in the additional query. You can see how we are also looking for that stack army as a extra data field but on the case. That is the I'm. Exclude location check we just look at onto the app and tap on location. Okay so if you don't know how to. See this location ID's. To get IDs at your location go to your tools menu and select show IDB's. And then you'll see those IDs popularly. Entry. So you can quickly CE which locations are down. I'll from the market monitor. On the location tab out the monitor so when you select monitor. From our menu under the location tab. Here is where we seen those sales for let the offline location monitor. You can exclude. Locations from ever appearing on this tapped by adding that location ID to the properties in the dashboard. We find those properties under dashboard. Configurations. Properties. And then excluded locations line item. Simply highlight and have the number at the location AT. As you can see from slide you can insert multiple locations. I'll look it he's here as well. Again you're using a comma to separate. Again to see those ID's those location IDs tools and then select show. So first and foremost let's talk about how we travel should be off server monitors. The server stops checking in to your text server. This is gonna be the first indicator that the monitor is going to fire op. Second is the offline servers for the offline master servers monitor is going to be tree. So we're going to seen BG tacked it under our monitors. Dip. Ignites feature set automatically has the monitor calling alert templates 31. Okay this is the auto X actions server off line scripts. And remembered that it. Is an actual scripts that we are calling here so you can see. Which script. Is running so paint into it if you know what the script is doing. You can find this script by following the bread crumb trail. So we can look in the auto fix actions and look for the monitor offline agent scraps. That should run when this alert template is triggered. Okay so let's take that script now. So again this is things that we might be doing when we're troubleshooting. This monitor. As you can see here I've searched under scripts auto fix actions and then I found my monitor are one agents. Pay attention to the notes within the script. It will tell you exactly what the script is supposed to be doing. In this case the monitor off line agent scripts attempts to determine. Whether the individual agent is down or whether an entire site is down. Step five. This is where that script is executed. Its determining if the server is. Really off line there's several tax going on in the background. Like first it attempts to locate and leverage another machine at the same location. And in the same network subnet as the offline server. It attempts to execute in number of tasks from that machine. In an attempt to diagnose the nature of this type about it on the server. If it can contact. It will attempt to bring server back online. By remotely restarting you OLAP text service on the offline server. Okay so two things are gonna happen one. The each comes back online during this script accidents fusion process. And then won't happen is the script will automatically clear that failure from the monitor. Reset the monitor for that server and then access with no notification. Meaning no tech work email is generate. Okay so that's only half the server checks it and add some time in the middle of that script execution. That was that step five that we saw. So in an attempt to locate and leverage its executing some tasks. The easy comes back online. The script is going to note that it's a six that's it's going to clear the monitor and resent the monitor for her that server. And it acts it's with no notification. However. If the agent is still offline and it's not checking in to your lab tech server after the script execution. What's happened is the scripts will call alert template theories Q which is our server offline. And then when this dies is this performs a series of alert actions configured fair. By default that should create a ticket and sent in Ian so let's look at app. In the dashboard we can find number template I keep saying alert template 31. Your alert templates Leo's globally in the dashboard. So within the dashboard we can select the management tap. And then it's alert templates underneath that. As you can see it on the left column. We have template ID. So I can quickly navigate to template number 32. And highlight to see what exactly is being calls here what alert actions are being created out of the box. So the bottom you can see out of the box I have an email being generated a page or a waste a ticket. All of this is generated by default. When it backs. Offline server monitor. Still will not checked in. Even after the initial. Script oughta fix has been run and determined that server is actually off line. So that's when all these alerts it triggered. So it's important to understand why the initial scrapped the one that got executed in step for that one that we talked about the alert template number 31. Where it's auto facts. It's the one that's trying to leverage and other computer. It's trying to wake the machine up restart the LabTech agent determine if that servers actually off line. So it's important to understand that this screw that. Takes approximately. Fifteen minutes to run and diagnose the information being processed by scrapped. So I'd tell those scripts complete and determines an actual server down. Daniel be notified by step seven. Where we call the alert template number 32. That generates the email the ticket of the ways that page are Sadr up. So what that means is they about it. It could be up to fifteen minutes that a server or some way could be down before you're actually it notified by that second alert template. Which is alert template number her it's have you. It's gonna be about fifteen minutes. Before that he might be notified right violet are alert template 32 so that might not be ideal for your business practice right. Okay so if you stay on top of that. And be notified backward step for initialized that initial scripts that runs to try and wait a machine upper leverage another machine. Restart OLAP text server. Agent on it. Let's look at how we can change the properties in the dashboard. So that you can be alerted automatically. When these initial auto fix scripts starts to rot. You've leveraged the ignite properties within the dashboard. To change the behavior of how you can be notified would be offline server monitors and the auto fixes tides. Remember that I'd just add ignite property and cash. So I mentioned at the beginning as that these monitors. Are technically. An ignite feature. So these monitors are being pushed by night groups out of the box which we talked about earlier. So therefore we're going to find the properties in the dashboard. Items are at the end nine top. So if you're concerned with the op line agent email address. And offline agent email immediately. What we're going to do is we need to adjust both. Of these properties. As they work in unison with one another. So you can insert an appropriate email address email address where notifications. Are going to be sent. That's the test at test dot com music on your story. And then I need to turn on the offline agent's email immediately meaning as soon as that's script runs. That's script is looking to the gas sport to see if this type of functionalities turned off. If it is it's going to attempt to send an email to that offline agent email address that test at test dot com that we see in front of us. It's going to say hey guess what this auto fix script is running trying to wake up a little case so. Or a wake up a server and offline server. So again we how to adjust the email address here we have to put in an appropriate email address. And we have to change that offline agent. This is simply turning. On the functionality. By default in the dashboard this up this stop is turned off. A case and don't forget to change. I'm always when we are saving additional fields we need to be saving at the top of our screen on at the bottom. So once you have adjusted these properties. You're now going to be notified immediately when that auto fix script runs. And this is an attempts to determine if the server or servers are actually offline. So this way. You're now able to start your troubleshooting process. Soon after. Fifteen or so minutes when that ought to scripts realizes that it can't actually reach the server. You're on top of that you're starting to troubleshoot and determine why that server may be offline while that Otto picks script is doing the same thing. Okay so this leaves me my next point and that is failed checked pants. The following are the most common reasons. Or failed seconds. So these are the things to look for when you're starting to troubleshoot. These offline monitors. When they start to fire off. First and foremost. Is the target server busy. You should ask yourself what type of server is this for the location. And why do we want to ask ourselves that's. Because the LabTech agents check in process. Runs at the lowest possible priority in the operating system. So should the operating system determine that the resources used by this process are needed for something else like come back opt. Warming the machine is running and eighty scheme. So that LabTech check in process is pause. Until resource has become available again. This is kind of a prevention measure for the lab tech agent on four impacting the target servers performance. So it's a good idea to it in app evaluate. The individual server they'll check and first. Next we have DN apps. If the target server at a location is on cable to resolve the IP address at your LabTech server. Due to issues with Ian asked then obviously check in is going to be a problem. You're gonna see a problem with communication with all those agents in apps is that the root of the costs of course. First thing to look for is log entries. These will be created and can be found in the LT airs dot text file. That's located on the target machine's. Windows directory in the LT ES BC directory. Okay so it looks a little something like best. You're going to see the connect failure message as. Unable to connect to the remote server so that's purely indicate a ID NS issue. So next week have AD policy may be changes to the AD policy has happened at the target location. Blocking check ins to the lot text server. So contact filtering must. Included the LabTech servers fully qualified domain name to ensure that the filter doesn't interfere with the check in process. A tank. If all servers stopped. Checking in at one's. The issue might be weren't Lott's text server itself. Text servers and its performance. Performance issues can prevent the timely processing of agents' actions and can trigger those monitors. So you can double checked the status of your LabTech servers environment to ensure operation and activity. And internal networking issues may be some external DM asked all of these prevent the process of check him. For breaching your lap text server. Okay so let's take a look at the stuff for a quick out with in our control center. On my pretty much covered it then we're going to do eight I'm human hang with by the general. Okay so here in our lab tech system. Monitors. Again when we're talking about those offline monitors. These are internal monitors. So I just wanna quickly show where they are located as you can see here are offline applications. Off my master servers and offline servers. Going to double click in to use the opt locations monitor. First thing I want to low or that we mentioned in the presentation. Is the markets are targets have. Is the all agents group applied yes it is a case that this is this is something I want to remedy I want effects. I'm going to double clicked to remove that all agents group. And when I say it. This monitor has now just become a global monitor. So I'll agents reporting into my lap tech control center are going to get that off line locations monitor. And that's how it should be. So now. Now that this offline locations monitor is and who global monitor. I can manage the alerting on a global level. So here on the alerting tap I currently have this set to default nothing. But if I want it to call that auto fix script. I'm going to find that here as an alert tab plant. Order I wanted to do one offs and can't really customize pants I could create a new alert templates. And added my own. Alerting actions. So may be I'm going to add an email. Every day. Maybe I want it to contact. Somebody specific. Maybe I also want to go ahead and stagger a script action in here as well and called the scripts. Week in the actual alert template which is a best practice. So maybe I'll it's hams to resolve as well. And lacks the admin know that the script is running. So there's a lot of different things that you can do to customize that's. We also talked about in our presentation the other two monitors. Our master servers. And are offline servers. We talked about and it double click and go into your monitor target tapped. We can see very quickly which groups are pushing this monitor out. Remember we talked about that this is night op feature set so therefore we're going to C 898 groups pushing this monitor. So let's take for example the service plans windows servers manage it act by. We can follow the bread crumb trail groups. Service plans. Servers. Eight backed by. Going double clicked to open group. And you can see on my internal monitors tab. And I scroll down and find he als he offline master and offline server you can see that there enabled at this level. And pushing the alert template. Again at best practice is is we urge rot letting people groups drive d.s. Two particular monitors. That Napster servers and the offline servers. It groups are really pushing the panic and we can double click we can enable disable at this level. If we once you create custom. Alert template at this level we can. I'm out of the box. Is always going to run these auto X I I action scripts. We talked about how we can leverage. The alerting style on the initial script execution. We talked about that as being in the sports quickly. So here in the dashboard. We want to find those properties under the top that are going to let IS. Turn on that email immediately. So could fake integration. Nine. We see that I enter. Our default settings. Of email address and email. Opt by Asian immediately. So here I'm just going to highlight. Select one. And essentially I am turning on that email immediately service and order for this to work must change this email drafts. To save those changes. So now. When that the initial script executes. Or offline master server offline location X that are out. Since we're in the dashboard I might as well mention that you can set the default value of this offline. Alert template ID. I would keep it at standard 32 but again. This is where you can change that. I get the script is looking to that this value here when it notifies. If you ever wanna know why its business description is you can see a grief description of what this. Fields is actually supposed to be doing. Okay. So now I want to take some questions are questions from the audience. I'm going to introduced. Joseph Lombardo whose art he's support guy. And he's going to hopefully answer all those wonderful questions. Thanks for listening and term don't take it way. Not so fast Aaron for handed over to GO. I just wanna stress a couple points this is instance in teaching him instructor here also Atlantic. And as Erin mentioned earlier in her presentation. That in 2013. As we can see here the LT offline location monitor. Is enabled through service plans. There's servers plans will be your windows servers. Manage 24 by seven. And your windows workstations and managed by five. So just as he stressed this is it any ninety. Enabled monitor in in his set through these service plans. It's not gonna be on the all agents group like it was pre when he thirteen. Now for you guys that have not upgraded to Tony thirteenth which you would like to do so to take advantage of all the new bells and whistles gather. You probably will see it back on the all agents group. The LT offline master server. Is enabled through our servers clients and that's taking advantage of the servers managed when he four by seven. In the windows service manage it by five. The LT offline server. Is enabled through not just our wind news service plants like the other two at the top. But is also utilized to our Linux and Mac. Service plans. With that little bit. That tidbit of information at it now we will let you fire away any questions you had. Two joke. Are sneak. For our internal monitors. Thank you. Good afternoon though my name is Joseph Lombardo I am the monitoring and alerting subject matter expert here LabTech or an answer questions. I'll remember you do you have any questions it's met them. I. Should the first question and so if you put all of your laptops on a different location as suggested. There would not be approved associated with that location on this is corrects. And so boasts probes futures are not required formal devices of this type that Saddam it's still recommended you don't need to actually graphics and corporate consultations so on so that is correct. The next question is I should we remove all the all agents group from the LT also in locations monitor our guests if your loyalty offline location monitor is applied. The only agents group. Should remove that's on only two groups from them on her. Then you're Warren checked the alerting tablet real you'll slide locations monster. And ensure that it has similar assigned to it. That match your word art or are general practices have server offs on. Older templates or assign to that martyrs as do our ticketing and emails functions by default. Next question is some what determines an offline location of the criteria for that monitor. It's what it's looking for is I'm. A all agents at a specific location. Having zero check ins within ten minutes and that's Kurt seriously off on locations Molitor. Arnold so if you have a location the past five agents it's no agents have checked in which in and minutes it will trigger smaller church for outlook. Next question assume we have found that these server offline. Off server scripts. Or more are slated to scruples sometimes sale to completely wrong and create a ticket I'm so we had to implement an immediate action creation script will this results in its arms in the com script itself tomorrow natural or an agent script has an option property associated with that. Called email immediately. Around this is sound in the dash or burger considered considerations. And properties. On this email immediately property and set one arm and he triggers that scripts to immediately notified via email email associated. So it's aren't that. Basically it will across the scripts. And you know initially ones so or any other actions are taken orange should be used on. An email will be generated. Such you know trust send shouldn't god this is so the first and best option. S it will mode or you immediately. Started if you don't follow ups. I'm not good indicator that a lot about a you know immediately will also Falwell ones pleat. Instead are who you machine itself back. I'm it will books or Wales will follow just like bureau are. The next question is there a good way to test the offline server on a per without actually turning off the server there is a way to test this if you have on local access. Console access to a server on that this monitors are true and edit access outside of LabTech good a good example that mobile locals are merger office cash you can stop the LabTech agent services on any of your monitor servers. On veterinary groups that have the Matra are on you wanna start to checker utility each urged and then the LabTech agent itself on that. Agent service is being stopped server speaks to stop the check in process and simulate. And offline server event it's essentially the same and so they'll check in process running. On this server will trigger the monitor and trigger it's a worm and some super where you actually went through into Iran you can do goes on its you'll orchard clients. I want them all ordered go ahead and and while you're on sites simulate legislature. This year. Next question is there a way to rank you higher priority workstation as a server so that it will report and if it goes offline a not necessarily. What you can do in this case is you can designate that our computer as a master of the same way you do it server by checking the master aux will screw up the management for that agent. And then you can create a copy. Of the all sly and a master server is on or. And with the couple's modifications to remove the requirement of the server less and all and that's what's a group you can created group. That Saddam will have these settled master computers and of that willow Wiltshire produce alerts as as harper were to computers so little bit of customization. Updates from the marketplace do not say internal monitors that are in use there are exceptions to choose that on such as about the release a major releases arm a such as a window where it's her team which released a major releases him and expects those induced sweeping changes to existing monitors that are neutral monikers. But in general. These changes are not a strict by standard mark what's up with that being said. Best practice on has been in and still is to make copies. Of marchers as opposed to making changes the existing ones that you wanna put things in place as. Marchers. We're. Next question is is there a list for guides to find possible additional conditions. There is no master list com but says these monitors are. Simply an SQL queries or running on the database so the only limits placed on them are the conference opens of smoke Erie. And so they have from. Org or abilities are as well allow him to stood. On its newest jewels and X is wrapped around mulch or permissions its. On the let your base are more or permissions are what problems are real what its missions through or some. Next question how about checking it for a device at a location with the router firewall and forum Laughlin location. From. That's that's possible are not enough not to discount it is possible you can set up column outside in test for example from me. Always it's always a known to have the site senator and consider and pass. On Tuesday on the public. Side of far wall router. As a let's see what other side on. Accessing from within that site and fortunately not route possible and so it's. Drops out or we wouldn't receive a response girls so I'll it is possible. Recruits. And expression to reiterate so he recommended a template for offline locations was a cult server offline itself over time number 32 by defaults. The next question is so what is its proper name for email immediately other secondary way to set that without going to the properties if you go into the past or under and seeing integration and ignites. Sections for default properties. Are and the property can be found in there. Next person so what is the best way to alerts to song numbers when it server assault fluent. Viewed through best method in this case would be to modify the end alert template which is sort of a number 32. Are named server offline you're just wanna add an additional. Alert action. That includes a lot of beauty. Notify. Our with the contacts are associated. Of the secondary option would be changed the concert details. Of the original are not sure that's. Order to show notes are not best option it creates a contact so and and then go ahead and creates you'll actions that. Model the next question is is there a way to initiate it and the gristle shut down realty essentially saying that if I manually shutting down server that it would send me signal Atlantic server to indicate that I'm shutting down but it's okay and then when it starts back up saying of that it's all right and essentially not trigger the small church there is no way to do that with say one point six we have a series of options to. Handle the situations that say feature going to be taking down server temporarily. Homes were few hours or so are you templates that server it's a maintenance mode. Are rumbles or you doctor. Actions and insert down and millions without triggering our series or monitoring. Com and then when so. Smooth spires of organ well its normal that's the best way. Done by wreck your age and it's. Sort of terror alerts scripts or efforts and if you bowls. The best way to do that I'm also currently a year or to have an extended period of arm encircle service attributes based or arming its maintenance or more than so it's. An ad that machine SE exclusion to. Of the offs or circle mall altering. Temporarily column its manual but I do that by opening ultra cells go and two. X and right clicking on save section. Navigates the computer like that excluded. And that has to be undone manually wants some maintenance is completed optical aids use the same process Sorrell longer her on you that for days weeks months. And those excluded solos a machine or service and some of the agents. Are looks like that's all the questions we have for today thank you very much for attending. If your interest is in overthrew this webinar Guinness should be posted by Monday afternoon. And now we look for to see you again and that's who weeks acute.

  2. Patch Management Webinar Series Part 3

    Thu, 5 Mar 2015

    Hello and welcome to today's support webinar. My name's crisp and I'm a technical trainer here Atlantic software. And today is part three of our past me series where we're gonna talk about troubleshooting are patching configuration. Today's agenda before we jump into part three were gonna briefly talk about parts one in two just. An overview of what got us to this point. Then rant talk about troubleshooting the common issues that we typically see here in our support department. So talking to some of the subject matter experts that we hand and our support department along with some of my own experience as having. Bin that the primary support person for patch management. We're gonna talk about some things we commonly see that give our partners the ability kind of troubleshoot their own issues without having to open up a support ticket. One of the common things or weeks the past due with communication to the windows update site. So this may result team either in the empty patch window or maybe not as many pants as we expect to see on that agents patching ten so we'll take a look at what can be causing this. Also will talk about. Why my agents didn't patch will take a look at our configurations. Will make sure that the machines are online hmmm we do have approved pensions. And a quick way to a to see if we can troubleshoot the windows update log and see if we have any agent related issues. Last ever Wear and talk about his maybe app that's fine but for some reason the agent in reboot so sugary booted after it installed the patches. Will let's take a look at the configuration make sure everything lines up. And it see if we can't figure out what's going on now. The main thing that we usually use when we're talking about patching and rebooting Rommel we're gonna really break down the effect the policy tad that's a relief the easiest way to kind of troubleshoot to make sure my configuration. Is in place like I expected to so we will spend a lot of time in effect the policy tab. Or lastly I'll talk a little bit about customizations. And how we leverage extra data fields or EDF's. And the kind of controlling in customizing my environment. Now a little bit of a spoiler I'm not gonna go through and show you how to create. Specific X or data fields. What I'm gonna do is arm and a point you in the right direction to we're we have a specific webinar that will walk you through the process but also how to get to our knowledge base site. To kind of find all of the existing literature that we have of that cane help you in your data date. Our troubleshooting activities. Troubleshooting. Let's do just a brief review of our first part in our test management. Series. Where we just basically talked about how patching works so basic enabling a patch management. If you remember we talked about. At the location where enabling onboarding we're getting them in to view a contract enabled service plane which is our 24 by secondary by five. Groups by default. So were assigning down to location. Edward kidding our agents in the appropriate groups that put them under contract and then we're going into that patching tam and were. Deciding whether or not we want to turn patching on for workstations and servers and then we're picking the day that we wanna patch. That will automatically get our machines into a group and applying a template that's gonna set the we also talked a little bit about the patch approval process. Keeping everything in lined in the pants mean injuring kinda navigating to the test manager to get my patches approved. Lastly part one we just talked about how I keen disable passing for individual agents by many have a location where I have a bunch of agents. But I want Warner to agents to be able little bit differently maybe I just wanna disable patching for one of them or maybe I just want to disable. Reboots I have the ability at the agent level to omit certain agents from of the locations patch management policy. So from there are all week kind of went to part two where we talked a little bit about the bank in our right part one. We talked about a let's get everything set up how everything kind of works and going through with Dick nite. Then we kind of continue that way is how does that all work in the bank and well everything is driven by search groups and templates so. I put my agents in a search. It gets joint tour group and I apply the appropriate template on that template I'm gonna get my patch install window I'm gonna get my Patrick who window. And that's kind of the automation. Within LabTech. We then talked about daytime patching enabling daytime patching for workstations at the location. And then we're really broke down custom patching and how that works and how I get that scheduled. And how it ties in to you mind. Group structure and most importantly. Giving. My agents in the right groups in the right dating getting net update configure me and sent it to update the template. Appropriately. Then we kind of talked about the pats approval process a little bit more we kind of jumped into how we set up our. Deny groups and now we deny specific patches and we get our agents into those groups instead of denying them globally under windows updates to approve group. And then lastly we talked a little bit about automating the process. How I can use our existing scripts and kind of changed them tick kind of manipulate data that I want to I don't have the existing script stay here and how we can copy a script to renaming. And you use it for our own use. So that's a brief overview of what goddess here. Today so let's jump into today's topic were gonna talk a little bit about troubleshooting common issues. Like we said a common issue could be tied to communication. Where I have an empty patch window Lori don't have as many patches is I think. Should. And the main thing we want to check is do we have communication to the windows update site. So the way they're patching works within LabTech is we send a command to the agent the agent. You know leverages a windows update API it locally on that machine and it goes out to the windows update site they gets all the patch information. While I can't communicate. To the windows update site I'm not gonna get a ballot list of patches or more commonly im not gonna get a list of any patches so there's a couple things we want to check. Do you I have the right services up and running on my agent. Do I have a W Sus server firewall or proxy server that's kinda blocking communication from the H into the windows update site. So we'll take a look at the services that we need to kind of look at to make sure there up and running and I'll show you a quick way to check for W Sus server if that's blocking communication. Don't ever great way out to walk through all the different firewalls that may be out there are some middle leave that up to a of the partners out there to kind of make sure your firewall settings and your proxy servers are in place but we will walk thru the services in the W subsection. Next is I have machines for whatever reason did not patch now there's a couple different things that we can check we're gonna take a look at. One of the most common things Islam was the machine actually powered on during the patch install window. So we talked about the default task window being from three to 5 in the morning that history M to 5 AM. While I need my machines on during this time in order to patch so we can check our event logs we can check various other logs to make sure. If that machine was actually up and running during its patch install window. If it's not alive during the patch install window we are in agony issued the command. In order to set patching in motion. Next we got picture we have approved patches for the agent to install. So I can go to the agent and I can take a look and sort through all the patches that are signed this agent. Making each your. Which ones are missing but more importantly they have to be missing and set to install. If I don't have any missing patches that are proved well they're not gonna patch during it's at patch install window. So the common thing is I have one agent that doesn't seem to be panting we open it up like what we don't have a new group patches so we didn't need to issue the command we need to have that ballot as the patches. That are approved and missing so we actually have a job to XEQ. Were also gonna talk about scheduling. So make sure that our locations are set up and everything is configured correctly. Cause we do you have a bunch of June on patch groups. That comma. Stock into LabTech where for majority of different reasons that I don't have everything set up well I'm gonna get pleas to did you know parents group. And I want to make sure that all my agents are in a ballot patching group. So common examples of we talked about disabling patching for an individual agent a week checked that box it's gonna be in a do not patch group. I don't get my agents under contract it's gonna be that do not patch group. If I haven't enabled at a location that's gonna be another example of getting thrown into it do not patch group. So again we do you have a bunch of different things we can check to make sure word that are agents are setup for success. Lastly it could come down to I have everything configured correctly LabTech for for some reason it's still not patching. Well we may need to check the windows update looked to see if there's any Ayers with the actual windows update each it. So show just an easy way to pull the windows update logs exported into the lab take servers you can take a look at the full report. Now we if trouble shooting our patch is the one thing I wanna kind of stress here if you're not. Using the effective policy to have hope you start after this. Presentation because from here I can take a look at a lot of different configuration settings. I can really. Kind of narrow down my issues by using effective policy to see what groups there and see what templates are getting applied making sure work. I have all of my patch configurations in place on the agent maybe I have a template. Snap who were I have one template trend it's that the patch install window and I have another template with a higher priority that's disabling panting so I can use the effect of policy leverage this tab. To point me in the right direction. So maybe. I did patched correctly but the machine did not regroup for whatever reason. Again. I can take a look at the groups that it's in in the templates and make sure everything is lined up accordingly. The main thing I need to make sure is I have a patch reboot window assigned. And also not only that it's assigned its working in conjunction with my patch install window. So if you remember. Bank are patch install window Patrick the window work in conjunction with each other. I can't have my patch install window started three my patch through windows start at five. And then I think well after it's done patching whatever hits five it's gonna reboot doesn't work that way. I need to have my install window and my Reba window assigned at the same time. And again and easy way to check that configuration is going to be from the effective policy tat will take a look at all of this. In just a couple of minutes. So lastly. A little bit about our customizations. Ain't talking about creating extra data fields. We have a number of ways where we can create. These customizations. Where we're denying patches or even creating our own custom service points. Had a lot of partners and still have a lot of partners that. They want to have ignite control patching but they don't want to use one of our existing service plants. Because they don't want all the monitors they just want to use it for passing while. Out of the box we don't really have an available way to kind of give you. A deep fault service plan that doesn't have all the bells and lewis' whistles aside with ignite. Well that's where the power customizations commend. Now unfortunately I'm not gonna walk you through how to create all of these. And if you're asking yourself why well it's because thirty half and so I'm we already have a webinar on how to create need to figure patching groups. And you can see the link there all show you how to get there we jump in the controls and in just a minute but. I always encourage our partners to take a look at this when they're talking about customization creating their own deny groups creating any Customs Service plans we have the information out there. This webinars just one example of a wave that reduce leverage what we already animal we have existing. And lab tech TV I'm gonna walk you through some in this customization. From scenarios. And lastly that one thing I always want to talk about if you're not familiar with it is using our online documentation. So if you've been our documentation you probably been there before we have a lab tech 2013. It you probably very familiar with that documentation. While we also have our knowledge base articles here and you can see I've clicked on that and I put in a filter of patching and that's gonna bring me all of my patching TVs. Now a lot of the stuff that I'm talking about today does in compare to the amount of information that we have here that'll help you troubleshoot. So or KB articles are typically written by our own support people. We continue to see a certain issues while we're gonna create a knowledge base article that's gonna help our partners. Trying to solve the issue on their own so it just always want to point. This documentation. Al. To make these resources available to you and again coal navigate their together when we jump into the control sinner. Which we're gonna do that right now. So here we are in the control center and the first item I wanna focus on he's communication to the windows update site. So let's say you have an agent and you're just want to check the patch inventories so you open up that aging you go to the patching tab. And here is where you my find something a little off is I have a windows server 2008. That only has seven patches showing for it now. We've been in this business long and how we probably see that though that's a bit off so the first thing that I typically want to do is test the communication. So the easiest way to do that is to go to inventory in recent hot fixes. Let's just see if I can force this agent to update its past inventory. I can come over to the commands tracked the commands. And as gates executing. Meaning the deck ticket a little bit by ants. Instigating the fast talk. And real quick I concede that communication has failed so. Command was pending and all of a sudden went to field so I know I'm having a communication problem so the first thing I always wanna take a look at our my services now. Typically for windows updates on the look for two services. Here RE haven't highlighted is bits which is the background intelligent transfer service you can see it's set to manual what it's currently stopped. First thing I want to do well wanna right click and I won't start that the service so indeed that communication open up. The cycle and obviously is our windows update service so our come down here in lo and behold. I have all of this is disabled and everything is stop so. And that's probably the main reason why can't get my patches if I don't have the services running I can't communicate to the windows update site and they can't get my immune Tori. To show up for this particular device so. Just like it did four bits this one ominous set to auto start. And then I'm gonna go ahead and start this service again as I'm issuing these come means. To the agent I can track them in my commands have to make sure that everything is executing successfully. And it's giving my services started back op. So here I am reading for that to set to auto. Reese and my services. Make ensure everything. Is working like I expect it to. Our main few weeks ago now I have mow windows update. Running and I should have my bit service running so again must have. Before I get too far award I'm also gonna check fork. Is if I have of low number of patches are also want to make sure that I don't have a W Sus server you know kind of blocking communication. Kind of I'm trying to send information from decision to the windows update site if I'm trying to go through Adobe Sus server. Mama I just want to check the registry to see if those keys exist. Now if you've never been in the registry before. Always recommend as soon as you open it up to re load the system cache. So this is gonna refresh all the mandatory one thing about the registry is we don't sheer we don't us store this information. In the database so when we re load the tanks were actually pinging the machine and updating all the current. Are registry keys that are. Showing up on this agent so it's very key to reload that task. Here I am a lo and behold I do you have a W Sus server. A signed here is the IP address now if you don't recognize this IP address a lot of times. Who will have partners take over a client. And they don't even know that they have a W so server place they just know that they don't have communication so we always recommend. Well checked the services first and then check to see if they have a Debbie so a server at the you don't know exists. That's blocking communication so if you're following along. HK LM software policies Microsoft windows updates were looking here for. A value. We're also looking at the AU folder. And we're looking to see if use. W saw server is set to one which means yes. So what I actually want to do is go ahead and modify. This key. And it takes just a second open up. And I wanna set that to zero are right I don't wanna use it W Sus server anymore. It's. So I set that valor weight that changes to zero. I come back up the you know what I'm just gonna go ahead and I'm going to you delete these three cities. Don't want to you. Disable windows update it's gonna stop communication. So it just wanna go ahead and delete all these keys. If I know that I'm using a W sauce and I don't want to. Before. I do all this I just wanna kinda stressed the fact that. If you're actively using a W suss or you had one in the past that you must go into the group policy and disable that because we don't want. To come in here did delete any registry values and then have the group policy up. Date and just put in the bright back in there so again if you do nova W suss and you wanna kind of disable it make sure you do disable. That group policy before you come in here in kind of delete those keys. So goal line go ahead and re load the cache before access and I'll leave that back open. So now. You can see a all right here we are going through. All of these items and kind of seen if all of this work. One thing I wanted to do before our try to reason that elementary is to run an update config commands let's read French art template configurations. And then once that goes through let's go ahead and test are. A recent hot fixes to see if we king did it our patching him and Tori to you update so. So now in its executing and now we're just waiting for that to see if it executes successfully. So now we die of our inventory. Successfully. Getting executed. It could take kid depending on the amount of patches that you have. Now you can see I went from seven to 207. So this looks a little more accurate. And that's what I'm looking for. Now you can kind of see we kind of issued these commands a cool thing about this is if you find this issue happening with the majority of your agents what you can do is kind of start. With all of the commands that you instituted. Even then. Registries. And everything and sending the tanks and update in the country and scanning the patch is the cool thing about this is I can't highlight all those. And I can possibly create a script that will kind of walk through everything that I did now you wanna kind of take a look at this and test it bought. If you find a way to fix this issue and you institute commands in the order in which he gets fixed you can highlighted if you wanna kind of backtracking you know what I only want to script out re setting the services I can do that as well. And it's only going to you create. Of the scripts that I instituted in the order in them which aria is sent the commands to the agent but. Those are just some of the common issues that we have we just want to make sure that services are running both the bits. And the windows update agent. And also wanna check to see if I don't have rod W SARS now another thing with the W sauce that we run into is. You know some SPS service. SPS servers when they're turned on they have that windows update. Service automatically that a role automatically installed that causes. Are a lot of headaches for our partner so here is a way around that and to kind of coordinate your efforts you can send the commands and possibly create a script to kind of automate that process working there are moving forward. Again in the overall goal is to get our parents information to show up so we know we have active communication between the agent. And the windows update site now I can kinda walk you through some a common issues with make it through the services is started in kind of tracking that windows update. I'm gonna leave any firewall or proxy settings as there's so many different firewall. Pieces and proxy settings it could be out there. I'll leave that to everybody out there to kind of troubleshoot your own environment. So that is a just a robbery for idea of how to troubleshoot communication issues. Com and I'm gonna move on to what if they act have communication but for whatever reason my machines aren't patching. So the one thing that kind of want to start with is we must make sure that would ever. Though patch install when there were signing to the agent that the machine is actually on a during that time so. If were patching between three to five which is our. And that we can always check our logs. On to see if it was powered off during that time on this for need to go back any further our team do you mind history. Our show history button and I can go through my event logs if I've passed over the weekend and I need larger set of laws we can kinda see in trouble shoot to see if that agent was indeed. Online when I tried to patch it. Also another thing we need to take a look at. Is if it was on though like a server here it's typically going to be on 24 sevenths com and next thing we want to check is to make sure that. Out of my 207 patches how many are missing. So out of that total I have 32 so here are the ones that I did you have the ability to install. Bought I need to have patches approved. And if I search by missing and installed that means that whole. Of my eye patches that are missing none of them I have actually approved so when the patch window comes around. I don't have any missing patches that are approved then that means I'm not going to have a job so even know if I do restore communication I don't have. Any available patches. And I'm not gonna have it in the evening to install as you conceal all of the missing patches 32. Or pole not sets I have made a pat classification to install it so again I'm not gonna have a patched on the knot on install patches or just wanna make sure Sheen is on line actually have approved practice to install. If I do you have approved patches and it's still not patching. That's one element jump into the effect of policy tab and see Obama have any issues with my scheduling. Now I set my schedule out the locations. I need to make sure that that setting is actually getting pushed down the agent. And I highly recommend using the effect of policy for a lot of trouble shooting especially at the each level by confined. One agent that seems to be having. This issue and I can fix it here ending kind of are. A relay that information. Globally to kind of fix on my agents well that's what I wanna trained it because here I can see all the groups and the templates that are currently being assigned to this agent. So I can track exactly what template settings getting pushed out if I have the corresponding patch install window assign I can kinda take a look at it. So fly looked at my computer's current config. This is was all the settings currently applied to this machine more pain if I expand that the two things I want to focus on right now is a I don't have it active patch into the window was signed it says never so I'm not actively assigning this the template that's assigning a patch install window. Also don't have a patch rebuke window so oh. Last moto on a check for is windows update mote says do nothing. So as we kind of go back through our different parts well I know I need. LabTech mode assigned to this agent which should be so showing right here and I need my patch install window. To tell the agent that LabTech is controlling the pad as well we evolve tolerated determined that. I also need to prove patches so I have none of those three things currently going on this page. So if I go back uproot my patches I can handle that in the doc the patch manager but here goes let's take a look and see why I'm nine Keating. In the parents install window assigned. Now there could be a couple different reasons that I don't have my agents under contract which you party talked about if I don't have it turn on the location. And also like to disable it at the agent. So what we usually animal we have a problem is who we typically. Come in here and what I'm looking for is this wonder right here so. Do not patch servers based on agent we have a number of do not patched groups if you don't have the right configurations applied to the agent. While we're gonna note that we're gonna put it in what we call do not patch groups here you can see. That it's currently disabled the patch windows and I'm not patching the servers based on the agent if it says based on the agent. Odds are I have. A check box does cabling patching you can see that right here so this is where I can track from the effect of policy and say. Hey Tom why are not patsy will let me see what Simon well I'm and I do not pants group and it's based on the agent. So that can beat me here. I can uncheck that box saved my additional information. And and I came get that up and running now. If I make any changes I'm typically gonna have to wait. Are up to thirty minutes for the searches and the groups too refreshed before I can actually see those changes apply. But also in that this training exercise. I wanna show you how I can expedite that process. I can come up to help I can go to server status and I can force my searches Q update. So I don't have to wait the six minutes from my searches to update I hit. This button and if you didn't see where it went I want from help to server status. And I refresh my searches so this process runs every six minutes. If I want to kind of expedite that and force the searches to Ron I can do that here. Once it. On the weight my sixty seconds and I do group refresh this is like opening up all my groups that world once and hitting them run now bought. So I'll want to kind of expedite the process and I want to kind of wait for those processes. To execute in the background so I can see out my changes Tate coal. So now it comes back in my effective policy to add. Make sure that it refreshes. And one I wanna see is it actually getting a signed to a windows updates Monday. Now now I have my windows update template pats install re blue window accordingly. Also one thing to remind you whenever I change group and template assignments I always want to send my update config command if five make changes to any of my templates they need that command actually apply. Of the changes that I just instituted. So wanna make sure of that mine update config command executes successfully tracking everything in mind commands. Have you can see that command it usually doesn't take very long. I come back in here. And now I can see my Monday template and I can see that I now have my Monday window assigned. And I'm currently in the LabTech moat so. That is fixed. Now you'll probably notice that up here I have Mike to exclude path to reboot window. While the event is law any time kidding this century brew windows set to never. So if you caught that on my at night tab this is one server that maybe I don't want to exclude the path review window. Or I want to exclude the captured the window so I have that box checked and again I can track that back so again you can track all. Of our agent specific information. On in my windows update group but you can see I'm excluding the patch review window here. And that gives me is the ability to assign the template. I bought kind of trump that template setting with a higher priority. Looking at the template section of my effective policy I can see the priority. All of my templates are gonna go from. The lowest priority at the bottom in the highest priority at the top soul fun looking and I have multiple groups assigned. And I do have conflicting template settings I know my default template is gonna have the lowest priority and I know my exclude country blue window template it's gonna have the highest. That's just how what's assigning the effect of policies so again. Very useful when I'm troubleshooting. And with so many things control by the templates that. Post Ty to patching that they're using effective policy is really good way to kind of troubleshoot what's going on. So I can see here is my windows update again I can come in here and see that that priority is getting assigned. War with the priority of eight. And mind exclude paths review window is getting assigned with the priority of 00. Is the highest priority throwing neck group up here. Getting my template assigned. And it is actually. Trumping. My parent shall read through window. Where I can see my insult remove windows getting set here to priority of a and my exclude country blue window is only assigning the Patrick the window. So I'm pulling my patch install window from Monday. And LabTech mode from here but the reboot window is actually getting trumped here so this kind of our ties me into art third and final section of if I'm patching and I am not rebooting as expected. War on using the effect of policies to kind of troubleshoot. All of the issues that it could be having. With my patching abilities making sure that the right templates are being assigned and applied to the agent. If I'm not having reboots execute as expected. Q I have a template. Assigned that trumping it or do I have read through window assigned affectively again I want to make sure that I have. Mine. Install and reboot window said at the same time. Or I wanna see if another template is actually trumping idiom any of the settings that I'm looking too you apply. Also I would want to check mine. Patch Reeve who mode to make sure that it sets and now if I just want to execute the reboots without any user intervention. That is one of the other items I wanna take a look at and making sure that the current can fade. Is all of lining up you can see my current configure. Says never I'm gonna patch okay because I have Monday a sign in on it LabTech mode. But I'm not gonna reboot because. I have this exclude Patrick thru window sign so. I'm kind of take a look and see if these are the settings that I expect. I can make some changes I can. I'll apply changes from the effect of policy fine needs you. Change items any kind of get everything working like I expect them to and kind of tested all right here. When I am satisfied with the results and I've meet them. Corresponding changes any groups are templates I just wanna make sure that I send that update configured to re apply any of the changes. That I just went through. But that is kind of running the gambit with troubleshooting patching is a let's start with communication. We must have communication from the agent to the windows update site to get the pats inventory net pass successfully execute commands. Always want to check to make sure my services are running our show jewel quick way to check for W sauce mixture that's not interfering. And all so just keep in mind any firewall or proxy settings that would prevent. Access from the saved it to the windows update site so on the agent itself. We want to make sure that we have the agent online during the patch install window. We do you have approved patches and I'm gonna make sure the effect of policies that I have all of my schedules lining up. Two I have him in the right group to I haven't. Applying the right templates is anything interfering do I have any other templates that are overriding any settings that I'm not expecting but. Again the effective policy gives me great way to kind of track everything in one screen. And I can open up the groups opened the templates from here and adjust them I'm not having to go back into the navigation tree. And kind of find all of this information. Soak your going through here in your still having problems and change. The last area I suggest to take a look at. Is as the windows update look and if I open up file explorer just like my registry settings. The first thing I want to do was re load that system cache because again we don't hold this information. In the lab tech server so I actually need to tell the agent. That I want to re load. With current data and I wanna get all of my information. But windows update log is going to be in the the windows. Folder. Once I reload my cache here is my windows update log now this is typically too big to open up from the screen. So just. Hot hand. In order to upload this Q. You're LabTech server I've always recommend to right click add it to zip. And it just takes and a Koppel's seconds to get that. Then I can transferred that file up to my LabTech server so our great way. To troubleshoot. On get this information. To your server to kind of dig through in the of the information once it's. Goes through successfully. If I'm on my server. I can go to my upload I confine the client that. Relays this information and I could open up the full windows update log from here. And I can look for any ears you can see. Before I had a lot of communication issues because I didn't have any services and I'm trying to exe commands but you can see I have a lot of a failures and then once we kind of scroll down here I could start to look at all this information getting process spot. Not gonna spend a lot of time walking through reading the windows update log. But showing you just an easy way I can zip it. Up load it to my LabTech server and kind of go through everything at my convenience. So that should wrap up for most of our troubleshooting guinier having issues around that any of this information that you still can't kind of or wrap your head around what's going on please you know contact support maybe they can. Hope you find the culprit. From the last thing I just want to talk about that we talked about and the presentation. It is our. Webinar sites and RTB. Sides so. Here if I bring my documentation site over I just want to kind of make sure that everybody is aware of this. I go to doc style LabTech software dot com and I have the ability click on my knowledge base here and then you can see I filter by patching. Most of the items that I talked about are going to be in their own TB here and you can see a lot more of the night. Didn't possibly have time to cover during this webinar bought. A lot of this information LabTech patching 101 that was primarily our part one in this series. And also creating custom service playing a bunch of different key bees that all hope you troubleshoot any issues that you're having again. Majority of these are written by our support subject matter experts. So should be really good information and point you in the right direction and help and you wild. Also I mentioned. I'm wasn't gonna go through. Various customizations about creating deny groups and Customs Service plans. The you can see I have my creating custom service plan as exe beasts here. And I'm that it can walk you through this but we also have. A webinar if you go to lab tech TV dot lab takes off for dot com all of our old webinars are here. You can see how to create and configure patching groups support webinar it was one that works recorded. In May of last year that will walk you through creating your own cost of night groups creating your own custom service plan. And kind of customizing. EU or patch and management environment so. That is primarily. A lot of the information we've covered kind of ring in through the gambit. Of issues mean dealing with setting up. You're so for success. Giving your patching set up correctly learning how patching works and then also some common. Our troubleshooting aspects whether we're talking about communication to the windows update site. Configurations. Changes war items. With the each it to kind of track whether it's offline a game that I patch is approved and also whether or not mine agents are rebooting as expected. You can see we kind of went through. The whole rigmarole of trying to figure out what's going on. But ram. Ramps up. Our part three of our patch management series.

  3. Patch Management Webinar Series Part Two

    Fri, 20 Feb 2015

    Hello and welcome to today's support webinar my name is crisp economic technical trainer here LabTech software. We're gonna pick up where we left off and parked few of our past management series we're gonna talk about configuring patching waste ignite. Today's agenda is gonna look like there's so we're gonna go over a brief review was where we left off last time. And kind of go through of the preliminary information that we first discuss make sure everybody's all up to speed with us. And then we're gonna talk a little bit about searches groups and templates and how they all tied together. So patching is predominately controlled. By our searches identifying the agents is that meet the specific criteria. He's getting those agents into the respective groups and applying the templates that are actually gonna apply the settings that we want so it's important that we kind of go through that to make sure everybody understands about process works because we're gonna didn't jump back into our location and the ignite tab. And we left off just enabling passing for workstations and picking a date and we talked about how those templates to the sign. Well we're gonna pick up where we left off or talk a little bit about daytime patching. How that works and what templates and groups that automatically gets placed in in law. Then we're gonna move across the event tab over to the custom patching section we're gonna break down custom patching how it works what to expect from it. And had a kind of troubleshoot issues and some of the pitfalls that it's not understood completely that we Macy's. Some issues there so we wanna make sure were following best practices for that. And vandal oh we're gonna continue on that were talking about the patch approval process. Oh weeks left off where were using the windows updates dot approve group. And were sitting are classifications they are for all our ignores and aren't stalls and it's an easy way for us to track everything from one group. We're gonna pick up we're gonna talk about how we deny patches in the importance of denying patches. And the best practice for setting those are sol we're gonna kind of continue on we're gonna at denying patches to the list of configurations for our patches. Lastly we're gonna talk about a little bit about automating the process we left off the end of the the webinar. Time that we get asked the question of is there a way that I can. Omit certain agents from some of this process and we talked about opening up the aging going to the ignite haven't selecting an extra data field. And that you know excludes pats reboots or disables. Patch patching from occurring on a specific agent we had asked a question in my weld is there a way I can automatically checked that box without having to open up. All of our agents and we do you have some scripts that will automate that process and I'll point those out to you but also show your real easy way if there is. An extra date field the U wanna automate that where you can right click on any client location or to grouping kind of mass applied this all at once are all show you real quick way to do that so we can put that into your utility belts so. That's gonna be our agenda today so let's go ahead and let's briefly talk about. What we talked about last time. So this was kind of the agenda from part one of our past management series and we kind of does broke down how passing works in the right way. That we get patching to kind of work and the order in which we need to apply them. We first talked about we need to get. Our agents under contract. And the only way we can do that is getting them in the service plan it's remembered back we talked at. 24 by seven and eight by five service plans for both servers and workstations are the whole week for groups out of the box that literary agents under contract by default. So at the core we need to get our agents into one of those groups are in to a group that have those extra data field selected. So once we have that in mind the order in which we set up patching is pretty simple. So on my location I go to my ignite have the first thing I have to do was I need to enable on boarding so that runs through a series of scripts get our agents a guitar agents up and running. So we give him on border correctly we mark on the agent that on boarding has completed. That's very important because you can't join any of our agents in service claim unless they've been successfully on board. So we need him in our 24 by seven RE by five service points that we have to have on boarding Don first. So we enable on boarding we select the appropriate service plain we have our agents under contract and then we can go over to that patching tab and the ignite. Under our location and we can turn patching on for servers or workstations we select the appropriate day. And that more often running. The agents are placed in the group the group applies the template and there were setting the time that day for patching and reap so we have that. Process cover. Next we talked about the patch approval process. Where we talked about using the windows updates dot approve group were loading the information that we want we filtering all the patches that are not set and warming can decision whether or not we want to ignore or installed them and we did some basic maneuverability of on the patch manager. Lastly we talked about how to disable patching for individual agents on my agents I open them up. I haven't ignite tab. Under there I have patching and I can disable passing for that individual agent which basically means a they're at a location where patching is enabled. And I just don't want one single agent that this location a patch so I can disable it individually for that agent. So there's also different groups I can put demand that denied ID EB IE nine's specific patches and I can also exclude patching a reboots from a current so. That's the agenda there were kind of taking up so. If you haven't seen the webinars should be posted on the lab tech TV to get to to speed for everybody that was last week hey that was a about brief cliff notes version of what we discussed and we're just gonna kinda pick up where we left off. And all were gonna go ahead we're gonna talk a little bit about searches groups and templates and I'll go ahead and demo some of the snow we jump the controls and earn just a minute. But it's important for patch management that we kind of understand how all this ties together. Because that's how were gonna control most of our group structure. So if remember back were aware assigning. The the agents in the lab tech mode which tells the agent that lab techs controlling patching we're setting the patch install window on the rear window at the template. So that's how we're setting up patching to occur and we kind of walk through that together. Wall also in the navigation tree oh we're gonna be working primarily with a few different group structures and some of these we argue look debt. First we have my windows updates which have my approved MI deny rules so we already talked about the approved that's the group that I work from. When I'm setting my ignores in my installs were gonna expand on that talk about art deny any rules. While also we have all of our windows updates patch window control groups and these are the groups were placing our agency in. We we meet those selections we enable patching and we selected date. Will these are all the groups that might agents are going to go in there. And in the navigation tree you can see I have my windows updates and I have Meyer approved in my deny rules we're gonna work with those when we get to our patch approval process and jump into the patch manager. Under system automation I have my windows updates patch window control. And here you can see a breakdown of all my disabled patch windows. If I have an agent that in a disabled patch window group. That's doing exactly that were disabling patching we're putting them in to a group. And we're signing a template telling that agent not a patch so there's a bunch of disabled patch windows that we have. Based on the criteria that we set. If passing as it turned on successfully we're not getting in them in the right groups or we can quickly troubleshoot by looking in my disabled patch windows and I can tell exactly what's going on so it helps me troubleshoot. Underneath those you can see I have my wind servers and then all my win servers in my role based patsy. We kinda talked about that the last webinar I am enabling patches for my servers I can turn on role based patching. And I can assign them to the appropriate groups when I picked the date they're all going into these corresponding groups and they're giving the templates assigned. So win I am selecting all these items in my location on populated in extra data fields. Mixer data fields are what we use the population are searches. So we have all the or searches looking for these X or data fields and we have our list of agents. Those searches are attached to work groups and based on the classifications that we make all O for the place. We're gonna put them in the appropriate group. All those groups that's gonna sign the templates that control the behavior of our Egypt's and it just wanna make sure that everybody. Is cool with how this works because when we kind of jump into this album going to be flying around and just remember at the school work. Of almost all the things we're gonna talk about. It just kind of keep that you know and this view of search group template that's kind of the Matra that I want to keep and recognized search group template. While how to and I get that setting applied while populated surgical means a group and applied the template if I select an extra day to feel if I choose an override at the two level or what does that do. Well that populates a different search it gets it into a different group and applies different template world overriding my existing settings so. Really understanding patching really understanding the LabTech at its core. One of the basic font fundamental things is this searches groups and templates. A process of just wanted to highlight that a little bit of because if you understand this you're not only gonna understand patching at a higher level but you're also gonna understand. LabTech and that's the Altman gold it's kind of not only learning patch management in the series but also getting a better understanding of how LabTech quirks overall. So we left off at the location and the ignite tab window. We kind of went there to the patching tab. And all we enabled patching it well we turned it on and we selected today. Now I'm gonna talk a little bit about and people in daytime patching. And how that works so when we assign today we turn it on in this screenshot I enable patching for workstations and I pick a Monday. While five patching by. AM. Well. If I wanna patch Monday morning at 3 am I have to make sure that my users no to leave their machines on when they leave for work on Friday. So if they don't leave their machines on the machines are powered off guess what they're not going to be power on during. The Monday patch install window and they're gonna miss. They're window. So what we have the ability to do is I can enable daytime patching and set a limit of our right how many times looming and allow the users. To leave their computers powered off. Before I change the template assignment and I X Spain in the install window. And packs during the day and that's what this classification actually does when I enable daytime patching. And I in that drop down I select the date time pats missed a three. What I'm telling the agent or the computer is all right I'll let you missed three windows. And then you know what I'm gonna do I'm an Apache during the day. So I try to be nice and I set to up for Monday patching and it's from three to five and you've missed the last three times last three Mondays. So when that threshold is reached. I'm gonna take you out of that Monday patch group number which you with a different group and its are enabled they time patching group. What that does is it populates a search throws you with a different group and then just applies a different template. So we talked about templates earlier. I put you in the Monday group all right Monday is enable for patching the pats install window is from three to five. Well when I put in the daytime patching group. I'm gonna go ahead throw and assign a template to you and the patch install window I'm just going to increase. From three to five to 21 hours X banding it. Throughout the day so whenever that machine comes back online and updates the configuration that we've just expanded our install window. So when I enable daytime patching I'm really just expanding the time that I can allow patches to install. Now one thing to keep in mind is I'm installing patches during the day and I open up that window but I've also dis able that reboot windows so were gonna set. That template. We're gonna set that reboot window had never so we're gonna XP in the install window but we're gonna disable reviews because we don't wanna reboot your users in the middle of the day. So they miss their patch windows they missed it three times all right fine we're just gonna expand it we're gonna install patches when that machine comes back online. But we're not gonna re group we're just gonna flag it for regroup and but that's what enabled daytime patching really dose is. I kind of safeguard. Hey I'm gonna go ahead I'm gonna set the limit of how many windows you can minutes before I just extend it into a window and I patch when that machine comes back on. The next sex or talk about is all that same tab. In my patching is my custom patching schedules. It you can see. When you open up that ignite tab on your location over on the right I'm gonna have my custom patching schedules and I'm gonna have three to from ones to choose from. So when I enable passing for servers or workstations that I've picked today as there's in the dropdown there's gonna be custom 12 or three. When I select one of those that that's gonna open up the corresponding custom patching schedule 12 and three that you see highlighted now. Now what that gives me the opportunity to do is. Let's say I'm passing my servers and I don't wanna do it every day and I don't wanna do once a week maybe I wanna do it twice a month may be don't wanna do it two times a week three times a week. Once a month whatever I want that's scheduled to be. In order to get a little more flexible I have to use one of my custom patching schedules. And you can see here in my display that I have custom patching schedule one and pat stays the monsoonal Obama pats on the fifteenth in the 28 of every month. So what that means is all days that aren't the fifteenth and 2128. Well I'm gonna go ahead and put a minute do not patch route because that's not my sign patched it. On the fifteenth lab takes gonna run an internal script and say hey two days the fifteenth all right let's take all the agents at this location let's take commands that disabled branch group. Let's go ahead and from in my valid custom one group and assign the appropriate template. And that's how custom patching works is we have custom patch schedule. Calculator that's gonna wrong at 1206 each morning and it's gonna determine what the current date its. We're gonna screw rubbed the database to see if any locations are set to Pat's on this date and then we're gonna take the corresponding agents out of an invalid. Patching group words disabled and we're gonna put him in the ballot custom one to three group. And you can see here here I have the fifteenth and 28 custom scheduled to you know what I'm just gonna pats the last day of the month that calculating script. Is gonna determine which is the last day of the month. And it's gonna pats on that day. I also have the ability. Two pats on a certain week here on the week for Sunday. So each fourth Sunday of the month that's going to be my patch Tuesday so I've three different schedules that I can choose from. And I can kind of heater to those I don't wanna patch every day I don't wanna packed a specific day. You know what I wanna get a little more flexible. I can use my custom schedule to kind of push those settings out. So zen that we have our parents approval process continued. We're we're still gonna talk about the pats manageable we're gonna specifically talk about it nine patches. Everything still going to be the same except I'm gonna use a different group Romulus set up to nine patches so we talked about windows updates not approved. That's where I'm gonna go in and I'm gonna set my installs or ignore works. Remember our windows updates dot approved it's got two subgroups underneath it labeled servers and workstations. And all my servers are going to be my server subgroup and all my workstations going to be in my workstation subgroup. So when I may classifications on that approved group a guess what they automatically get inherited down. Will now organ added kind of go down a different path and instead of the windows updates dot approve group. Were gonna take a look at the windows updates dot deny rules group. Underneath that we're gonna have a whole new set of subgroups where were actually going to you. Pick a rube that I want to deny specific patch and I'm gonna find actually be and I'm getting to deny that patch at that group. Then what I'm gonna do is I'm gonna throw agents into those groups that I don't want that patch install. Its main reason we want to do that is if you remember our hierarchy of not set ignore. Install. And deny will deny is that last one and it trumps all my other settings. So you really don't want to get in the habit of denying patches at that windows updates dot approve group because then I lose all flexibility to install that patch anywhere. Instead what I wanna do is I want to isolate to specific KB I want to deny it on that group that I wanna put my agents in that group. That way any patches that I want to or I have to approve it on any other agent that gives me the flexibility. But there's certain agents that can't have a specific patch well I'm gonna created group deny that patch and I'm gonna get those agents and that. Did night. Group and that's where wanna handle denials. Lastly we're gonna talk a little better about automating of the process. So. We talked about on the computer management screen on her ignite my patching tab I have deny specific roles and overrides. So we have some scripts and that our navigation tree under Scripps. Where I can automate the process right don't have to open up all of mine. Agents and checked that box individually what I can do is I can right click on a client on an agent on a group on a location. And I could run that script it's gonna check that box forming. So we're these live you can kinda see is on the left I have my patching tab on my agent I have but my denies specific roles at my over its. Or if you kinda look. At the navigation tree Scripps maintenance patching this few over here you can see eight disable all patch approval check on the agent. Which is actually. Going to check this box for the corresponding box a check on the agent uncheck on the agent. Disable automated patch install a that's that one I'm gonna check in on the agent on on check it on the agent. Denying specific roles they I have one to check on the age at one on checks that we do have a few. That we can Raun. On a larger set of agents in kind of automate the process. Now we got the question last time where hey I want to exclude patch review window what we don't have that script created for that. But what I'm gonna show you real quick is I'm gonna show yeah how to copy one of these and then all we have to do is point to this different extra data field. So we do have some I want to point those out because this was a really good question our last webinar. So I want to point this out we're these scripts lived while we're together date and then I'll show you how to create another one were gonna copy it we're just gonna pointed to a different extra data field. And that's what we're doing today it's so at this point let's go ahead and jump. Into you. My control Centre and we're just gonna walk through a little bit of what we discussed. So here I am. I'm back of my control sinner. A one to kinda show the hierarchy of our groups. We have our windows updates group which we have our approve group were never deny rules were going to be working with our deny rules a little bit later. Also we have our system automation. We ever windows updates patch window control. Now you can see this is where all of my servers in my workstations. When I select. And enable patching on the location and these are all the groups that my servers and workstations ago on an going to respectively. My windows workstations you can see hey when I selected Monday on my location this is the group that it was gonna go into. And you can see here it's gonna get my Monday template. And there's where it's gonna put me in the LabTech moat and assign a schedule so this is what we discussed last time. But you can also see they have an everyday daytime patch override group and that's what's gonna control my daytime patching. You can also see that I have a custom one custom one invalid custom too custom to invalid. This is what's gonna control my custom patching so I always like to go over the group's first. Because when we select the box they're just gonna populate a search and we're gonna throw them in these groups so always like to point out the group's first. And then when we kind of jump back into it day remember me check this box what this is what actually. Gets flagged by the search and then that search puts him in this group. So all of my different groups my windows servers they're all gonna have. Of the same thing now if you remember I only had daytime patsy and able for workstations we don't allow that for servers so you're only gonna see that every day pats. Date time pad to override apply to workstations. Because we're only gonna do that were only gonna Pat's workstation we're not gonna patch servers during the aren't so we're nuts you don't have to worry about that. But also I have my disabled patch windows. So if I'm troubleshooting my agents and they are in this do not Pat's not under MSP contract remember when I talked about a need to be in a service plan. About 24 by seven rate by five it needs to be under contract while the bits are not I can troubleshoot and say. They're not under MSP contracts and not in a valet service plan or they haven't been on boarded. So I can track why they're not getting my patched aren't template supplied by looking at this disabled patch windows. Do not patch servers based on the agent means I have one of those extra data fields on the actual actual agent saying hey don't patch this agent. Internet patch servers based on location or that just means I haven't checked that box to enable patching for the workstation owner or the server. On that location. So search groups and templates kinda drive all this functionality. I check a box somewhere it's gonna populated search. And I'm gonna get thrown in the corresponding group and I'm and apply a template. All of my disabled patch windows group there are gonna do the same thing they're gonna sign it do not patched template. Which. Just what not gonna get lab tech mode we're gonna do nothing and a reset the patch install window to members who were not going to touch it. So search groups and templates play a key role in all the patsy whether you have it set up or whether you don't. If you don't have it set up well they should be in this group after troubleshooting why you don't have it set up odds are they actually got put in this group. When you're patching and everything is good page there eventually gonna Schulte and one of these groups depending on what you set at the location. And that's kind of power searches groups and template supply. Underneath my searches I go all the way down windows update settings. Here are all the actual search is that population and get attached to those crew so you can kind of take a look at our searches. Go full circle and see how the process works but I just want to point out searches groups templates that's what drives. Patching on all the different levels that we half. Whether you have patsy enabled or not odds are they're gonna get put into one of these corresponding groups. Now when we go back to my location. When we go to ignites. We've RD gone through this let's continue on here and here we are in the patching enabled daytime patching. This is where I'm turning patching on and I'm enabling it for Monday's. And I'm telling this location and all the agency of the workstations here. A right five enabling daytime matching item and assign a value nominee tell you all right how many missed windows of my gonna allow before ipads during the day. So I select three I save additional information. And what's gonna happen is I'm and apply that all these agents here. So how about process works is about open up one of these agents now this is a server sort doesn't apply but the field still going to be there. I go to ignited I go to patching well each time it misses a patch install window. I'm gonna check this value so it misses want to change it to want to miss is to retain two to three. When it hits three from our workstations well there it just hit my threshold. So now I'm gonna patch during the day so all that does is it populates a search. Of the search. Populates a group. And and I get thrown in my everyday daytime patch override and you can see I have a corresponding template. And all that does put Atlantic mode now we just expand the install window. So you remember back RD fault is from three to five while a few enabled daytime patching we're gonna apply this template. We're gonna patch it every day sees that agent comes back online or we're gonna do is we're gonna set the install went to started to 45 AM and run for 21 now works. All that means his leg a UMR window. All right we're gonna turn patching on all we're gonna open up the window and expand a larger portion of the day. And that's what's actually gonna get applied in you can see here my patch you grew window we set it to never were not gonna read charger. Your machines by. Reboots. But that's really all we're doing is were populated in your different search. Getting into a different group and then just applying a different template that expands the install window so that's a naval daytime patsy. So custom patching over here. So you can see all use my role based patching for my servers because there are set up. So here I've turned surpassing on for servers and I'm doing it based on server role. Here I have custom one custom two custom three. Now if you don't remember from role based up passing for servers. I select this and then as he's. Unlock and I have the ability to sign. Everything according everything is gonna work the same a five picked Tuesday for VM host guess what they're just gonna get. Up placed in the VM host. Tuesday patching group and assigning of the Tuesday patching template for servers. Again if I have a VM host that's also a domain controller wall who's ever at the top of this list list is going to trump the other one. So pom VM hosts a number dooming controller arm to get the Tuesday template. If from a domain controller and exchange server will the domain controllers higher on the list woman to get my custom three template site. So when I. If I don't have any custom ones you can see that's great doubt I can't do anything. It's when I. Allow or assign any of these drop downs to custom ones but it's going to unlock so by default you open up your locations patching ten. And all these are gonna be grade out until you actually picked up a custom one from the dropdown. But here we are I'm assigning the fifteenth and 28. To be my patch days. So what we're doing is were assigning to specific days in order to patch. All the other days that aren't the fifteenth in the 28. Well all we're not gonna pass on those days. So that's where we come back to or groups and we're gonna say I have. My custom one patching schedule for the fifteenth and 28. For my VM host servers. So here I have my cost some one invalid in my custom one so far I have any servers. I actually were doing that SPS. So here. If I have any servers what that's gonna do is all days that aren't the fifth 128 that well I'm gonna put them in my invalid custom one group. It's not my days so it's invalid and guess what by custom one invalid bears might do not patched template again. So any other day that's not the fifteen to 28 I'm not patching. So on the fifteenth and 28 we're gonna mark their all the agents to meet that. Where remarked that custom one schedule is active. We're gonna take a matter the about the group and we're gonna put him in the custom one group. And on the fifteenth and 28 the assigned to this group and guess what they get the windows server custom one template and guess what that sets it. LabTech mode. And it sets are passed install window accordingly. All of our ones cost him to. Edit LabTech mode and there you can see it's a deep thought or custom one has been changed the most your default templates they older gonna show that 3 AM to 5 AM. But the same rules are going to apply as I move down here any day that's not my day I'm gonna be disabling patching. When my day occurs AM and taken out of the invalid group number put him in the about a group and I'm going to assign appropriate template. Now. I'd look at that template. And you're gonna notice. That it says every day. While remember back. We're only gonna put him in this group and apply this template on the specified day we have a script it's gonna on and it's gonna say today's your day go ahead and order group and assign your template. So no matter what day that is we're setting the template to every day. So the reverse is gonna happen when that days over. So it's no longer the fifteenth. The clock strikes midnight it's now the sixteenth and everything works in reverse. All right our script runs it says all right you're no longer near patch day let's take you out of accustomed to group. And let's put you back in the custom to invalid group. So when that happens I turn patching off so we have the template set to every day but they're only getting it applied on the specified day. That you have set here. Whether it's a fifteen to 28 whether it's the pats the last day of the month or whether it's the fourth Sunday of the month. So were only going to assign the patching template on the corresponding day all other days we're just gonna disable patching we're gonna put them in that invalid group. And then when their day comes along. By the power of LabTech or we're gonna automate that process take a man about a about a group we're gonna from in the dollar group. Organ assign appropriate template. So everything is automated by what I'm choosing here. Now one thing with this that I wanna point out one I'm using weeks of the month. So first of all file amusing weeks of the month and I'm taking a Sunday. One thing I wanna point out if I do something like this. I'm create eating. And and statement. So what I'm saying here is a five populated all of these is it has to be the fifteenth at the 28. And the forts week of the month. And on a Sunday so I'm getting reasonably specific on what day I want to set up as my costs and three patching skits. So be very careful with that so as I feel in these fields I'm creating an Ian statement. So this sorted this and this and this sort passed B one of these two days on week four and it has to be on Sunday. So I know the fifteenth is never gonna follow week for Omega the 28 but the odds that I'm getting a 28 week for an on a Sunday. I'm really limiting my options and actually successfully patching. So be very careful with that. Also with weak for. We four you're gonna be good I wanna point out week one with few. So the way our custom patching schedule works in our calendar works is we designate. Whatever week that month starts on. As the first week of the month. Now what that means. Is if I set up patching for week one on Sunday I want to know if I'm actually gonna have a valid week. Of that month. So far go to my handy Google calendar and I go to month where you can see February AM good march and good but now let's take a look at April. So far patching week one on Sunday well word designated April 1 starting on a Wednesday so would this is weak one. So you can see week one I don't have a valid weak one for April so I'm not gonna patch. So keep that in mind when your X yours scheduling and a using weeks of the month. This is week one week to week every week for an I have five weeks. Move on to may hey here's weak ones starts on a fried 12345. Guess what I have six weeks in me. That's the sixth week of may and I'm not gonna patch again I'm not gonna have a week one Sunday. So the only. Day that will work fine using weak one is Saturday because I'm always gonna have a week one Saturday that is the only day during week one that's going to be consistent. So what we typically recommend if you're gone had passed by weeks of the month is used to three or four. You're always gonna have weeks to 34. So some weeks may have five you've even see an example or some they have six. What all months you will have to report February being the example starts on Sunday runs for four weeks it's exactly for weeks. So all of your months will have weeks to nutrient for so when you're setting this up and you're telling your partners it's very important that you understand. How the calendar works with custom patching especially when I'm using weeks of the month. So be very careful when and I can't assign multiple weeks if I wanna patch 23 and four. Of the month I can't do that I just. Space it out using commas and I can also. Pats on different days during different weeks. So I can't they on a week for I wanna pat Sunday Tuesdays and Fridays so it does give me a lot more flexibility. And all I need to do is assign it and just know how the process works. And just keep in mind all the days that are like days I'm gonna be in an invalid group. Or write them on my day comes around. In the background lab takes gonna figure out hey this is the specified date let's take you out of that ballot group let's throw you in the valley group. Let's go ahead and applied a template which controls the LabTech mode and in the patch install window so keep that in mind. Now. One thing I want to point out it's very critical for custom patching and I always recommend just believe me on this. Is we have our schedules which control. Different commands when they are scheduled during the day. What I recommend is form my desktop slow lapped us in my server I come in here. My update config command I recommend setting this value to 1 AM and repeating multiple times during the day. For custom patching it's necessary. To have this command automated. When I take it at the about a group and I throw it in the ballot group I need an update config command to actually apply that template change. So out of the box all of our schedules started 9 AM so usually custom patching works but at that date late. So what I recommend for all of your schedules come in here on each one of them set this up geek and big. 2:1 AM and he typically recommend running every four to six hours depending on. What you need to do that command is very brief takes about ten seconds or less to actually execute that command. But highly recommend doing that for all of my inventory schedules coming in optic and fig starting in at 1 AM so we can get those templates. Doc configured and changed especially if you're using custom patching. All right so that's daytime patching that's custom patching sober kind of expanding our configurations. What are we really doing what we're really talking about while talking about popularity of different search getting into a different group and applying it different template. All of patching win I'm controlling the date and time is all gonna be controlled. By these groups. Searches are gonna populate these groups and the templates assign of these groups is gonna control the date and time weather on patch and whether I'm disabling it. So keep that in mind when you're troubleshooting the windows updates pats window control. This is where I'm gonna end up troubleshooting. My agents make maturity in the appropriate group. So now we're born back to the patch manager we're gonna talk a little bit about deny it rules again. Were gonna come here windows updates dot deny rules you can see here. We're building specific groups and word denying patches. Here approved a group or talk about installs and ignores the spirals what we're gonna do is we're gonna find. A specific patch we're gonna deny it and we're gonna create our own group around. Or vice Versa we're gonna create the group we're going that group Morgan denied that patched and then. In there I'm gonna put the agents that can't and that individual patch the reason I do that is if I deny patches at this level. Well that's gonna get filtered out all my servers and workstations. So if I ever have. An instance where you know what I have one client that needs that hatch and I've denied it globally. While I've lost all flexibility because all my servers and workstations have that denied I can't trump a deny deny trumps everything. So we specify. A specific patch we create a group we deny that pats on that group that we put our agents in there. So now I'm in mind patch manager. And I'm picking my specific. Tonight groups. Here and selected died a nine. Let's see what I have denied here I'd vote by display in here you can see here's my KB 982. 861 this is my windows. Internet Explorer nine install and you can see all of these KB's I have denied here. So I fix my group. I come in that group I come in here and I find all versions of deny our I. And then I deny all of them so I find every version that I have out there. And I go ahead night deny it so once I've denied it. Then I'm open. To putting my agency in here and allowing. A good that I group to push out that classification. And it just goes to the agent and denies that hatched. Now you don't have to drag and drop each one of your agents in here you do you have the ability whenever I pick up a deny group I can. Add an entire list of clients. All right I can create searches I can create locations. I can put them all in here and I can drag an entire client here along. But that's how I automate this process. So I wanna keep deny rule separate from mining installs and ignores because they trump everything I don't wanted globally denied because I lose the flexibility to install that anywhere. So that's why best practice we come under our deny rules. I add a new group on that group. I either specifying. KEB number or the actual name of the patch. I see event. And then I can come in here and I'm probably gonna need to reload my Pat's manager. But I come in here and modify and then to. All my patches. I know the KB outlook for the KB number if I know what the name of it is. I can filter through I find the specific dot net. Past that I wanted to nine and then I throw my agents and this corresponding. So we talked about ignores them installs. Last time so now we've expanded that we talked about deny rules so best practice create a group. Deny the specific DB on that group and let's get our agents in there. And deny that patched. Our right our last topic. We're talking about. Our agents talk about automating. These check boxes. So you can see I have some specific denying. Groups are PDFs here when I check this box. That's automatically gonna play some in my denying. Groups we do have some built out of the box you can see dot net for I. I can automate the process that's automatically gonna from a knows deny groups. If you wanna create your own. Extra data feels like denial IE ten tonight and I. Documentation we had KB articles that'll walk you through it so I'm not gonna go through that probably save that I'll actually save that for part 3 am and show you how to build those out. What I'm talking about today is an actual script that I can run the keeps me from having to open up all the d.s agents. So if I don't open. That agent but I want let's say this entire location I want to reduce the bull. Patching. Or for this agent I just want to turn off patching disable automated patch install. So I come to scripts I have maintenance. Patching and and here's all of my scripts disable all patch approval that's what checks that box on the agent and it takes. This agent out of the passing group set on this location. I also have a dot net four. I. Soul for our deny specific roles we have the checks in the on checks. For the disable all patch approval and disable automated patch installed I have checks and on checks. The one we don't have. Have and we were asked this question. Last webinar is there a way that I can exclude patch review window. On a global scale we don't have that script here. But it's theory easy. I go to maintenance I go to patching. It's very easy. To create you can see here. I've already copied this and create a copy of disable all passed approval. So fight open that up it's gonna fail. And let's go ahead and just delete down. Atlas is dew roll over here. So here I come and disable patsy. Approval Obama copied the script phenomena create a copy. In that copy comic come in here and what I I'm gonna do is I'm gonna renaming. Exclude pats review window check on agent. Now prominent change my notes. So I know exactly what this does. Now. For all of my extra data fields where the box is I wanna check that is the checked box and it's an extra data field so you can see here. X a data field disable all patch approval if I open that up. Only thing I need to do on my copy is coming here and I need to find. Might reboot. X or data field. Now it should being. Artists. Exclude patch reboot window. So it's gonna run on the corresponding to purity and it's gonna change about you to want. Which means I'm gonna check that box so box checked equals what the database. So I save that step. And I just easily created a script. That's gonna instead of checking the box for disable automated patch install. Prominent critic copy exclude pantry window check on agent and I'm gonna Simon extra data field how many changes to exclude Patrick window. And then of course. I'm gonna change. My notes. And save the step. So now I just easily. Created a script. That allows me to right click. On any age and any location any client any group and checked that box. So that's just something extra you can add to or you worked programming your scripting skills. Creating a copy those are real easy because there's only two lines. And all I have to do is point to the extra data feel that want to change and save it. And just assign it either 01 if I want to checked or. The unchecked. Is just. The zero. So zero it was unchecked one equals checked. And I can automate that process so one to walk through that again we have that question last week and it is one to show you real quick how to create. Copy one of our scripts and create that functionality. So I know this is a lot of information today. Bought. World stick around if anybody has any questions. We'll stick around see if we can answer so we talked a little bit about what we talked our last webinar walking through the process. Again enable boarding contract enabled service plans. Enabling patching picking a day. That it's a process started so we picked up we talked a little bit about searches groups templates Powell all of our extra data fields tie in a search. Different searches are gonna go to my different groups and that's where I'm gonna control what's going out. Different groups are gonna get the templates assigned whether patching is enabled or patching is disabled are all gonna be tied to searches. So if your member search group template. Really gonna simplify things. So from there we talked about. Enabling daytime patching what it does. At the end of the day that populates a different search gets into a different group and just expands the patch install window to during the day. Custom patching we talked about again I'm gonna assign specific days I want to patch. The automation of LabTech is gonna decide a you pick this day I'm gonna take you out of an invalid group throw you an about a group of mourning you to up and patching. We continued on and talked a little bit about denying patches as opposed to setting them to ignore or install. Windows updates dot approved we're gonna focus on our ignores and installs. For any patches I want to deny Dominic creator group of men deny that specific past and I'm gonna get my agents in there and that's I'm gonna deny patches and leaves of me room to apply. Them elsewhere. Lastly we just talked a little bit about automation so we talked about the scripts that check specs are data fields on the agent. And we talk to real quick and easy way if we don't have one that's checking that box well that's okay we can copy it we can change where it's points. And that's where I leave you today so when a thank you for joining us for patched part two of our pats management series.

  4. Patch Management Webinar Series Part One

    Thu, 5 Feb 2015

    Hello and welcome to today's support webinar. Mining as crisp and economic technical trainer here tech software today is part one of our patch management series. How to set up patching with ignite. Today we're gonna talk about a few things the first thing is the basic enabling of pats management functionality of the group global. Or in other terms. Getting your agents under contract so that is a key part as we only have a few groups that'll now for these contracts to be put in place out of the box it's important you know which one's toes more. Next organist select the appropriate group at the location level and that also includes enabling our importing and picking the right service plants. Then we're gonna move right along to a needling patching for either servers means world workstations. Were also gonna talk about setting the time of days for patching and rebooting and the stickers at the template level a more kind of walk through the relationship vote. What I set. At the location and how that corresponds to how my templates get applied that actually control passing in rebooting. There were gonna briefly talk about the patch approval process. Due to a little more familiar with the patch mean injured and the different classifications of patches that I can use. Lastly talk about how to disable patching for individual agents and this is good for. Enabling patching at an entire location but they're me EB one EG in or couple agents that I just don't want to be a part of this process. You don't need to create a whole new location we do have the ability. It just disable patching for individual agents will walk through that process as well. So that's what today is gonna look like Celeste just go ahead let's jump right into it and talk about. Contract. Level patching. Before we can configure pat settings for a locations we must ensure that the service playing groups were going to use have been enabled for Panchen. A LabTech. Has four work groups where this is Marty turned on and that's located under groups. Service plans and eat there are servers or windows workstations and army needs 24 by seven and 855 plants it's very important that you understand these aren't the only four groups within LabTech that have. Contract enabled by. While we're looking next year on these groups on the info. To check boxes one called MSP contract group the other passing covered under contract and they're gonna look like this. I navigate down to my service plans windows workstations manes 24 by seven it showing on the screen right now. That info default have I have MSP country or group impacting covered under contract I need those boxes checked. To get these agents clear to buy ignite. To enable the patching to Booker so it's very important to know that. Our mean these 24 by seven any by five service plans are the only four groups and that have this enabled by default so one were going through we're setting a pants and we must pick. One of these to you. Warmer selecting our service plans for servers and workstations that'll make more sense as we move through this wanna kind of set the table with that. In order for a location to use ignite patching system oh we need to associate with the appropriate group. And this is all done on my location. I go to that ignite tab and that first section is my services tab and this is where I'm gonna focus on selecting my service planes for servers and workstations. And also worm and enable arm boarding. And that's gonna look like this screen here you can see I'm opening up my mean office location. And navigate to the ignite tab and that first tab services is where I'm gonna set everything in motion. You can see circled in red there I have my server service plane I'm picking 24 by seven my workstation service plain eat by five. And a real important down there don't forget about that and evil on boarding. What enable onboarding does is it sets off a bunch of scripts and that sets up our agents for all of the launch of different thinks. One script with indie here sets up windows updates but one of the most important things there is. It runs an after it completes it marks that agent that onboarding completed successfully in that's what we need. In order to join any of our service planes or we need on boarding to have completed successfully on the regent or it will populated any of those groups. Now a couple different things about laptops and notebooks are covered under workstations at this stage of the configuration. Also you notice over here device is covered by contract. I can tell if the process is working when I have agents. Being total over on this section. So if five have servers and workstation service plans in the process is working correctly eventually I should have numbers populated over here. It will take up to a couple hours for this process to automate. The on boarding script runs at the top of each hour so depending on when you check these boxes how the internal process works it may take a little bit for them are importing. Oh on boarding process to work. And then eventually get into the service plans. We're we can calculate these totals bought the process will work for you in the background while all you have to do was wait. If for any reason these numbers don't start manipulating in a couple hours please open a ticket so we can make sure there's nothing wrong. Internally with the server and everything is functioning accordingly. All right once we've got past that first step that's usually the big hurdle to make sure we know what score one on there. The next is we're just moving right along automatic night tab and word is going over to that branching tat. And here is we are we're gonna actually make the decision. If I'm going to enable patching if I am in my going to enable patching for just workstations workstations and servers. Or am I going to view all so you know enabled. The basic we're gonna focus on the screens you can see we just moved over on the ignite tab at the location from the services in the patching ten. So I have to make it through services before it can even get to the patching tap. And you can see here are highlighted in red that I have that checkbox I'm obviously gonna turn patching on for workstations by checking that box what that's gonna do it's gonna release that drop down and that workstation patch day I'm just gonna select what ever date that I want to patch. So we do you have the ability to kind of distinguish between hey I just want to do workstations or just wanted to servers or wanna do both. So both of them they're gonna have the ability to turn them on and then pick of the deal of the week that I want to hatched. And you can see in that server section based on server role and that's gonna open up my role based patching schedule down below but still the process is going to be the same if I'm doing it based on server role on student's gonna pick the page. That I want a patch so it is really. Just as simple as getting everything ready to go in the services tab enabling onboarding picking the right contract enables service plan. And the coming here turned on and pick today and that's what I kind of wanna focus on. The internal process should take care of the rest so and that's what we're looking at we just have to kind of do everything in this specific quarter. And that's what I wanna focus on today in this part one and say this is how we get everything Raun. Successfully with ignite. The next part is setting the timer Dave for patching and rebooting. Now the previous tab we talked about turning it on and taking it day. By deep fault whatever day you pick is gonna go into the corresponding group and assign a template that's gonna control. How were gonna install patches in the data and how we're gonna handle reboots. These templates are going to be stored the navigation tree under admin and then that's where were all of our templates are going to be. We're focusing on all the ones that say windows updates either servers or workstations and then it's gonna have a specific day of the week so would ever day of the week you select on that patching tab when you enable patching. It's gonna get that specific template. On that template if you open it up were only going to be concerned about two things. All the agent tab is getting into the lab tech mode which tells the agents that LabTech is in control and we're gonna go according to the day and time that we assign. And that's scheduled time is gonna be on that schedules tab so. On this next screen you can see as an example were using the windows updates workstation dash Friday. So that's the name of my template whatever. On this agent settings you can see by. I look at agent settings windows update says LabTech mode it's gonna be enabled will LabTech mode means hate. Wearing control we're not letting windows dictate when. And where I'm going to install patches. Lab tech's going to be controlled we're gonna just registry settings in the back in a Morgan it can take control of the schedules were also gonna disable that notification icon. That pops up and says that you need patches to install organ a kind of turn that off and we're gonna control the date and time. Or the day and time is gonna be specified in that second section over here. When I'm looking at my schedules. You can see I'm assigning a patch install window for Friday or that makes sense because this is my windows updates workstations Friday template so the install windows going to be Friday. By default all of our windows update servers are workstation templates. Always start at 3 am run for two or so between three and five that's gonna be my default install window. You need to adjust that for specific days no problem find the template open up and adjusted. One thing I do wanna talk about real quick is this reboot window by deep fault were gonna set up our agents to patch and reboot it I'll with each other. And these two windows work in conjunction with each other. Which means hey I have this set for Friday but I'm only gonna issue the reboot command during this process. So even though the patch re blue window says every day I'm only gonna get that command. When I'm in my install window so only gonna get that on Friday so that that is does cause some confusion it's but I want to assure you I'm only gonna get that reboot coming in. During the install process. It's only doing and so process on Friday according to this template so I'm only an issue a reboot on Friday so don't get confused by that every day. Classification all of our templates to say that. You'll also notice what I do here he is I offset the reboot window by an hour at the end. So my you install window is from three to five so let's say I'm installing and I have everything ready to go but I'm not finished. At 5 o'clock it kind of goes over a little bit what we offset that by an hour just to say hey that's cool on or offset that by an hour to catch any of those I delete patch installs and we can still reboot them were gonna give them an extra hour to finish. And then offered that reboot on at the and now also important is we kind of get the the ability. To limit the window that I can reboot because you can see we're starting at three we have the reboot for three hours so we're going till sixth so. If it doesn't finish with sent within that window I've done that six so I'm not gonna interfere with any my users is that comment. So we kind of limit that window if it takes longer and were ready to reboot reboot after six. That's fine that's the only window life science we're just gonna flag that after reboot pending and we're just not gonna in erupted user because we don't want to a kind of open that window and have that stretch into the early part of the morning where we may have some users coming in in getting re booted as soon as they get there. I get to their station but that's important. That is though the process. For just turning everything on he is we need to get. Our agents into a contract enabled service points are right that's step one. We talked about the service plans that we have 24 by 78 by five for our servers and workstations again we only have four out of the box. So go to ignite I enable on boarding I select one of those service plans I get Smart patching tab and then it is just as easy as turning it on and taking it day. Though automated process will take it from there will put it in a group this can apply the appropriate windows update servers or workstations template. And we're gonna sign. The windows update a mode to lab tech mode and we're gonna get the patch install window signs of that is the actual set up process. On for a giving mine system configured for passing with ignite. So we have that set up so we have our agents in the appropriate group with you quote appropriate templates assigned. So now that they're in their service plans in there are getting their template assigned were gonna briefly talk about the patch approval process. This is all gonna be handled by a plug in you can find the plug and in the control center it's gonna be up at the top and it's going to be a patch mean injure. From there I have the ability to filter through. Different groups that I want to up proved patches ignore patches denied patches. Of those are gonna be the classifications that I have to walk through kind of how to filter out and kind of get to the ones that I want to focus on. Patch manager is gonna look like this it's you can see I get to the past Manger at the top of the control sinner and I want a focus on that last part that's in read over there. What do I want to do that says hey I need to pick other pats group approvals that I wanna set my approvals on. All right cool what grouped by want to choose and you can kinda see in the year that I want to use my windows updates dot approve group that is our recommended group. For a signing patches. Why do we assign that will buy. So if I use this group. Then it's automatically going to inherit. Are pushed down this inheritance down to its subgroups. Where it's automatically and applied all my servers and workstations so a key and use this one group to kind of control all my patches. And then from that point I came limited vice specific OS's. I can go by categories whether I want to focus on critical updates security updates or anything in between. And then I load my display and that's gonna give me just a list of all of the the requirement some kind of looking at will jump into the controls and are just a minute and kind of go through the navigation. All of this system but that's what I wanna do you. I want to get everything set up with ignite get him in the right group get the right template applied then the next step to say I'm actually gonna choose what patches I want to install. Are right and that sets everything in motion. So the last thing that we're gonna talk about is what would apply have. A couple agents at this location maybe it's a server maybe it's the CEOs computer that you know what I need to handle that manually so I'd. Don't want to create my own location. For this I just want the ability to remove one or two regions from this entire process. While we can also do that at the agent level. If we open up to our computer management screen and again we're gonna go to that ignite tab and then we have a patching tab under there. I have the ability to look in the override section. Where I have a checkbox for disable automated patch install what that's gonna do is it's not gonna allow this agent to get into that patching groupware and it signs that template. So instead all we are gonna check this box and we're gonna read it internally. Via searching group assignment today. We've disabled passing on this agent level. So we don't want to throw them in a group that gets that windows update server workstation template. So we're gonna remove it from that group and instead of gonna put in the differ group or actually disabling patching so just checking this box. I can leave the location as it is an all my other agents gonna play nice and they're gonna do exactly what I want them to do but for this agent you know what I just don't want to patch this agent I don't wanna part of that process. And that gives me the ability kinda throw out the just a couple agents without having to build an entire. New location. In order to kind of facilitate. That need it and that's. Basically setting up. Patching which is ninety and so now want to do you what I wanna do is the jump into the control sinner and kind of just walk you through this process. And then we'll answer questions at the and soma to bring up. My control sinner and you can see here's my client and as a demo I created this new location and this is gonna. You know kind of signified he edges created this location. And I need to set it up and I need to know the right process to go through. So fight open up mind to new location I travel to the ignite have you concede nothing's going to be set up. Out of the box I'm not gonna have any services elected I'm not gonna have patching configured obviously we're not going to automatically start patching your regents. You're gonna have to tell us what you want to do you. So in this process we need to know a couple of things. First thing. I need to know that I need to have my agents completely. On boarded in order for me to get assigned to a service plants so the first thing I wanna do is I want to enable on boarding. And that's the first step in this process. Next we talked about 24 by seven and eight I five service plans are the only two groups. For servers and workstations is that put my agents under contract. So if I'm going to actively pants my servers and workstations at this location I need to pick one of those service planes and what that actually does. Is my managed but 24 by seven I'm mean you see by five if I were to go to my service plans. You go to windows servers 24 by seven and go to my info tab. You can see here's my MSP Contra group passing covered under contract this is telling ignite the yes I'm actively wanting. To put these agents under contract which means I'm in control I want to go ahead and I want to enable them for patching. So again these are the only for service plans. That have those boxes checked by default so I must use those. You can also see currently I don't have any servers under contractor workstations under contract because I just opened up the screen I just built this location so it's gonna take a little time for all of these values to populate. But once they do everything will show up all have machines under contract then I key and come over here. And just as simply as deciding yes I want to enable work stay since checked that box. Good day I want to patch want to patch servers yes. I checked that box ticked the day I wanna patch. And the automated process will take it from there. Now also when working with ignite noticed that my save button down here is greed out a need to come up to receive additional information. And then. The internal processes and strips and come means in the background it will get everything ready to go. If I open up my mean. Location here you can see I've enabled that I'm not patching workstations are putting them in a service plan I'm only work him with Maine is 24 by seven. And you can see my process I know a completed successfully because I have servers under contract. From here you can see I've turned it on. And I've selected the appropriate patch dates were not gonna get too far into cost some patching at this level were gonna talk about. That role based patching and parked too. But I just wanna make sure you know the process to get everything up and running that's who were talking about at this level. No advance. We and I select the appropriate day here on Monday when I enable patching workstations. I'm gonna get thrown into a group. And if I go to admin templates are automatically gonna get one of these templates assigned for would ever date I've picked at that location. So here I'm enabling patching for workstations. On Monday. Windows update workstations we have each one for each state of the week I am not automatically get this work station Monday assigned. And you can see here is where I'm automatically gonna have windows update set to LabTech mode which means we you're in control. And I'm gonna have the schedule set for my install window where it's gonna be Monday each day of the week is gonna correspond with the install window. But every brew windows says every day but again I'm only gonna get that command during the install process so I'm only getting get that on Monday. Default settings for all the templates are going to be from three to five. For my install window I'm from three to six form I reboot window. That's gonna be status school for all of our templates whatever day you picked the that are gonna get deck corresponding template assigned if you need to adjust the time. Do it here I need to expand that window for whatever to facilitate my Monday patching I can do that if I want to change the day. We're gonna do that at the location so I'm setting for Monday oh nope I don't want to do that hour and a slight Wednesday. The system will reset itself taken out of the Monday group put him in a Wednesday group. And assign the Wednesday template so that's the automated power of ignite. So I'd got my agents. Under contract I get him in the right group I have the template assigned. Oh let's talk a little bit about the patch manager it's and how I go about approving patches. Open up the Pat's manager pats group approval which group go I want to select. By default we recommend the windows updates approve group but because you can see I have the servers and workstations automatically. Under needs. And it's a little easier to see if I go here you can see my windows updates dot approve group. I have my servers and workstations under there salt I use this group. These two were going to inherit whatever I set here so it does to me that ability to use one group so we don't have to balance all over the place to see what's going on FI focus on just that group. As then it keeps it a little easier to maintain. And here I can select all of the different OS is if I want to limited by the different categories that I can kind of filter through and then. I wanna take a look at all my patches that I happen my system and then whenever I want to view I just load the display. And it's gonna give me the total number of patches up in the top right that I happen my system. So if I'm going through an approving patches you know what I don't care about all the patches. I just want the patches that are currently not set or I haven't meted decision on. I go and I load that display and then I dropped from about 6000 to 2500. And you can CD's are the ones that are currently not set so I need to make a decision on what I want to do with cease. Now at this level we recommend to either approve it or ignore it at this level. So they have a determination what we want to do. So if I want to kinda go in order. Oh let's take a look at security updates let me start there so now I'm down to 356. So far want to further filtered down and look for a group of patches that I want to focus on. I can go to you. Of the severity level go too important and one thing I want to point out here is. There's four different severity levels which is critical important moderate and low. You can see I don't have the option of critical here because I don't have any critical patches here that are currently not set soul we approve are critical soy don't have. That filter option because we don't have any critical Wii party taking care of so my next. My next level is important and I can search and now I've loaded. All my windows updates approved all the patches that are not set. They're security updates with an important severity one you can see I'm down to 248. From here I can set. Install patched all patches means I'm gonna load and applied this on whatever Ive currently got in my display. And I click apply and then I can process a big group of patches. But that's. Basic functionality. With in my patch manager begin our documentation walks you through. This on but I want to kind of go through the entire process to get you a little more familiar with how to set ago. Then I need to approve patches aren't that's awesome our right. I'm ready to rock and roll by need anymore information I can look at documentation I can read up on it to give me a little more familiar with navigating around here. So the last part but I kinda wanna talk about while were together here. It is. All right I have a location I've set up patching I've approved patches and I come back and I'm like you know like at this location. I have a couple machines that I just don't want part of this process. I don't want to create entire new location and set everything up for one or two regions I just want to disable patching on one Egypt. While that's easy to do you as you can see in my main location I have that set up. I can come in here. Open my computer management screen. I'm looking in my ignite tab and I'm going to patching and here under my overrides I have a couple different options you can see I've excluded the patch review window. But up here. I have disable automated patch install. What that's gonna do it's gonna flagged this machine it's gonna take it out of that windows updates group that's applying that template and slate eight and what that template assigned to this agent. This gives me ability disable patching. Just at the agent level all the other agents at the location are gonna operate fine I just wanna take this agent Adam that groups is in the ability to mean it's some and a green you'll leery of removing agents without having to creed in new location or it just it that way. Also here right here. Enabling this check box while I mentioned how all my servers and workstations give it. Added automatically to those windows updates dot approved dot servers or workstations. While I can remove those from the approval groups by selecting this box here. And if I have daytime patching turned on I can exclude this specific. Agent from passing during the day and then when we came in here you saw this box was checked to exclude the patch review window. Now by default I said when we get him into windows updates group we apply the template and we have that install window and reap a window working in conjunction with each other. And that's going to be the or maybe I want patching to worker well blood I don't want this to reboot for whatever reason I want to. Habit flag for review pending phenomena handled that individually this is a server maybe I just don't want it to reboot. So I have the ability to check that box and it's just going to disable the reboot I'm still gonna patch according to the time and day that I set in the location. I'm just gonna disable recruits from occurring I don't want that part of the automated process you know what let's go ahead and exclude the reboot window let's turn that portion off and then on the name of the reboots individual. And d.s are mine over its. And so you can see. This is theory basic and that's where we kinda wanna start here with this part one. Were gonna have a couple different parts and organ it continued to expand on what we've learned here. But one to start with the general topics of what we need to get our agents up and running while we need to get them under contract so it's important for everyone out there to know. Guess what we only have four groups that which agents under contract by. Serve server service plans a workstation service plans 24 by seven and by fives of those that the only four. Once I have them under contract I have enabled on boarding I got the service planes assigned the and it is going to that patching tab in the ignite window. And just turning it on picking a day by the power of automation and automatically gets thrown into a group. Applies the appropriate template once I have the template assigned a we just need approved patches. If I need to remove an individual agent from that process I can open up that agent. Go to the ignite tab and select the override that I want to apply and the fact is howl. We set out passing with ignite. For part two of our past manages series but I hope you enjoyed this.

  5. How to Prospect Clients with LabTech Support Webinar

    Fri, 23 Jan 2015

    Hello and welcome to our prospective clients webinar my name is Maurice Perkins and I'll be a technical trainer. Before we get started let's make sure everyone is comfortable with the virtual environment. In the navigation window of your webinar meeting you have the ability to ask questions. We will be silencing all communications during this webinar and using the chat window for primary interaction from the audience. We will be reviewing a few of the questions directly related to this topic at the conclusion of the webinar. Thank you for joining the look at start with the women are. Again today we'll be talking about prospective clients. I'll be explaining to you how you can show a prospective client some of the services you can provide to them and what you're in this peak and offer to a prospective client. What are we prospect a client. We do this to show prospective client some of the services we can provide to them. This is before an agreement has been signed but the client is look for someone to take over their IT needs. Prospect in the client will enable you to gather information about the client environment. Data is gathered and stored in the database so that you can run reports to tell your client about specific machines. Maybe you wanna take over the packaging. However you need to show the client they either patching is not being handled or even though patching is being handled you can automate the process. You can give them an overview of their Pat's health utilizing one of our out of the box reports to give to the client. Software. May be the client has potentially bad software installed on their machines however the client has no easy way to track this. You can show them on the computer management screen or in the software list report they list the potential that software that the call harm in their environment. Additionally. You can also provide in a virus services to the client by showing them machines to have a V missing. These are just some of the ways you can utilize LabTech to prospect the client if potentially win a contract agreement. First you would need to create it location for your prospective client. From the night that you would need a mix make sure that your service plans are set to none. This will give you a prospective client an audit plan. There are three to select from however all three groups are identical. This is just in case Europe respecting more than one client at a time. Second. You'll need to install the agent on a few machines at the client. This will allow you to gather the data to present to you prospective client once you've installed the agent allow 2.4 48 hours for data to be gathered. Once data has been gathered you're ready to present information to your client. Once you gather information for your client you and now ready to make it cased you prospective client as to what services you can provide to them. Also keep in mind we have gathered minimal data. Do not forget to inform your client of different services you can provide such as monitoring network devices printers or the ability to run backups. Maybe you wanna run a script to show the client how you can run a disk clean up or defrag at this. Again these are just a few of of the examples how you can prospect the client. As you can see we have gone into the control center. I've set up my prospective client location. And I filled out as much information about the client's possible. Also put in any notes for your technicians that will be useful for them. Especially to know and understand that this is a prospective client and that they should not be doing any kind of auto remediation. Also. Your deployment and the faults that this is where you're gonna sit at your client specific. Installer. You have your specific group that it's gonna go into you also have your credentials that'll allow you the ability to download and install the agent. You also have your template for your prospective client. This is where you'll want to add your branding. So that the client knows that the program running in tree in the tray icon. This is your program this is LabTech. If you do not have. Our log in credentials here. What you need to make sure is that on your passwords had you have added a user that does have the ability and the permissions to install. You'll or LabTech Egypt. Also under the ignite tab the most important thing that you wanna know here. Is that you must have your server service plan in workstation service plan set to non. This way machines do not accidentally get put into the incorrect group. An auto remediation start happening more scripts to start running in monitors are naval what you want to do is just set these to none. And then set your audit client. Either to 12 with three depending on how many clients you are auditing at a time. Once you have the agent installed on machine. You'll start to see data populated. Such as you're welcome tab. You'll see basic information about this computer such as network information. And also your anti virus information. You can go to your drives tab and you can explain to your client you have drives that are fragment it. We can auto defrag Mitt these drives we can also come in here we can right click and we can just defrag a drive. Just another example of a service that you can provide to them. Also you have your software tab this is where you can see it list of potential bad software. And you can also show the client how you can right click and uninstall software. That should not be are installed on a machine. You also have your services tan. Here you can sort your services and show critical services that should be running but maybe they are stopped. Now let's say for example at your client location you did not set the audit group. On your deployment package to automatically add these machines to the audit playing group. We have an out of the box audit plan search that will actually add the machines to the prospective clients client audit groups. What you need a notice is that the search. Checks to see is there an audit plan. Yes okay the machine can't be under MSP contract because you weren't allowed to actually. Add a service plan to these machines if you did you wouldn't be able to put them into an audit plants so the machine is not under industry contract and also. On the agent's you do not have the exclude in this. Once these parameters are met these machines it and put into the client audit group. As you can see are all modes or inserts shows that the service audit plan audit client one search has been added. And then the limit to search because you only want machines that work. Under this audit plan to be added to this and you do not want any of the machines added to this audit plan. Also you can see the prospective clients template and that is a priority a five again there will not be any other templates added to this. Except for the default template if there in the all agents group. However I recommend creating your packets it automatically going into this group into your prospective clients group. That weight they only get this one template apply. As you can see as we go through here there are no scripts that are being scheduled. All of your internal monitors are disabled. And you can actually enable any of these as needed if they want to know. Up for example a machine that has fragmentation. You can go ahead you can enable these monitors one by one. Add an auto fix action to show your client or maybe you just wanna raise an alert and have the have an email sent to your prospective client. It's really up to you how you want to present this information to your perspective client. Also there are no remote monitors that are going to be applied on it and run against these machines. Take a look at a few reports. Here you can see we have the Pat's health report and as you can see on our test server are health is that 40%. Now this is where you have run the daily health check script. And you let it run. For two or three days on maybe you scheduled that's script maybe you winning each day for the past three days and you ran this manually to show this to your client. So your pet's health report we'll show you patches that are installed in patches that need to be installed on it'll show you. How what percentage of the patches you have installed this is this is very important as you can present this to your client to say hey you're patching is not done. You need to get patching installed weakened automatically do this for you we can set up maintenance window so that you're not being alerted and that this can be done. In off hours. You also have your software list. Your software lists is gonna show you potentially bad software for example I like to pick on Apple because when I was working at another organization. They didn't allow iTunes to be insults so. You can actually run this report. And if iTunes installed a machine you can see their art I need to start monitoring for. I teams to see if it's install and if it gets installed you can auto mediate that with a script or monitor. Here you can see the anti virus health report this is very important you need to have in a virus or your machines. This is something you could present to your client to say hey these machines don't have anti virus. We need anti virus on there are so that you don't. Have vulnerabilities. In your environment. So let's go over what we talked about today. Today we went over how to set up your location and add machines to a prospective client audit group. We talked about how to create a location specific installer and how to add machines directly to the audit plain group. We talked about the information that would be populated on the machine that will be valuable to present to a client. We talked about the welcome tab. We talked about how that information is populated we talked about how it yourself software tan on and how your services tab will be populated. We also talked about what is actually in the audit playing groups and how there aren't any monitors or scripts that will be auto apply. However you can schedule scripts. And enable monitors to have alert emailed to you or your prospective clients to shield them the values that you can offer. We also talked about asserts that looks for machines that have an audit plan selected. This is in case you created your location specific installer to add the missed seems to all your agents. Bob by the fall instead of the audit plan so typically when you install the agent you should have deployment packages that are set. To send all your agents to the all agent group. However when you have a prospective client you want to create a specific installer to only add them to the audit playing groups. The reason why is because again you are just prospecting this clients you don't want any kind of auto remediation. To automatically happen. So in our audit playing groups we do not pass the wooded I have script scheduled we do not have any monitors enabled. This is so that you can go through in naval monitors are schedule scripts to have this stuff run against these machines. On an as needed basis for that client. That way you can show them reports are anything else that you can do that autumn re media. Close that agreement. Lastly we talked about a few reports that will be helpful armed to show your prospective clients some of the services you can provide to them. We talked about the packs health report and how you know if you have low health low Pat's health. Maybe they are doing their own patching. Maybe they're doing them where they're just staying Italy and manually installing patches. You can show them how. This pet's health report we'll show. Critical patches or any other patches that need to be installed but haven't been installed and how you could do this automatically. We also talked about the software list report that you can sent to them to say hey your users are installing iTunes. We do not allow iTunes to be installed. Therefore we need to set up and monitor or script and go ahead and have iTunes removed from these machines set them to own a blacklist so that. ITunes does not installed again and if it does it can be alt over mediated in removed immediately. I hope this is bit of former informative for you and I would like to thank you for joining us today again I am Maurice Perkins have a great day.

  6. Best Practices for Templates and Groups Support Webinar

    Tue, 13 Jan 2015

    Welcome this week's webinar and my name is in times in teaching will be your trainer today. For the best practice. On templates in groups. So we're gonna first start talking about Roberts. Let's look at it over. Groups are the vehicle that deliver your services. They manage and maintain a while flat text features inherited by it's automatically doing group members. A purpose. Considering groups or the back. Of your configuration. Improper management of those groups can lead to an efficient. Confusing web containers. However by managing groups and organize and scalable way you reduce complexity. And provide other indirect benefits such as reduce review time and reduced new employee training time. So we talk about groups groups are an easy way to organizing maintained in need to your clients. This is also. A good part or we can stop impulse. When we go to a client. And we gain that clients' confidence and business and we tell them yes we can deliver this SLA agreements adds we said we can't. We are deliberately lean on these groups. And LabTech to produce that. Services is that it says. This is the vehicle to deliver the services to decline so it's important that we understand how groups work. They can. Basically have a whole bunch of things configurations. Manage services monitors. All delivered through groups scheduled scripts. There's no sense and manually having a technician over and over because these are these machines are at a particular group to assign this piece of software. They don't need to manually do that we can go to the group schedule. The scheduled to have. Dough and select script it's automatic and hopefully the software to that group and we know it's gonna be consistent and predictable. Patches can also be viewed at group level. Any customization we may want to make. Now it does belong to multiple groups players. No way that you can avoid this and don't let this computer get you confused. If you take it out and out there what is the one group that all leave it's a part of regardless whether we place on there not. That would be the all agents group. So if I go into LabTech. And I go under groups. We have an all Egypt's group. All the computers that belongs here LabTech system. Apart it is group. That's just the default way we we yeah we set it up through lab tech. So be aware that if there something I wanna deliver to all my agents and LabTech a certain software. I can come up to schedule scripts. I can find that software. Under my script drop down. Fine whatever script the leaders that software. And I can apply here. So one that I want to keep mine is make use of these built in groups. A lot of times when we do love in house training and I see people come to the door in the AD due a lot of behind the scenes that tree to room groups that sometimes even pre two room service plans. And many do a lot of work that has already been done for them in the product they wouldn't know the flow of the product. To just keep in mind goes through here what is already made out forming. It. So say and it has belong in the war of one group you can also see on the computer management screen. The effect the policy tab will show you what groups. This machine is a member up. And you can look at that way. Howell does it know. How does the group know what machines to be part actor well this is all comes together with all searches. So as you can see here. We have the older doing search computer types all computers to see just like are all agents group that's what it is so it means any machine. I don't care if your laptop desktop server whatever you are you're getting industry. Why do we use all are doing searches. Because we don't want to try to drag and drop hundreds of computers are actually thousands of computers that successful. We have to have an automatic way and a method to produce. This consists. So we use and for predictable results. Consistent policy. Remember that groups of rebuild every thirty minutes so this all or join search. On every group will look at this and say okay what do you ask me to put in here and that will rebuild every thirty minutes any machines that have. Not already been pulled in the district fit this criteria. Will be part of his career. You can also right click on the computer from the navigation tree and select edit groups when you do that you're gonna see a list of groups. That this machine as part. And a machete that live in the product. So I just go to any computer. File machine. Right click edit group and now I can see all the groups that this machine is part. Now I could select one. And say add to this group but and a half an hour. What is this all order joined for this particular group does not fit. This computers cracked year that I am selecting. And a half an arched an injected anyway. So keep that in mind if you were to use this. Now a group itself let's go into a group take a look somewhat open up. My test group which article Tampa. We're gonna just take a second and go through group. Obviously we Neiman intuitive so this must does group pertains to any geographical area such as can't. The ought to join search here says computer types and we're only allowing laptop computers to join this. Now we come over here to this massacre check box. This is basically legacy. Before we had priority is associated with templates we are using the master group box to allow one group to override it not. I don't wanna confuse anybody out there and a what I want you to pay attention to every time you create a group. It should always look like this. We call this the blue blocker at the pre how massacre. And that just means keep this group static. There's three different spots. There's clear which is dormant. Which if another group had this checkbox. In the met the same always searched it would remove. The clear one it would take the computers out of the clear one and put it into the check box. But since we follow the best practices that. Earning here today and we leave home. This way grade out. Then you're not gonna have any issues with these boxes stealing computers. Out of groups. So the reason why bring this up and I do and all my classes. So that you understand troubleshooting steps here if I created a new group. And unfortunately and you right clicking create a new group it does not automatically greatest pops up so the first thing you wanna do when you created new groups his name and intuitively. And check this box or degrade out. And that's all you need to know. With the master group talks. We have our templates and template priorities. We're gonna review templates by itself in just a moment. I just keep in mind the priority. In this situation to lower priority number trumps the higher prior. So meaning if I had a one here. One has more presidents. In this number eighty. One tea tree 4567. All of that has more. Authority than what I have it set at. Use the Black Friday analogy here us in the states and crazy about shopping thing. So if there's Black Friday and you spent the night on the curve on Thursday morning and you're the first wanted to lower your number one in line. Your gonna get the big screen TV for each person that walks in that. They may RD Beagle. So keep that helps me remember the priority level account works. Can. And then we have linking. On we're not gonna be using linking very often because you can't link it group to a particular client. Gets what. We have the all clients are. So when I select this you can see that these groups which represented my clients. Are deliberately. Look like clients they have the scene. Com. Basic little tool is if I come on their clients. Okay so I come back here and I click on one. That brings me directly to the client screen. That'll help me when I'm trying to do something with the group pertaining to neckline so there's two ways to get to the group you can hold down the shift key and double click. Now you're at the group for acne. Or you can simply right click and select edit group. And that beauty to the scene format so you can make any edits to groups that you need to. So keep this in mind any time you wanna apply a certain piece of software. Only to this specific client you do it raid here under the all Klein's group. You don't have to create a new group and pop that link that client. You just use what's already in the system forward. Okay moving on. Its merits. Little refresher out there what do you mean it's there's do towards. They allow us to suppress alerts. And were scripts what I mean by that is that say this Tampa group. I got a call from the physical site and they said look my whole. My whole clients Helen now T ones are going to be. A shuttle for a period time and I just on the makes you aware well if this group obviously is part of that client and I could do this on the client to. I could come down here and set I mean it's. Let's just say it's gonna be on Friday so I'll select Friday which is already built force. And then they know what it's actually Dylan I can click edit. Okay. So from 8 AM for sixty minutes. It's gonna suppress everything Booth alerts and scripts. Rate now I want you to be careful some people will on the highlight this and highly boot scripts and alerts like this and say save. This will cancel out the maintenance. That's why we have the everything. Okay so you cannot highlight both of these in expect this to work you can alt you can select alerts. You can select script individually or if you want on both to be suppressed everything that's what it's therefore it's C. It. The other parts permissions. Permissions for each group. Only live within that. So if I come here to Tampa and I select the LT ad men and I say you can do all this stuff. If I open up another group any other group and I select LT admin and I checked other boxes. And I hit save. That's only gonna apply that change to that specific group. Think about it wouldn't be scalable product would be scalable we could put different permissions at each different group if need be. Saying you have to do that I'm just saying you can't so this is another way we deliver our services to our client I can come in here and say that it can't the group. I made it very clear to this individual. That I will never let anyone. Let's see. And Al registry editor. I will never allow registry editors and but it makes any changes to the registry so make sure all his machines are put into this group with ought to join. And then I'm going to make sure the LT at humans do not. Have the privilege to edit the registry and I it's. Now Malcolm Mac in and open that up. A logo back here and you can see how it see this setting if I were to try to open up the registry on machines. That a part of this can't the group it would say sorry you you cannot do that the group permissions on the house I'll. Okay. So the other thing we want to talk about is the only joint searches these things are very powerful. We're gonna concentrate just on groups today the let me give you a scenario if I wanted to fines. Any machines that had a bios version version six point whenever. Across the fouls and agents. Act created custom search. Which I would do under searches here. Once I created and saved it that search would be available on their searches. And then what I can do it second opened up a group create a new group whatever works for me. I could find the search it I just create it. Select it and hit run now. Way to half an hour dizzy refresh. And then it's gonna look for any machines. That have that biased version. It's gonna be thrown into a group. I can go over to the schedule scripts that I can find the script that's a flash that buyouts for me and upgrade it. Whatever that would be I hit save and look at that. Just showing you how powerful the older doing searches can be. I can literally find fifty machines within 2000 they have a certain Botsford. And assigned software to flash upgraded. I can do that wants a comfortable on their thirty minutes flat. Now here. I wanna try to explain something the limit to search first of all anything that has this checkbox you're gonna be able to tell. Despite eyeballing groups here because when you look at your group's. You can see how he all ages doesn't have one. Any other one has this little by knocking their icons. Mean that when when you open it up it's using them to search. Because he always entered is not filtered the only just you're says hey all computer types any computers can come in here. But my tip the group says specifically. Laptop computers. So now let me explain how you can use this for your benefit. Let's say. That I have this set first. To all computers. So it's there with mean computer types. I'm an it do all computers. Now I have all computers checked the limit to is really not gonna matter at this point because it's gonna take all the machines regardless so the reason attack. So I don't have a check I hit run now what's gonna happen. Look out all my machines LabTech so you guys all it is cry tears and dolphin in the Tampa Tuesday it would the only difference. Now I'm gonna explain how limits you. Could work if I go and I select like I had before it this check box. Before I do that I just come down here in new computer types laptop computers and check. It Ron now all right we have now. What is it gonna do it's go to Peru and every machine out of that group that does not fit. Laptop. Some areas. So it's gonna say desktops servers you're out here I'm only looking for laptops. It can be very beneficial and lot of people notices in the product so what I mean by that is. If I go in and I had it backed all computer types. Some amiga back here. I region we had all computers. And it. Like come in so it pooled in all the computers. Into this. And then you know what there's an animal figures by using assessment theaters and I had all the machines in here. But going forward a legal and forward. Ly one. Laptop computers to join it's just for whatever. So I did have desktops servers laptops all of them in here. But from today going forward I only want new laptops two desktops so if I come in here and I do this. Is negated before. Oh only computers that are mapped out and I do not check this box. And a half an hour what do you think's gonna it's not gonna reject. Anything that was and it prior. Because I don't have the limits you to it's gonna keep all the old desktop sensors. In any laptops and prior and now it ski and only looking for new that talks to join. This can be beneficial in situations where. You have a again you have a group it has a bunch of machines. And you want to make sure because the old or older machines need this third party product that your delivery. Charts. At some third party software. And then going forward you're saying you know what I only wanna delivered as software it to laptop machines not gonna go forward with a desktop answers at this like this. And at that so there there's a good way for me to explain. How that work. Okay so then it's huge is basically says you're gonna only poet exactly what's here. And then if I uncheck the limit to it's only good of all where and when it sees here but if there's anything else that's already in this group. It's gonna allow the stack. So you use that it's a bit of a shortcut for a lot of people that are looking to gain that leverage. Schedule scripts just like we talked about. Is where I schedule scripts so here I have set his master. I'm gonna say. Any machines I put in this camp or group I wanna set as a master computer. What does that mean. Reviewed again that means as opposed to checking in every five minutes you're gonna check in every thirty sects. Ike internal my internal monitors here. Absolutely we are return on our internal monitors and set dealer templates I can look at any remote monitors that are being applied. Esther. I can also view my patches. Now we always. Install it's set ignore and so on our patches to patch manager but we can always come down here to the group level C its its place. Under info would be in the Yorkshire data fields and are status gauges. As cubism visual about what's going on within this group. I missing patches failed patches and so. Now let's turn our attention to templates. That's a templates apply agent configuration settings including those for windows updates. Agent brandy remote access policies. Eighty policies just to name a few things that templates can view it. They are assigned to agents doing agent deployment. Or by LabTech update configuration can keep in mind priorities applied on the group determined resolving configurations. That's the priority number that we just explain. So LabTech and does allow you to stander lies that heater a group of agents based on criteria that five. So temperature used to apply rules and behaviors agent's been longing to the group adds a very clear. And created definition of what templates do. They can set inventory schedules. Branding. Cashing. Patch install on reboot when there's. We talked about the priorities are used to set the order of how groups are applied to agents. A list lives so one will take presidents before night. Make sure you understand that gonna go back and take a look at rate now. So if I go into a group any group. And the way LA to explain means is by using only transcript because if I said to you guys out there. You want to make sure. That all the machines and join your LabTech environment always have the standard Brandi the always check in that this certain server they always do this that you know. So if that's true. You want to apply the consistent changes across the board. All legions group because remember I said doesn't matter like they're not on your computer and deletes. And you wanna go in and selected default template that would applies to the allegiance group like he fall out of the box. And look at the priority of ten. So you just said. Which is told me Anton that you know. Ten is not an area for you said one would take precedence and that's correct. Because what we do is we fit everything into this that we want to be consistent across the board. And that way if I choose on the tee up a group. Attic different template. To make a modification. Today machines that belong to that group and I put an. Each supersedes and that means if you're and his group you're gonna pay attention when I set the template but if you're not and is grouped. You're probably gonna go ahead and just get what's delivered but at the fall template which is in the oil leaked. So let's take a quick look with in the templates. The first thing we see is server address. Okay you can have up to five different addresses separated by just like some. Now why would I have to fully qualified domain name and an IP address. That would vehicles I don't wanna. Have DNS bring all my age install. So to fully qualified domain names down because the announced they're heading use the IP address. Okay what's the next I team may be that's a secondary line at 91 went out which is my first two weeks. Now I have my backup files. He rules raid server and it still checks and that. And editorial use schedule. This is the concept sane when you send the event logs do whatever it says here's schedule. And if it says not set it still doing something so let me show you one it's easier to recognize I say I have it set for desktop. A bit of information. Every day success TA in repeats every four hours. So at tech is basically a database. In the only way that that database is updated periodically. It's through this schedule. Or if you Mattingly San. A command it. But this is what feeds lap this is a very important concept or product. So you can see update configuration hardware. Disk processor. Software all this information is sent. Needs intervals if these generals do not work for you. She guessed that you can create your new one name it whatever you want set whatever schedule you'll. Folders in cash. This is something that we went through in other. Webinars basically this is for cashing he tie this into your location information. And you can have all year. Patches cashed that say your server down its cache locally added location. And then delivered via with and the location opposed to each machine now. Eighty I want everyone I have my little art guy that's the room we use so I'm gonna load that that's what everybody's gonna see across the board. Our access modes basically tell us how to behave when we go to access a computer. So when I go to access this computer. Registry it's gonna allow me to a raid away I could say. Asked that allow which means it'll ask at the end user have a box for ninety seconds they can access your registry. Ninety seconds go by he doesn't answer I saved and allow allow me to do. I could say ask the user for registry and then say the nine. So in a more tight knit type of environment its status does prohibit compliant consumer financial institutes in institutions. Again I'm delivery in my services from like group the template as part of the group. And I tell that person no worry. Any time I wanna access your registry for any information file explorer I'm gonna say yes and I'm gonna ask them if it's okay. If they're not there are unwilling to answer me I'm not do it. And that's how we need a lot of these. Standards need to take place saudis access messages tie in the us so like AD access message and I say okay. When I restore restart or log off your computer. I'm gonna send this message cannot read you your computer pretty please with sugar on top. And of course there's and now and then they ask well let's like and in reviews and our service tickets the rest of this you can take your time going through. Just won the gets a little familiar with that now the flow is what I want you don't. So I'm at the default template. And I told it to do generic disk that the other thing because that's what I filled out and has very low priority. I'm gonna go in the mightier. And I created a new template called class locked down and I gave it slightly more important. Number eight he is lowered and and so it's has more authority. Now if I click on the list. And I were to change anything here. It would over right what is being done it all agents group default. He would over write so if for some reason let's just say brain. There I have the little ignite fire head guy it's his concentrate on the very simple if I were to select this. I hit OK and you see that this has an. So any machines any laptop computers that are part of this group. And automatically get that little icon in the tray. Oppose. To this. Because it has a ten. And we normally give on the art ran. And I she wears some partners will use this just isn't that a fire they say you know what I do like tree other. Groups or I go to my managed 24 by seven group. And I'll go in the template get a slightly lower priority than the all agents I'll trough the default template. And I'll put a different icon and I always tell my technicians. If you ever see this red dot in the tray icon take as long as you need to make sure there are a close partners or a plus clients and we wanna make your regular higher standard. K they bought the maximum they ball or whatever your service on highest service agreement atlas. That's a very easy way to understand how templates and priorities work. So templates are tied to groups. Manually using update config command. There's only two ways that updates the templates are going to get pushed back down. Tutor group so I want everyone to be comfortable and everyone on machines. Now the other the wait is gonna happen automatically if I hit. Edit the seams can all on this group remember I told you I go schedule. Even if it says not set. This first one update configurations sent everyday at 2 o'clock and not repeat. This means if you're using the not set schedule which is actually a schedule it's in the product. Everything is sent at 2 o'clock. So if I made a change to my template and I told to use this different brandy if onset on the schedule and I don't do anything manual. It's not gonna take to change until 2 AM that that. So. That's said. There's another way to push updates to templates. Down to the computers and that is to do a right click. Commands updated so if I go out here. I find that complete it's a it's Tampa I can right click. Commands. Inventory. Up they can take or Reese and everything is also Europe but pay attention to the deacons. Yup they could say has now sent. Commands to every machine that's in that group and says hey someone made a change the template you need to grab it program now. I would feel more comfortable best practices always when you make a change your template right click on the group commands inventory update music. Now you know your machines again and automatically. You're not dependent on any schedule time. If you forget like we said it only happens to a and you may be two in the afternoon on what's going wrong optics are now it's working it's waits it. You gotta remember to do that manual. Up to. And that's what they're illustrating here. You can. Have this happen at the entire client level location. Group right click just on a computer do it to make sure they're comfortable. With that. Or before I ask you guys for any questions at the end that's a little review see what's on and here. Blanks are used to separate your clients to more manageable areas. Guessed it. That would be groups. These eight in the configuration or use to apply rules and behaviors agents. Templates. End tablets dubbed blank tab allows controls to be set around how critical functions are utilized to access the workstations servers and laptops. This type of functionality can be utilized in environments that required additional layer of security such as health care or financial institutions. That was our. Axis buttons. What type of group can remove members from other groups. And we said the master. The world we gotta remember that all groups in that tech today should be great now we have that issue. Thank you.

  7. Utilizing HUDS and Dataviews in LabTech Support Webinar

    Fri, 12 Dec 2014

    Welcome in this week's webinar my name is accounts into cheek I'm a trainer here LabTech. And this week we're gonna walk you through the best practices. Of working with hoods heads up displays. In data views. Let's look at the overview. Heads up displays or hoods it's commonly referred to. So hides you would see most often. Around he knocked area network operations. These would be only limited. Tedium malice space that you can fit on a screen or projector. And could be. Sub let it into a few different when dues within one monitor. Let's say one looking at client health score. One looking at patch management and help patches failed reinstall. It may be along the bottom we do a three. Tear window and on the bottom we have ticketing all new tickets that are coming in to be dispatched. The purpose is to create instant visibility of very specific information to core bride assistance. And data date task. So we just said that we may have this monitor up with failed patches. New tickets but the best thing about hodes. If there are used in conjunction we data views. There livable workable areas. I can literally work and click on a ticket. And worked that ticket to completion rate out of the hood view. Or you can use hodes simply to be notified. Of information war. In some cases some of our partners like to use it. As a kiosk type situation where they would literally just put up their website and support information in one pane. Column show threats. Hacking threats through a web site in another pain. And just just for visibility information may be even selling. Their services to their clients. So there's a lot of different ways you can utilized parts. Heads up displays are customized views. We said there only limit to the size of your monitor or screen projecting content. You must have super admin rights to initially create the hunt. Once the Hud is created we can go in and give permissions. Two other user classes for edit ability or to read and sale. You want to use hugs with data views that's why we're taking today's webinar and we're introducing hugs with beauties. So inserting data views would for a complete interactive experience for your technicians. Because data views or would allow you to. Actually drilled down into the machine that you see the information. Be in displayed from. Let's say it's a processing. And showing all high processes I can select the process and question and bring up the computer screen TV agent. That it belongs to. Go to the process tab on the Asian. And maybe kill it only on that particular agent. Alerts and statuses. So anytime a monster fires off and it's not set to send. Alert directly to a specific person or create a ticket and each is says reason alert. You're gonna see the alerts and status information so there's a hood generated forces by. Failed monitors. This is also key fall and a box any monitors that have failed that are not in a state of active you can see their monitors. And you're out operation center. This has a couple different things that's incorporated into it that we feel are common pleas for most of our partners to be aware. So let's go in and take a look at some of these. Where do relocate hodes. Well directly up in our main. Toolbar. On their heads up display. When I select had built a heads up display. I have my alerts and status is that we just talked about let's take a look at that for a second. K were in a limited environment so we're not gonna have much information here. We also have the knock that we just talked about network operating system. Distance kind of neat we'll take it time for collude. And when it finally comes up you can see that we have our offline agents. Are being viewed here. Our new tickets any new tickets that are coming and to our servers me and viewed and here's where our failed monitors in our monitor health is being checked. So this is something that is creative bio lab tech for you'd take advantage of now because these are data views especially here at the top. We are able to actually work goodies and these are offline agents I could write click to this agent and maybe I could run a script if I need to. So I Keiko. Client scripts and maybe run something that is a client script if I if I want to I can also double click on this itself. And look what it does it rains alt that EG computer. Even if it's offline it's not connected shows you that down here below. But I can still bring up this aging computer may be I wanna go to the commands tab and Stuart you know some of the list commands that percent. I can go total alt tab get information from this machine. This is why using data views in conjunction with hugs. Or very. Important. To utilize. Over here I have my tickets so I'm not using a PSA and maybe I'm just using LabTech internally and I'm gonna go ahead and be able to open up. These tickets. View the information about the tickets. And completes a ticket. So I can work it all the way through until I can finish the ticket and close it out. And a month of doing this all from Holland. Not from within the controls. Let's take a look at some other ones we have close that out let's go back on the here you can see we can creator of so like click on this customized that we developed I developed earlier for this presentation. You can see we have a whole bunch of different things. Today we have some gauges that are showing us some client help. I can right click on a particular gauge. And configured. So I can come in here I'll find the want to showing missing patches and just say you can see that you can change it I'll change it from a circular. To maybe me digital. Face for that information. It's saved. And exit and you can see how I can manipulate. The gauges with in the stated. Over here. At the top I have my maintenance windows so these are literally the maintenance when those about double click. I can see. The Monday maintenance information. I can right click. And just view this information here. At the bottom I have my templates. Templates. Federal my alert templates these are the templates that we apply within monitors to say came in this monitor reaches this threshold and shows that the drive space. Has only 20% left. Notified this person so these are all the alert templates that we keep that are usually located in the dashboard. But I want this particular user to be able to work with these. So we can get here I can edit template. And rating here I can see what it's as though I can add an older need being. And I can view which each one of these templates are. And may be I want to have him couldn't somehow to leave Omer added own produce so. I have my tickets summary information in this one though. Notice how these windows can be moves around. Skilled higher or lower if you need being. And I can right click and refresh the information within. These ones. Okay so orders viewing a couple that we've had already prepared for you. And as you can see when I roll up tots. It opens up the menu drop down for me to get to more. Information for these hugs said I can customize. Let's look at one more. Patch status. That's who we have in here for patch status. This looks pretty nice and sick we put a lot of gauges and so it. Now as you can see they do you take a minute to loot especially if they're more graphical. And we do so we have a lot of different gauges showing us updated health. That failed patches needed approval. So on and so forth. This may be something that you want your technicians just to keep up on the screen with an eyeball reached just the case. So keen. A curse may be another good practice will be ige is brawl on a new client. I bring on a new client I wanna create a hood a heads up display for that new client. So that works keep in our eyes in these for our sixty day ninety day probation period we always like to keep it extra attention. You know make sure we iron out all the problems. On that new client raid away so I want my whole not department the key to rivals and some honest. I could create a custom hunt for that. So how do you create a custom mode. Select new heads up display. Called us when webinar. And now we open up. Two or hood now it's just a blank canvas notice when I roll my mouse over to top. Aha I get the menu drop down this is the seat real state this is to allow for the most visual amount of space for a hugs to display. So I come up here. Remember that I said you had to be as super admin to create hood originally want to hit the drop down on the options. I want to do two things first all. When I create good and the first thing. It's a wanna pick the layout so I'm gonna go to configuration. Layout and I'm gonna take the way I want this hide. Interface to look I wanna double stack east side by side double stacked with aside that's what I'd like. The reason why is let's say I've already put information in here and I'm gonna had something really quick. Not really looking what I am selecting. Can out great great and then I find out you know what I need a double stacked in the side so many changes. And I go to layout panacea doubles that put aside. Not changing layout it will remove all. The data items and start clean. So it's literally telling you it's gonna lose everything maturity worked on I say yes you can see that that's workers. So it's important that you come up on the configuration in secure lay out first. First thing I do is take my layout doubles that the side. Sure. Now I'm gonna come over on there options and view my permissions. My discipline displayed permissions can go to my dispatcher. Just do a wanted to time. And I'm gonna make sure to my help desk users can do that. And of course my LT advance but for editing purpose. My edit permissions I'm only gonna give TL to advance. And I also like to give a little more permissions. From edit permissions to my knock user class so now I have to I want to be able to just view these things. And work with them and you can actually edit them add different than needed to use different sites or whatever anyone at. What I do is I get where I want this thing okay it looks good to me I'm gonna right click. And then we're gonna come back because we're gonna discussed dvds so I'm not gonna add the and then now but if I wanted to I could just go out to a web page. I could typed in. A web page. And add. A web page in here. So I could come in here and add LabTech dot com that takes offered a column in little that. Maybe this will represent. You're tech your your MSP support page may be just represents. History information about your MSP. I seen where people like to go out and find web sites that show. Real time hacking. And neatly put this in Ernie showed words oh look at all these attacks that are going on and they put client hell scores next to it and what they're really Dylan is there. It's more of a selling point to their clients are saying hey we keep an active local what's the impact throughout the country in a world. And we also keep an eye ball on all of our clients at the same time to see if there be an aperture. And the Indies tax. Can't whatever you want to use it for there is a lot of different things you can do we can also just right click. Because we're gonna create this is something for clients. You know something for a clients to look at I could actually make it look. Decent by putting color behind it and then adding something to. I can tell it to set equal size. Maybe it's not what I wanted to packet switches. Hacking coming here. Add an item. Client health. So I'm gonna go ahead and add all my client hell scores and you're. And that's today you can move them over is you could seeing. Now when you want to remove something you are gonna have to get raid up in this corner. And select the remove. It's a little takes Turkey so once you do it once or twice you get the hang of it. But until then you know understand that you may click on it and it may not remove the first time. Welcome my monitor review in this. Now we're gonna come back up and I if you notice I haven't seen anything so I'm gonna come up here I'm gonna do receive heads up display. Once I seed heads up display by selecting the save button it's gonna be available. Under my head's up display. As you can see here. Now you cannot come in here right click or double click and delete you have to literally come out to the Hud itself. Under options and this is where you would delete any hot. We can allow users to customize the hood save data view customizations with in the Hud itself we're gonna go in the eighties in the second. I'll show in toolbar so if I wanted to do that I could select show and toolbar it is this is one of the hoods that I get to very frequently. And what that's gonna do is go on that is drop down. And win it catches up to the database they will be displayed under here. Can. We looked about the permissions. Clear all individual settings. And other configuration. We kid renamed and if we want to we could title the title bar differently than the name of the actual hood and and if we were to select a different lay out what's gonna happen right now you guessed it we're gonna wipe out everything we just worked with. Hey we can also change the icon. So we can change the icon to something that we want and you know maybe brand to our brand means. Let's say we want as little robot guy notice when I change it it changed appear on the root and on the pre on the webinar. Am gonna see that change again. Always saving my information when I'm working days. So that's our hunts. We're gonna talk about data views because hoods. Or really great for visibly looking at information but to make it interactive and give it real purpose we wanna be able to utilize these views. So let's go and talk about the disease. Interviews can be laid out to guy technicians in their data date kiss an example you can quickly locate all aids and enable computers culture that take system. That have a particular process running. Which allows you to get the information you need in a matter of seconds. So there's a particular process and we need to know hey where is this process running. We have 3000 agents and it's a very important for us know which ones Iran as process no problem. Will go to data views. Will filter out that process. And we'll see that data view at CD that you pass them to operate the original and we can put data into it and keep rival. I'll show you an example something like that. The purpose is that tech data views also allow you to perform remediation directly from the view. This means you can do more than just list all the computers at that particular process. You can use the data view to perform an action such as terminate. That process or maybe classified process. Where they locate it and your navigation tree on their operations. Data views you'll see a whole list of data tease. They allow you to view system information in 1 central location. We can create your own machine how to do that. And the most important thing is we can work directly from these data views. And we're gonna inserted data view into the hood that we just created for complete interactive experience. Let's go and take a look. So I'm gonna locate data views will go over a couple on their operations. Data views and here's a whole list of all dvds mail. You can get more data views. You guessed it a marketplace. The marketplace on their data views in you see anything you are interested and select them. And they will popularly under this tree structure. So if I came under here. And let's look at some important ones I can come under here and look at status information I get a common question all the time in my training. Hey is there anywhere I can see were all. Atlantic each and statuses are when they're offline online well what's now sure always check your data views first. When I double select this double click on it. It brings up. All my different agents. Whether they're online or offline. Time and so on and so forth so I like this I think this one's a very good example something you may wanna keep and I would. So we're gonna go ahead and work with this the first thing I'm gonna do is I'm going to tweak the original one. To fit my needs and my needs right now on the only worried about what's in my LabTech. Klein. So the first thing to do is come up the client name. I'm gonna select the one I want and I'm gonna hit search. Now I filtered it out only to be a galactic client. Now. I could also. Come over here and say okay I like what they have here but I wanna add more. So I'm gonna right click. I can go to. Fuel each user and I need to have the agents Mac address for whatever reason maybe that's somehow of the information on keeping. So as I added these fields I add to these columns. So you're not only stuck with comes out of the box here you can adjust these. The way you want them you can customize. Now we told you that you can also CD's. So I wanna save this one for example. We're going to see it and uses. Hop you can't see it right now on this is happened to me the first time I work with data views. Because it deliberately hidden because my navigation menu is too far notice Syria of search clear. Page size now when I grab this and move it to left. There's that options. So I'm gonna come on their options I can tell it how often to auto refresh. I can also because my client is asking for certain information I can pull up a data view. Like this and I can export this information to an excel so I can do export to excel. Which it would test. And we can see that. So now if my client want to know about the age and information. You need to get the Mac addresses for all the computers and I. Cover under his particular client I can buy and print that out for no problems. So now what I was saying is we wanna save it now we're not gonna do see data view we select a data view and I just filtered this. Only for the lactic client I just over room. The original one and I won't be able to get that back in listening marketplace and download it again so I'm gonna do save data view ads. I'm gonna call it. Webinar and I'm gonna see. Now it should show up raid on their statuses. And it did. So now I have the original one which is this one which uses all all the not a different ones. And I have my webinar. That I created there it is aka so I like this I saved one of these that's great let's take another look anything you wanna do remember. Reports are for your client's data views are for us the technicians union ministers we want to know information about LabTech and we're gonna go to deities. Were to go to data views we're gonna look at things such as processes I'm looking at processes. How about. I'm looking running processes these are all the processes running of course it's gonna be a whole ball to processes. That's not a problem because I'm only looking forward specific agent that I wanna work. There is when it searched. Now I have win seven test computer in all the processes that this is working on. So let's say I come on their processes. And I wanna look for high CPU process. If there's anything out there it is look at the processes high CPU process. That's what I wanna come in here maybe I wanna make sure. I feel to this by process. So I'm really looking for bits. And hit search. That clears this out great. Now I'm gonna go in and I'm gonna seed see data view as. County weapon or one this time. And that's on the my processes. Now I can't let you go without showing in my favor and I'm gonna put these in two AD ansari and to a valid. So I can come on the drops I am on the drives and open opal drives. And noticed that my buddy's got down here has laptop. Connected to or tracer. Because these things are interactive I can right click drives. And of course inject my abilities eat upstairs so as we speak he is little trays just popped open on this computer. And you'd senile left because it aggregates all. And he news that we did I could highlight. All the agents. I could right click drives he Jack CD. It's clearly send them a command to all these machines and Alder CD trees or pop in now people were freaking out around the office. I pick up the phone and to the client and no problems ironing and it was an issue. And we're taking care. Call it job security. I'm just give you an example this is a good one because you literally can tell physically so this does reach rate down to the machine when you work with dvds. So we can do that I could simply. Choose the double click if I want it for some reason the go to the drives and then investigate could go to the drive now. Right click and maybe one I needed to set on set as an SSD. All right so. I like that all drives went to so we're gonna incorporate these these couple that we created. And then you make sure I know I went to processes I created a webinar one we also created under status. These are just a few you really wanna go through your data using it familiar with them someone to put these two that we created into the Hud. That we originally start way so I'm gonna remove this. Get reenact Warner. Move item. Okay so I cleared out or webinar. A hard and I'm gonna. At all over customized data views that we worked with someone a right click and a good add item data views come down the status. And there is our webinar. So I'm gonna click on that weren't gray that's only showing my LabTech client in order status is that there's agents that are online or offline remember. Hello what is this and doing. Not sure I mean double click I can go directly to this age and I can work out of these screens so it's a very nice to have that ability. I'm gonna come over here. Animal Adelaide on data view. Steve down here at item data view. In this one we're gonna go processes. In use at webinar one. There you go now we're only looking for a particular processes from this machine that we saved. And for the last thing will add something else in here I said. Always phone keep my eyes on. The drives. This is slightly off the page. And here's all our drives anytime we want to weaken nightly new field drive trick in. Its. So we did all that we're gonna hit. Save. Anytime we want if you this again. I could shouted out. Go out of my control center. And it's always gonna be available on their heads up display. Webinar. And there it is. Now another great thing that these hoods and data views incorporated together can be useful for is trainee. Green warrants for LabTech so I have a brand new employee easiest to start it would LabTech never sell the product before I'm gonna go ahead he created him hide. How many shown some tickets that are old tickets. I'm gonna give a mum maybe some old take as the work with some patch health information I want to do. And maybe another data view that has him said Ian on setting drives for us assess the capabilities and things of that nature. I can create d.s and that's great now I can to supply to a user class that's the user classic give to all my new employees when they start. And I just tell outlook don't work in the controls that are yet featured feet wet here in this code. When you're done and actually Q rated move on. We'll give you different access you can go in the controls owner and work in that direction. I hope you enjoy this week's webinar. There's a lot of powerful things you can do with the hood and data views. Always tried to incorporate data views within your hood for live interactive experience for yourselves and your technicians. At this time as if there's any questions. So. You can go ahead and send him questions into us. Before I let you go completely. That's there's a review questions. Who has the ability to create heads up displays. Guess that only users with super admin permissions. Heads up displays are found where where are they located. From the heads up display menu. In the main. Menu on that the controls are. Interviews are used primarily for Hugh. Us tax. Not our clients these are not reports. You can export the information from a data view and use that to bring to mind your customers. Of the value that you give them. Through your MSP. Interviews can be filtered with a drop downs for each column. Sure it can't. And when we customized data view remember we always. See data view adds we don't just hit CD's of human writer the original. All right because said I wanna thank you for your time. Have a nice day.

  8. Agent Deployment Best Practices Support Webinar

    Fri, 31 Oct 2014

    Welcome to this week's webinar. My name zantops in teaching and I'll be taking you through the best practice for agent deployment. First let's look at an overview. This is the process of delivering the LabTech agent to the client end users for management of their computers. So were literally talking about getting our product on to the computers at each site. So that we can use or remember monitoring software. To them be proactive and fix it in repairing. Machines issues. So the ability to stay connected with its clients machine for monitoring ought to remediation. Communication. For any issue that arises from panic time matter. Is the purpose. Of each point. There's five. Agent deployment methods. And will go to reach one. The first one is our manual installation. With or manual installation we are gonna literally be on site. Sitting. Let's say at Eddie's machine which is that a dentist office and we're gonna sit down on my machine and we're gonna install the agent manually. To do this. We're gonna have to do a couple prerequisites. And we'll look at that now. So we will go into LabTech. In the first things we meet we have to have. Is a client set up. So in this case will be using travel times. And then we must have location set up you know no matter what happens in LabTech you have to create a client and the location. The location is where everything. Is that's where nightly it's so we will create a location for this client. When we double click on that location. For this demonstration. We're gonna have to go to the deployments in default tab. And we're gonna have to make sure there we have a default group set. For the new agents when they come along and get on board and LabTech. You're always comfortable with putting all agents the all agents group because they're gonna be long to that. No matter what. The next is the bald in the use for administrative access. Where do you think it's grabbing this account that says local account. You guessed that the passwords that self we have a local account we wanna start pushing when we must use the proper format. Coming in here with our dot back slash administrator. This tells it that this is it work report from machine. We also have our domain in this situation. So whatever one's gonna actually part to use. It gives you the rights to install the each into the machine. Is which one we choose here. We go back. And the last thing we have to select is a template to include in the deployment package. We're gonna include the this is the main default template which is part of the all agents group which basically will deliver all Barbary Indian things of that nature. Once we set these up we then have to navigate. Out to. The website so we do bitterly would go out to our web control sooner such as I did here bald into the main page. And become great under here under install packages. And you'll see that cost the ones week free now if I did not create a custom package. And I just came in here and said windows. Install agent. When that the computer shows up in LabTech. It will always show up under your new computers. So that will be. Under what ever one. Client has he one append it to the client object which is this and then you see new computers they would be here and you would have to dragon dropped it. To do appropriate location Klein. But we're gonna do it correctly sung we already set up the location. Now we're gonna go out to the site. And Morgan its use that file. We're gonna select the travel times what location for travel times. Travel location one in what package which tried to deliver here. If were doing manual. Agent deployment. We were always selecting the windows. Dot EXE. Now the question is why would we do that EXE over to MSI. In the answer is. It has more brandy. Incorporated with as soon as you deploy. To that client system. So it has all the brand means it doesn't wait awhile leaked the doc in this I will through group policy object in this is the preferred method for manual installation. I would simply at this point. Select download again I'm sitting at. Client's machine I downloaded. I save it to their desktop I've run it and then I would end up with my icon. Produced. In the tray icon when the lab tech icon. In the tray men. This will start to check in and now was start reporting. The second method. Is the network pro. Now the network pro. Has to. Basic functions in our system and were only gonna be looking at the one. And that is for the agent install. The network probe also does. As an MP management simple network management protocol it uses to communicate Wi devices. Such as routers partners things of that nature. And collect information. Before our discussion here on agent deployment we could use network probe to ski in a location. And then delivered the agent down to the machine. So in order to do this we would have to have one agent installed. At the client site. So. You're gonna have to go to one. Agent at that location manually install the agent now you have an aging you create network probe. Now you could ski in the location in automatically pushed down. The rest of the lab techie to some location. So let's take a look at this. If I come in here. I'm gonna find a machine that does not have the network probe installed I believe this one does not. Satellite know as soon as I open up an agent I can see this flag is not checked. So when I select this checkbox it says you want to enable an hour per one is computer absolutely I do. You only can have one Peru. Per location. So clarity had a pro at this location I check this box he would ask me do you wanna move the role. And there were prog role to this computer because it won't allow me to have to. So then I'm gonna select next. And then here. I can select. Any passwords that are associated this client location. If I needed to. I could write right click and add an entry. I can also all in the use for administrative access of any one of these I can select. K and then he say I'm gonna use the location domain account the template to use the default. Next. This is important. More important than anything else that you're doing do this wizard is this community string. You want to make sure that you speak with anybody. On any resource. At that client to know if they're using any. Unique. Community strings. These community strings are used. When scanning your devices on a network pianist and empty so we have our public private admin and they may using another term. Another word to associated authentication with there that's an MP devices. Again this is really made for collecting information. Com what you wanna make sure you have that prior if not I'm gonna show you leader that you have to go and make it changed registry key. Were also scanning ports scan frequency. Now here's the most important part RO auto polish do we want this network probe to automatically start detecting. Machines that don't have galactic agent and enthralled him on the now sure you're taken yet that's why we're here we want to deploy the agents but in this case we'd never best practices to never checked this nor in the wizard. Keep it on checked. And I'm gonna show you why in just a second. How many are next. And that's it finish. Now you wait. It'll take a minute or two and you'll see that this is checked in the will be in a a network per tab on our machine just a few seconds. Okay so the network tab to select it. We are now going to go to network probe. Tab so the checkbox is selected. We're gonna select network prog tab. And go to the general tap on the network pro. This is where we wanna explain anything that we selected previously. And that in the probe wizard can be changed or modified if need it. So the frequency. We're gonna scanned wanted that. That's what it defaults to that's normally good frequency. Now it what would happen if I drop this down and do ski in every fifteen minutes every thirty minutes. We have people would have called and our partners and said you know network probes kill me. I I don't know I try to turn on a pro now the whole locations down I communicate it slowed everything so we come in here and we see. Well what to frequency is that fifteen minutes or thirty minutes. Remember that when you're skiing in a network you were gonna strain a band. So you may want virtues scan once a day and you can even do a skin window between these certain times I can enable it is in say between. I don't know. 12 AM to 3 AM because they know nobody's there at that time that's that I wanna see if any new devices came in. Or that's a tie I don't wanna see if any new machines are wrong line so I can deploy the H. So be aware of this the other thing to scan frequency. If you scan. And say. Every thirty minutes. And you don't given enough time to actually go through the range. See I have one the 100 would just pay attention to top and lets him scan every fifteen minutes. It's not gonna have enough time to complete the full range of IPs. So it may get all the way up to number 75 and then it's over. Then it starts back over in fifteen minutes and it's never gonna go past seven X. So I'm gonna lose 25 machines for an example if I don't make to scan frequency on long. So it's a balancing acts on we do you have plenty of documentation on this and forms at. People want to use him this amount of machines at a certain location this is probably your best him frequency. But you'll feel feel that now and each in SP is going to be different. Say in that we come down to the IP range. Now I always get a question. Or can we exclude. IP ranges. You know I have a launch voice over IP phone systems I don't need it wasting time scanning them camp which it just obviously. So how do I get rid of one. We don't have an exclude which you would in DH CP but we do you have the option to whom it. And that's basically Jews jumping over. The IP range that you do not want to be skin it so in this situation I'm going from. Ten dot thirty got 81 to 100. And then I'm starting back up at 150 and go on for another cal on. So I'm literally missing. 11 under Honduran water one to 1:49 am exclude. In that situation. So that's important to negative. Then if I'd look over here this is where were actually focusing because the remote push settings were tell it the password to attempt. The push to these machines. At this location is the local admin. If I needed another one. I could select a different one again where is this grabbing all these passwords from the client's password tab and the locations that. So maybe that's not the one I need maybe this is I can add it in use both. I can tell to use this 11 by moving up and then it will attempt to work the work group. Password after ports. Okay. Also enable automatic network installation this is just like a button on the wizard I told you not to check raid away and I'm still gonna today enough to check it at this point. But that's how we go ahead and say we want this thing to consistently. When it scans and find something that is a machine that we can download the LabTech agency. Go ahead and do. So once we tell you the proper way of going through that steps actually preparing to get that configured. You can just select this button. And then you're gonna see. Once it's set up correctly it's gonna attempt. To install the agents in a machine. So why in the beginning that we tell you not to select the auto push. That's part of our troubleshooting. Because what we tell you to do is go to that location. Okay and in this situation I'm gonna find. One that we used. So that's 22. That's it. Use iTunes. And the network that will work so what I'm gonna do is add a location. That I want. To initiate. The automatic aging install. Through the push through the network room I'm golf first fine. In particular device so that's open this up and what I'm gonna do is I'm gonna attempt to installed Egypt on one. The voice that it out which needs to be a computer for litigate it properly. I'm gonna select install here I'm gonna say yes go ahead and try to install. And what I'm doing is I'm testing one device. To get it properly past the network per. And we're gonna review this in just a second to what do you think are some key main reasons why the probe would fail. Exactly antivirus. The eighteen may need exceptions. Fire walls may need to be tweaked UAC. Then three earlier major killers so what I do is I select that the place. When I hit. Go ahead and install I'm gonna go to the probe. That is controlling that the voice. I'm what do go to the probes command tab. And I'm gonna see if it's going to actually. Take the agent to that machine okay am I gonna get an error which I did. Here's an error I can come down here look at the error could not connect with a password system. Or system is firewall. Meaning there's a problem with the firewall so they're what I do as I go to the firewall on this machine. I put in the exceptions. I tweaked before the actual UAC. I may add some exception to my EV. Two and now this to take place once ideal and I get a successful. Completion. Now I can go back to the probe itself. So I could come back in here in now I'm gonna select. Automatically. Enable network installation. Any time I make a change year I must come down here see. This is very important if I change anything in the screen. And I just roll away from the strain Iger to back the world tree and a computer nothing was seen as you can see that check box so please check it. Hit saved. And you'll know that when you come back into it it made that change for. I'm gonna do you select this. And we are in. Training environment and we don't want that take place. So that is major let's go back and review. So with a network probe. We want to first. Go to a machine. Check the little checkbox and they get a network pro. Walk through the wizard and do not select all approach auto push is not to be used because we want to single out one device. Make sure we can deliver the LabTech agents who it wants that's okay we're gonna go back into the network group. Into the actual general tab and check that box go ahead and installed. LabTech agents because once you get the agent pushed won't machine location. You can be 99% sure it's gonna work and a real she. So once a network probe is set up which you maneuver. The next thing we can do only if we have a network prove it to location is we can use a Logan's script. This is literally a script designed by LabTech that we utilize a network probe and push that tech. Calm down to the Egypt's. So we're gonna go out and fines. A location and we can do it just for a particular ages and we're gonna go to system automation deployment. That tech to domain. So you'd go out here. I would find wherever I wanna target maybe it's this whole location. And I would come down the scripts. System automation. Deployment to push that tech condemning. So this will attempt to utilize the probe once setup and working correctly. And pushed him agents down to them machines. Now we get to our most reliable Matt. If you already have access into a domain using windows you can use the dot MSI file. Any link that to a group policy object. And just think why would that be battle why would that be more beneficial why does this not fail. As much as any of the other procedures. Because you already have access through the fire all your do you have access. Through any of the issues you're inside of windows the main C you have. Nothing that's going to calm blocked you from doing the installation. So we would again go Al. Q the web site which is the web control senator. And this time I would fired the client find the location. And I would select the MSI package I would download this package and then I would link it. Q a group policy object and deploy the agents that way through GPO bypassing. All the issues or at least most of the issues we may have been working outside of a domain. The last one we were briefly look at but it's a LabTech deployment manager so you can basically we have a one window. Where you can actually just pull up all the groups that are in your LabTech so om basically sitting in here if I wanna go justice LabTech. Client I'll show me what's available. I can go to another one of show me what's available I can highlight one. Look at the pro settings and it's gonna show me what passwords are available again for me to select which I can choose you down here to a lot like what we did to the wizard. But I can also just single out a machine. And I could say well let me goaded approved that's responsible for she. It pops he rate into it network pro tad make any changes that I need. And push it to that machine so this is a one window pane where you can see multiple devices. And work with multiple forums. So the best practice for the network fur. Trade and on a server or made all of enable S and MP on all devices. Great now we're not focusing on collecting the information from routers and predators and things of that nature but when you're first to set up the agent appointment. Go ahead and enable us and and he on all devices in the future you can collect that information. Add community strings before so make sure if there's anything that you need to ask that client. Find out if they're using any type of community string that out of the ordinary. Private public admin are more common ones and if they did in your he went through the wizard. Now you're gonna have to come through. And you're gonna have to go to local machine your H key local machine software lab tech groups service config and Europe to change this ski. This obviously. Our support people walk you through this but just to give you an idea why that may have failed. What's require before I deployed this as good review. Where do we say. Clients and locations must be established in two configured. We gotta get it at deployments tab key faults of the planets that set up everything on the at a minimal and the default template must be configured. Dot network framework should be installed on the places that are 3.5 or higher here's another benefit. Of the network prayer. Unlike you doing a manual install. If for whatever reason which it shouldn't be that Albert you don't have dot net 3.5 or higher. It will install that pre rec to the agents when it attempts pushed LabTech so. So what do we do that with the verify eighties either off or exclusions have been put in the place. So in the control center everywhere that a deployment indeed faults we selected the agents. Odd login to use for ministry of access we then went and and we said what template do we wanna apply that supply that people template. We can go out to the web control Centre can now select the package that we created we need to do this first. This way it goes into the proper location. And you'll have to drag and drop from the new computers. Area within your controls and so when I access the web control center with a fully qualified domain name. And that's how will get to our packages. We went through an X and told you select the voice in the tree choose install first. Checked the program commands tablet we didn't to see if it's actually accepting. The install. Troubleshoot QA CAV and firewall. After one successful single installs enabled now we can go into the never pro tab and check that box. For network installation for. That's what it is review questions and see if we can ground. Which type of installer file is recommended when installing and need to manually. Were on the site we need to get that agent down that machine which one are we gonna choose. Our way you guessed that he exe. Which type of installer file is most recommend a method for installing agents. We just talked about that that's or dot MS I could we will create that package will apply through group policy object and we already have. Most of all access we need suitors no blockage pushed down each. So this is some troubleshooting information we're just gonna review verbally. Again locations must be set up this is one of our main issues when people call and the network for. If you don't have the location set up with a deployment in default tab it's not gonna work correctly. Passwords that you're using it to location. Make sure they meet the requirements that LabTech uses some special characters won't work correctly through that. We have a whole list of these and our documentation. So go ahead and feel free when you're setting this up the first time. To look at that each. We talked about the far wow. When there's prowl can also be a blockade in the installation of the EG two remote systems. Even if you have disabled the firewall on the agent you may have not completely. Disable. There are still rules. That need to be applied to inbound connections. And all that detailed information will also be inner docs. Authentication. On the agent designated as a network per verify the account is running the LT SDC service. You'll want the servers to be running as an account that has full access to fall of two servers at that client location. And again pushing the AD as you can tell is probably the main reason like these don't work. Any virus installations will often block the installation of the agents so ideally you'll have a centralized AD server. That can push out exclusions that would really be helpful. If you're margin SP and one utilized this. Documentation has a list of all exclusions that need to be a plot. So please visit. So now we ran through. The basic five methods. We had your manual installation which were sitting rated the machine installing with the dot EXE as it pushes more brain. Raid away. We have your network pro installation which we went through and talked about how to set up remember don't ever select all of push. When setting up the troop average. We showed you. The Logan's script only if the network for it was available and I've been running a script at that location to push down ages through that means. The reverse reliable method is your group policy object. To your GPO. And the last one we briefly looked at is are completed manager which just of these is a one. Pane windows allows you to see more than one group at a time in more than once at the place. It's. Okay quit rates thank you for joining today's webinar. You can sign up for our support webinars at support dot LabTech software dot com. For additional training opportunities like be coming ace certified lab tech professional. Please visit us on the lab at LabTech software dot com forward slash training. Thanks at have a wonderful day.

  9. Client Onboarding Best Practices Support Webinar

    Fri, 17 Oct 2014

    Hello and welcome to today's support webinar my name's Chris and I'm technical trainer here software today we're gonna talk about client on best practices. We're gonna start by talking about what is client on boarding why it's important. There were gonna break down this process and to an eleven step overview. And you can see within these eleven steps we're gonna briefly walk through creating clients locations and contacts. Specifying admin credentials. Deploying LabTech agents configuring the LabTech probe and signing a service plan. Reviewing aging configurations before we and the on boarding. As then we're gonna talk about configuring client ticketing and maintenance when all said and done the last step is configuring any additional lab tech features. So let's first talk about what he is client New clients often have existing challenges we want to address those immediate concerns and any other pain points within the first thirty days of signing an agreement. Why do we Oracle client. The early stages of a client relationship are crucial especially immediately after you win the initial contract or agreement. This is a very important period when you have the greatest opportunity to learn about your client build a solid framework around partnership. Immediately dealing with concerns builds the foundations for strong business relationship for both parties. It instills confidence in your practice provides added stability to their infrastructure improves contract profitability. Ensure the claim is a of the services your practice provides. Once the client understands your scope and the benefits provided. Make certain that you clearly expectations the client must know the service levels they will receive any potential interactions providing them and also what is expected of them. Instructing clients how to successfully interact with your practice is critical. A client should understand the benefits of your practices services and how to properly utilize them. Otherwise is more likely they will become frustrated by the usual actions. With your practice this can greatly improve the likelihood that your agreement will be maintained during the infancy of that the relationship. Compile a standard. In that eternal documentation packet for the new client and organize and in the consistent way. Making that data available to your support team limits they need to reach out to additional resources for this information. This and this is an example of standard position that can reduce training needs and empowering your staff to properly supporting your All morning requires consisting communication between your practice in the During this period of time you'll learn about the client's needs infrastructure and long term goals. Review these details record any and all potential opportunities. These opportunities can help stabilize the client's infrastructure and generate additional revenue. So now we've talked about the general overview of what is client non boarding and why it's important. Alerts now proceed you are brief discussion about eleven step overview for all boarding our client. The first step is to create a client object. Or we can import it into the lab tech from yesterday. These are used to organize agents by client improvise its clients' specific configuration. Create the clients locations. Used to organize agents by location and provides location specific configurations. Major configurations like pats management take place on the locations ignite create contacts or import them into LabTech from a PSA. Contacts allow communications to end users vendors and handle ticketing specifications. Next we're gonna specify. Administrator credentials and configure agent deploying settings per location. Use for location specific agent installation files creation. This must take place before agents can be deploy. Next to Morgan to deploy. Let take agents with the configure deployment package. The agent software is required to and be able LabTech functionality. Next we're gonna configure the LabTech probe for agent deployment and NASA discovery discovered assets can also be from within LabTech. The probe must be installed for this ability. Next is a sign a service plan to each client location. Service plans package with ignite create standard configuration separate default monitoring alerting and remediation. To a neighbor your standardized services like monitoring a service plan must be applied to each of the client's location. The service plans package with the night allowed. From this point you're allowing standardized configurations to be enabled for the agents in the client's location. Now while we're here I also want to kind of operate there and it's a best practice to kind of start with one location at a time. Make sure that each of the service that assigning via the server workstations at your location are set up to your specified credentials. Then turn all and make sure everything is operating as you expected to. The last thing you want is to assigned service planes and get all your locations up and running at the same time and then find out there's an issue. And then you're kind of backtracking to quiet things down it's very important that are you kind of do this one step at a time. Are recommended best practice is just UK I don't start with one location I want to see how it all works how it all flows before start. Enabling service planes in getting things up and running altogether. And that's a very big topic and for number eight which is reviewing configuration. So we want to do this proactively. Before we're enabling LabTech on LabTech ignite monitored provide visibility and proactive control all require its environment creating significant alert Reviewing the top ticket generating monitors host and deployment can greatly reduce alerting levels. So were gonna review our service plans were gonna know which ones were assigning at locations. And we're gonna review the configuration. We want to make sure were kind of doing this you know slowly making sure that any issues pop up. We're addressing them on the first one and the first time out of the box and then we don't have to continue to go through this process. As we're enabling service plans and on boarding an additional locations. After the initial set up. Because the next step is actually enabling onboarding. This allows the onboarding script to complete a wider ranging set of tests on the agent. LabTech client on monitors will alert you to issues that should have been addressed within LabTech during location by technician. The ignite plug data validation functionality helps prevent issues during the process. This will ensure that all of the required steps are complete and you get the desired action you expect out of the system. These monitors help you validate a we imported clients LabTech configuration. Which helps ensure patching monitoring and other take features that are available and fully functional. Reviewing these tickets and addressing the alerts is critical to the success of on boarding and LabTech successful. Utilization. So we enable on boarding we're gonna run through a variety of scripts that set up initial system configuration. It's also going to apply your service plans wants your agents have completed this process. So we want to make sure that not only do we know what's in But we also want to make sure that thoroughly reviewed the service plans we know what's going on on our service playing groups. The monitors that are enabled in the actions of these mom Once we enable on importing or we're gonna go into the service plans and all these monitors are applied. Also during this process were gonna go through a server role detection script. We are gonna in your servers organ to see what rules enabled. And if there in one of our valid service plans basically 24 by seven by five gonna break those server roles into their own groups and apply even additional remote monitors based on their server role detected on those agents. So it's very important that we understand this process when we the control are kind of breakdown this additional configuration. Next we're gonna talk about configuring ticketing and maintenance. So this involve setting up service level agreements client building configurations and defining maintenance windows. Each of these components helps ensure a successful ongoing relationship with the new client. Given your practices utilizing PSA a majority of the configurations will be completed from with in the PSA and integration plug it. Once we've gone through these initial steps of the last portion is configuring any additional lab tech features. At this point you're gonna look to configure client specific features like management. Any customize monitoring. deployment back up installation or any other core features and this whole process. Is kind of what we determine what we call client on boarding so we're gonna create our clients organ a breakdown our clients and locations. We gonna set contacts. Specify admin credentials that we're gonna use threw out of LabTech and our support. Or we're gonna talk about deploying agents configuring the LabTech probe. Talk a little bit about assigning a service plan reviewing the configurations before we enable on boarding. And then organ and configured ticketing and maintenance periods and then that leads us to step elevenths so let's jump into the control center and let's. Briefly break down these eleven Stetson wind that are important. So here is mind control and you can see I've created this it doesn't have a lot of things on here. It's it varies scaled down approach but the first thing I wanna walk through is just creating a new So when I create a new client you're gonna see don't have a lot of the tabs that are available. usually when I'm looking in my client configuration. So. I'm gonna create a client name. When I create a client the only thing it's really needs is the actual name. I click add new. And then when I open a back up hey I have all of the bells and whistles that come with my client. Now with the the all boarding process we want to focus on eating up password. What we're gonna use these credentials the client location level in order to deploy agents and also use these credentials. Periodically through installing software and other various applications. So when I want you create a new client. I want to you. Create user names that go with it. So if I'm creating a domain. I want to put the domain followed by the username. And there I have a domain and the stored in my client. Then I can use these credentials at any of my clients or locations. Appropriately. Once I build my clients I have mine name. I want to look at building a specific location this is worm and a store my agents and again. I am only going need. A name to get this created. I can add additional information here. What when I'm creating it I just need the name when I open a backup I also it's. All of the tabs that need. Again we gonna focus. On creating in the location specific admin credentials that I need here. Maybe I have. A domain account that I used throughout all my clients for my locations I have a specific location account. And it's just a local admin. That log in with just the dot back slash and in the username I want. So here is this gives the ability. To breakdown of my clients the locations. with passwords specific that that associate to all of my locations these are going to be client. Could be just an example of a domain account that I can use throughout all my locations. Then my location. I'm gonna specify. Any accounts that are only used at this specific location I could have different. Local accounts based on where locations more. Cause basic breakdown of my locations. Is going to be from structured in a way where all of agents can see each other. So I'm building my clients break locations whether it's via. Subnet or away Lan vlan or geographical locations hey I have an office here I have an office that here. I'm at a breakdown my locations. So all of my agents at that location can see each other. So I may have an account at a specified location that I can use to kind of used to communicate to log in just at that location I have. Account in my client. That allows me to get into all of the client agents that's more of my domain account and I can use that wherever need to and that's. Just kind of the basic breakdown win I'm building my client's location. I'm gonna have my client that's can be my company. Arm and a breakdown different locations. Just so I know that each computer that I'm going to the add to that location. That they can see each other So I want to make sure that I can ping them I can issue commands and they can talk to one another. That's just the basic breakdown and the best practice. Of client on boarding is to create my client's location with them obvious structure involved. Once I have. My client to locations broken down. As the next thing I'm gonna take a look at our my contacts contacts I'm getting used for alerting. Rom or whether I'm assigning a location contact client contact or a user specific contact on an agent. I want to use contacts to enable communication. You can see if a kind of look at the different breakdown. I have global contacts that are gonna show up here in my contact section navigation tree and then I'm going to have. client specific contacts that I can assign based on that client. Now I have my global contact let's go ahead and create another. So now I have a global contact gonna have a couple different a webinar contacts that I can associate during different levels. Of assignments through now LabTech and kind of point out where we want to do that all one of the critical places. Is. On my location. So I can create a contact in you can see here. That when I create a contact at that location I can sign a specific location contact. That's gonna be associated dislocation get any information emails tickets that I wanna push down. We have a lot of monitors associated. And with that we have the ability to send all the emails or ticket configurations. To the location contact so when I populated a global contact and a client contact you can kinda see it's gonna populate the global contact first. And then the specific location contact. So if I build a contact with their email address and their phone number. In I have all my configurations and place whenever I have a problem at this location I can notify the location contact. And that's the power of our contacts. There are mainly used for communications. I can use them to assign to alert templates one monitors are triggered. I can. Integrate with different applications to call the contact or send text messages and I can also use this when I'm setting up a mobile device management if associated with the device. I'm gonna do all of that based on the contact. That I built at the beginning. So you can see here I have my global contacts and I have my costs client contacts. And I can assign those accordingly here I want to notify whenever I have problems at this location. I want to notify it of the contact associated to this. Existing location. So that's very briefly setting up our clients we're gonna have our company's we're gonna sign of the clients were gonna build them appropriately put in all the information. Then we're gonna break down the logically are locations and the way we want to build locations I want my agents that I put in my location to be able to see each other because I'm gonna commands. I'm gonna. Build network probes arm and deploy agents. And I want them to be able to ping each other because I send to command and may be an example of I can't get this season because it's offline. Like can't issue command to that and if it's offline but I do have the ability to find an agent that's in that location and say hey. Send the command to that agent and tell that agent to wake up my body on of the same network me. So grant is a brief breakdown of just setting up our client setting up our locations and building our contacts. Where you're gonna use our contacts in locations leader on so it's a good. Practice is just to kind of get in the habit of when I build a location paid and have any specific. Our contacts here that I want to assign so if anything happens at this location I can notify the appropriate people. So when we build. Our accounts we want to make sure. That were assigning. Passwords accordingly. Because good use this information. Window where setting up and configuring agent deployment settings. Soul when we set up our client when we set up our locations. While we're gonna have existing user names that we can use so when we look to deploy agents. We're gonna wanna set up our deployment default step. So this is set at my location under deployment the now here we have a variety of different groups in the log ins and templates that we can use. Here is what we recommend. As a is I'm just gonna go ahead I'm gonna put them in my all agents group and ominous sign them the default template. Now when configuring this. This is best practice they. Default group for new agents were never avenue region let's go ahead put in the all agents group because that's a group I'm gonna automatically store all my agents and there. Template to include in deployment package we recommend the default template because that's going to be and a and an original template configuration where you're to an assigned. The server address of the server or whatever address you're gonna have these agents into we recommend the default template. That's our recommended best practice it's also automatically associates to the all a transcript so all of these tie together. Now you conceal log to use for access this log in will be used to install the agent as wells to form ministry of functions after the agent is installed. What I do that you can see it's gonna automatically populates. As the username and password I said my client level or any passwords there. Followed by any of my location specific username and password so I have the ability per location. To use a domain account which I set up my client or a local admin account that I set up this location. And that's the the importance of setting up these accounts when I build a new client hey I have an account that I can use for our all the agents here. Maybe individual location whether or not there on a domain. I have a local admin account that I can use and I can push out agent deployment instead the installation files. Obama have the ability to choose from either one of those. So I set my agent deployment settings and we're gonna use these when we deploy agents. Source save that so got my client configured got my location set up. I have my contacts. And I specified by admin credentials so now I'm looking to deploy agents with the configure deployment package. I set that package up my location. So let's briefly talk about we I can get the agent deployment packages. And if I launch a browser. And you can see. For this webinar I created my own instance the name of mind that the end of my server is LT CP dash onboarding dot hosted dot com but put that number put that name here and it takes me. To my web the control for this. server. And you can see this main page hey I can download and install the agent from here it's gonna give me a generic installation file. From this page if I download this it's automatically. Going to pull it. Any agents that have that install into my new computers. Our location here. Now if you want to see the actual ID's here it's always gonna throw it into new computers which is by. So if I take the generic install file from here. Automatically. They're gonna throw it into this new computer's location then once it's there I can move it that goes. That doesn't belong in new computers that goes in my webinar location or my main office so I have to manually drag and drop. My agents if I use this generic install file. You can see I can also get the Atlantic and to install the agent on installer and if I need to upgrade my dot net framework. I can download the latest one from here. Now if I have access to my web controls I can log in here and I can give more specific installation files. So blogging mean again you're user permissions should allow you for this. Here I can get all that information just like I saw on the main page but I can also download and install specific. Location packages that are just gonna throw in new computer's location it's actually going to install in place it into whatever location that I assign. So if I want to download it and I want to put in my main office. I have the ability to choose. Might MS RI or my executable now for best practices. We recommend if you're deploying the agent install package via group policy. You're use the MSI file. All other installations. All we recommend using the executable and that's just a basic breakdown between the two group policy aside all other installs use that exe. I can choose that and I can download that agent installation. It's gonna automatically put it to my client my main office so I don't have to drag and drop my agents once I've installed them. automatically download them put him in there. Here's my webinar location and I can do same thing. If I try to do this with setting up my location. Deployments in default It's gonna get and air and saying hey I don't have any credentials or any information to download this install package so if you don't do this first. That second step is going to fail so make sure the reason we talk about setting this up. Is before you deploy agents I need to set up my agent deployment So it's a key step and so. I've got a client's locations contacts I have my deployment settings set up I'm downloading my install packages that I need. Let's briefly talk about. Turning on the network probes were not gonna go a large amount of detail here I wanna just kind of walk through. Here I want to use the network. Probe to discover assets or maybe I'm gonna use my network probe to actually install anything new on my network. So I have the ability. To check the box for network probe it's gonna automatically prompt me to go through the wizard. Now here it where it's very important that I set up my location specific information because it's gonna population all that from. Now this isn't my server that I just built this is our training server because I have all of this information party filled out. And I go through the probe and I can putting community strings in scanning ports. And the best practice is we want to make sure that these two buttons rumor going through the wizard we wanna leave these unchecked. We want to test the network before we start collecting any network device data. Or enabling automatic agent installation on found devices. So your first time through the wizard making sure we just leave those unchecked. When that's finished. I'm gonna notice I'm trying to you turn on the actual the tab. And you can see and a walk through this. So I've enabled the network probe. And you could see the box is now now get my network probed at and here. I can set up additional network probe configurations now we're not gonna walk through configuring network probe but just when the kind of show you. Hey I can enable network probe I'm gonna enable one network pro per location. The reason I want to do that is how many use one agent per location. That's going to kind of in my network if I have any new devices I wanna attract that. In the new agents if I want to set up and automatically install the agent. I can do that from here which is another bigger reason I want to design my location. With the fact that I want all my agents to be able see each other because I'm going to be in my network and I want to build my location accordingly. If I don't have all my agents that can ping each other that can talk to each other. That I don't have a network probe they can actively pull information discover devices And ultimately automatically install agents if that's how I want to configure my network pro. So I'm gonna have one network her location it's gonna actively scan. That location. And if I want to I can automatically deploy agents. I can discover devices and enable S and MP on these devices and kind of see what's going on with in mind network. Her location if I avenue devices there here. In my training environment don't have any but you can see a set up my pro and scan my network if I Have all my agents talk to reach So. We got everything set up we have our clients locations contacts where get ready to deploy agents are right cool we have the agents deployed. Now let's talk about assigning a service plan to each client location. Now this is very important. That's we talk about how all we recommend doing this. And to get to assign a service plan gonna go to our location we're gonna go to our ignite have been here my service plans. Right in this section. Now we recommend. A signing a service plan one at a time I don't wanna go through all my locations if this is a new installation of LabTech I don't want just turn. Everything on for everybody right out of the box. Because I kind of want to do this in steps in phases. Hey let's take one location. let's enable a service plan for my servers. Let's turn on on boarding oh let's make sure everything's configured I'm taken a look at everything I know exactly how it's gonna react. Once I tweak it I know exactly how everything's getting applied I know exactly how the tickets are coming in how I want to handle them. All right let's move on to my next location so it's very very critical commerce and you wanna have. With your tax and with were partner base. that we're gonna do these one step at a time. Now I'm gonna pick. service plan for both my workstations and servers. Using this as an example so I'm gonna just start out by covering servers. And for now I'm not going to assign a workstation service plan. Now one key concept that I wanna point now if I'm not assigning this service plan to this location just yet. I'm gonna first try out servers on the make sure everything's configured. It's important and that I don't leave this not selected that I this to by leave it to not selected. Our onboarding process is gonna say hey. We saw you're setting up this location. But you didn't make a selection for your workstation service plans so that's one way I can kind of quiet down some the alerts that I get. Hey I know that I didn't choose a service plan I'm gonna go ahead and set that to none that allows me. And not get an alert saying hey I missed a step. Only focused on my server right now if everything goes well hey I'll take a look my workstation service plans. And see and it and take it from there. But from this. Vantage point arm and a focus on selecting a server service plan. And you can see I have a bunch to choose from out of the box. For here 24 by seven that's gonna be my most advanced service plan. And this is what I'm gonna assigned to my servers. Know before. I enable on boarding. I want to know what this service plan is going to do to my servers. And more important We assigned our monitors based on our service planes out of the box so when was sign a service plan that's where most of your tickets that's where most of your noise is gonna come from. So it's very important when you're researching your location and what service you were going to offer. Your clients. Is to kind of review what this service plane is going to do. Now at this point I'm not gonna break down every service plan but we're gonna break down just the server service plan and show you what's gonna happen. So with my service I'm going to groups service plan here my windows server service plans and here's my minutes 24 by seven. So here is the one that I'm going to select. I selected here we have search is in place that looks for criteria and it's automatically. Going to join it. To this group and you can see here's my is 24 by seven group and here's all the things out of box. Then I'm going to get assigned to all my servers at this location. If I have any scheduled Scripps which we did you run an agent maintenance contract. On this group by. More information you keen look at this script and see what's going on but that's just a regular script. That pulls information from the agents each day at 601. More importantly is focusing on my internal and remote monitors tap that these are what's gonna create a majority of my alerts majority my tickets and get all my emails. You can see on my windows server managed 44 by seven service plan. How do you monitors are turned on out of the box. You concede they say enabled. That means that these monitors are turned on as soon as I put my servers in this group. I'm gonna these monitors and they're gonna start creating tickets they're gonna start. Creating alerts and some actions are gonna try and auto certain. Events. So it's important that win you're looking at a signing a service plan. Bigger kind of opening up each of the service planes and take a look and see what's going to happen when they go on to this group. So I'm looking in my service plans for servers breaking down the 24 by seven how it differs from the eight by five. All of a vote monitors that are enabled the alerts that are assigned to them whether creating tickets. And just what's gonna be turned on out of the box so hey I wanna take a look at this till I can expect. How much noise I'm gonna get it from this group. So our 24 by seven. Those are more advanced service plans those are typically given a create the most noise. So I just wanna kind of review all of the monitors everything that's turned on by default. Maybe I don't need some of these I can start disabling in the no I'm not need them. Maybe another reason why am one location at a time is I want to see what these do you. Are right I'm to LabTech I don't know what all these all are. I'm gonna set up a location I'm assigned the service I'm gonna go ahead enable on boarding and see what happens. I'm gonna take a look and see how many monitors are triggered how many tickets I'm getting how many alerts and that I might take it from there oh I don't need. These to be not enabled maybe at that point I come back through and I see if I can quiet it down. we always weren't you just kind of know what we're getting into you. I'm creating a service plan assigning a service plan in my location I wanna know what it's doing. So I wanna go to the corresponding group of one open that service plan and I kind of want to take a look at these tasks to see what's actually going to happen. My internal monitors these are running checks on values in the database. Remote monitors that these are actually getting applied on the themselves so I have two sets of launchers are kinda wanna take a look at my internal monitors in my remote monitors. So I have a lot of different actions going on here where monitoring specific services. And different performance monitors and I'm creating a lot of tickets. So I want to know hey when I put my servers in this group. How much noise is gonna get created so I just want to be ready for that and if I need to adjust it hey I know where everything's be Also with our 24 by seven and eight by five service plans. Then they're gonna put these agents under contract. So MSP contract group that's going to allow. These agents to go in to server role detected groups. Patching cover under contract and that's gonna allow them. To by default using ignite. Our 24 by seven and by five groups automatically. Have these boxes checked so. I would do some research kind of take a look. If you're warning all your servers to be in the appropriate server role groups and if you want all your servers to be are covered under contract. putting them 124 by seven RE by five group is going to accomplish that goal. So I've taken a look. At the service plan I've made my determination. Our right I'm going with a 24 by seven. right that's how I'm going to assign these servers to that service plans. My last step that I need to after I've reviewed configuration. Is to enable law imported. Enable on boarding is allowing the on script to complete a wide range set of tasks on the agent. So what's gonna happen is I'm gonna throw him into an on boarding group and I'm gonna on my on script and that's gonna do are a number of different things. So I save it. I've enabled on boarding. I've looked to my service plan excuse me a look to my service claimed that's the one I want enable onboarding I'm gonna save additional information up here. What that's going to to you is it's gonna kick off my onboarding script. And I find that here. And basically. This is gonna run at the top of each And all that's going to do is actually a bunch of different scripts. I'm gonna run initial system configuration script. my server role detection script that's gonna go through run on all my servers and only my servers. And it's gonna go detect what roles are enabled on these servers. During also if I want to windows update set if I don't have patching set up it's gonna try and download the windows update agent. And then if I want any installations. Of software. I'm on this system I'm gonna be able to do so. I have my. Service I enable on that's just gonna pull all the information from these machines. And kind of set up a data recovery or kind of a database update hey to go out. these machines from a server roles on the pull all drive information software information on the do an initial system configuration. And kind of set them up. And then get all the information accordingly. And then at the end of it market this agent as successfully completed the on boarding process so onboarding his complete. Once on boarding is complete that allows my server service plan assignment. If I don't go through the on boarding process. I will not join. A service plan. Because if open this up. I open up an agent once I've successfully gone through the on boarding process I check this box all right. Once this box is checked all of our service plans. Look to make sure that our has successfully completed on boarding so you can not join any of the service planes assigned the location. Until on boarding is complete. So very key concepts that are. That I want to review my service plans once I've reviewed and I know exactly what our going on. I'm gonna go ahead I'm gonna enable on boarding and all my agents. Are gonna go through the onboarding script. Once it's done that to complete successfully. Pay I'm gonna go ahead mark that is his complete and then I'm going to join. The service claim that I've assigned here that's gonna give all my monitors. That's gonna get any scripts that I am running on my service groups. And if it's server. I'm going to also. Break it down and throw them specific server role groups. That I have built in. Under windows server service plans I have server groups. I'm automatically detect the roles. And I'm gonna throw them in the corresponding groups on these groups I'm going to then assign different internal or normal monitors based on their classification. 20032007. Exchange servers any server domain controllers all these different files. Hey. Ominous sign differ monitors accordingly. So that is where were up to this point. We have our clients locations contact specified our admin credentials or deploying agents once we got the agents installed let's go ahead let's pick a service plan that we want to We've gone through we know exactly what's gonna get applied based on internal monitors remote monitors any scheduled Scripps. We're we've configured our service plans accordingly the next step is to enable onboarding and that's gonna run through the initial configuration scripts. And it's gonna marker agents is on complete which actually allows us to join our service plans. The next thing we do is or gonna configure ticketing and or maintenance periods for our locations. Now. We know that a lot of our partners are integrated with the PSA so most of your ticket configuration is going to be done with in the PSA. If you're looking to integrate or use. LabTech ticketing configurations. Most of that configuration is going to be done with in the sport. I going to dash export a config screen in here's my ticketing configuration. Subjects. Here for initial sticky configuration subject filter all of this information. Ticket message control how my controlling these messages. If your integrated with the PSA probably gonna disable all these because you don't want them created within LabTech. And sent over to your PSA Easter egg may be looking to dis able all of these features. Also I have my default ticket categories. And we're they are going to show up. And basic ticket email notification and ticket messages hey here's what the user is going to see. When they put in a ticket whether they're sending an email or through the tree. Option on there agent the that we can kind of customize this accordingly if you wanna just the ticket messages. So all of this information is available documentation but just want to point out if your configuring ticketing whether or not you're using PS say you're probably gonna start here. You can also take a look at your ticket priority here. Com and we also have the ticket tab which is actually gonna show you all the tickets but there are some. Our configuration settings within the dashboard you're probably gonna start here with ticketing and handle that information accordingly. But you're gonna set up your ticketing you're putting your. Whether. The user is coming here and creating a ticket from here or you're getting them from monitors and so on and so forth that's how you're gonna handle ticketing. Within LabTech so. Were setting everything up now. As tickets are coming in our right we have our policy set were taken a look how are these gonna get filtered comic and categorize them. And so on and so forth. We also have the ability. To set up location. Based maintenance windows. And that is a client I wanna location. So back to my deployments and maintenance windows are assigned I am scheduled to perform maintenance. Aren't so I have designated day for this location I'm gonna perform some maintenance. Maybe it's just a on every Saturday I'm gonna reboot your servers early Saturday morning. So I know that's gonna happen I'm gonna go ahead I'm gonna put all of these agents in a Saturday maintenance window. And what that means is by. And they all started 12 AM and they run for 500 five and a half hours or 330. Minutes. We're just gonna disable alerts. Hey I'm performing maintenance maybe I'm rebooting your servers I don't need a lot of tickets telling me that these agents are offline. I know they are I've scheduled it out. So I'm going to Saturday. I'm going to disable alerts and amber from 12 AM to 32 to 5:30 in the morning 330 minutes. If you want to adjust these all you have to do is open them up and coming here. And adjust the time you want to start. These are deep fault settings all of our maintenance periods are all set the same start at midnight. Run for 330 minutes they can be adjusted or Ukrainian. Create your own window. I can create a new frame hey this is specific. I'm gonna run from three. am and I'm gonna run for 120 minutes and I can save that and assign it. So webinar started 3 am so I'm gonna disable alerts from three side of the If I want to assign it I created and then make sure when you created you come back and assign it accordingly. One thing I also want to point out here you're adjusting this. I can disable alerts I can prevent from running during this maintenance window or I can do both I can disable alerts and scripts. This functionality. In order to disable both alerts and scripts I have to select everything. One thing you don't want to do is this this cancels all of them out. Don't multi select any of them. Just if I wanna do just alerts pick alerts far want to do Scripps. I wanna do both alerts and scripts I want to change that everything. And that gets that accomplish but I have the ability set up windows for specific locations hey I know. I have specific maintenance assigned to this location. And go ahead put him in a maintenance window at this location. Moving further as you progress. There's three ways I can assign maintenance windows I can do it here at the location. I can decided to group level and I can also do it at the levels so this is just kind of the first step. The you have the first configuration. Point where you can assign a maintenance window but this is one of those steps if you have scheduled maintenance you're talking about your service level agreements. Hey I'm gonna reboot all your servers once a week let's go ahead for this location I'm gonna do it on Saturdays different location may do a pick a different. Day of the week so I don't have multiple servers going down in case I have a problem I can assign these maintenance windows based on location here in my location in my deployments and defaults here. So that is our initial client on boarding steps. We're going through we have our clients we have locations we have contacts were setting up agent deployment we found our deployment packages. Were setting up our network probe. We're looking at our service plain assignments we're checking out the configurations of or service plan what what goes on group. Then we're enabling onboarding that runs through our initial system configuration it runs through a bunch checks. It server role of the Texas server roles servers. We have all this running. Hey we've got the base the cork. Off functionality. Of LabTech aside so we have that built. The last step if you remember back to our presentation. Is configuring additional features. Once I have the baseline set I have kind of everything configured. Now is when I go in and I set up additional features they in in active service plan. Are right cool now I can go back and I can configure patching. So are coming here and are right I've set everything up amend my service plan are right now this is where I can come in in if I want to I can enable patching. Maybe. Now is in eyes look to you set up AV management. Or this is were I'm kind of customizing any monitors that I've assigned my service plan. Hey I want to go back through and I want customize them I wanna create a copy don't apply them a little bit differently but that's kind of the last step in our eleven step process. Hey let's set the baseline let's get all these configured specifically. To work moving forward where I have my location set up I have my contacts I have might. Password to them in the use to install software to deploy agents once I get all the bases. Base all my bases covered. That I'm going through and I'm configuring additional. Lab tech features. And advance. His client on boarding. Now with the ending night eleven step overview I know this is a long topic but there are eleven steps and there are a lot of pieces to it. Have a great day.

  10. Tunnels and Redirectors Theory of Operation Support Webinar

    Fri, 3 Oct 2014

    Hello and welcome to today's support webinar. My name is Chris grant member technical trainer software today I'm gonna go over tunnels and directors and the basic theory of operation. Today's agenda is gonna look like this we're gonna first talk about basic configurations. Some port forwarding features that we need to take a look at. How to log into the control the via HTTP or HTTPS. Using your cutie in or the and IP address of your LabTech server. There talk about user permissions because we're gonna need to grant your users access on the client side in order to view NC commands and allow redirect her and peer to peer communications. Then more and take a look at our dashboard settings and these arc tunnel connection options so most this information we don't really recommend changing and talking to member of our support staff but there is of very important feature here that we wanna take a look at. By default we have tunnels who picture for utilizing tunnel communication. is that we enable that right off the bat. Then we're gonna talk about how basic three directors connect what is the process how is it communicating and so on and so forth. We're also gonna take a look at how tunnels connect. And how that differs between. And then lastly we're gonna talk about troubleshooting. And give you a couple of ideas of what we're looking in a couple things to check. And it will jump into the control Centre and take a look at all of this information. So let's go ahead. Aimed at jump right into it with our basic configurations. So LabTech only needs to TCP ports of the forward it to the lab takes her for basic operations that the firewall that the let server and remote offices are configured. For more advanced options you may want to use SSL and in secret connect their for these ports will also need to be forward. The following ports need to be forwarded from your win IP to your server port seven ET CP for director communications without tunnels. Port seventy to 75 UDP for tunnels and re directors. We also talked about port eighty this is for EC TP normal communications. And of course we 443. For HTTP. SSL in the morning. Normal communications. We also talk about ports 40000 through forty. 1050. TCP TCP connecting via HDP or to use and see from the web control center. Open ports beginning with 40000 and ending with four times a number of total technicians using LabTech. Example their 25 technicians then their 25 times for hundred simultaneous sessions so 40000 through forty. 1100 should be open these ports are also needed for mobile devices if you plan on using TNC. Port 40000 through 41000 UDP tunnels and redirect or only when advanced routers are blocking and not at server at client and of locations or where the router in front of the control center. His blocking so all of this information is in our documentation. And these are kind of just prerequisites and kind of some things to look. At if you're having issues we want to make sure the communications open up so we can kind of remove that from our troubleshooting steps so again you look at our documentation you can find this information in there. Now we're gonna talk about just basically logging into the control sooner so room where initiating our reader connections to. Outside agents we make sure connecting correctly. So what we're looking at here is for CTP you can use your. FQDN of your server you can the example here that I have HTTP. Colon whack whack LT training dot LabTech software dot com that's our training server. I can also use the wing and IP I know what that is hey same process applies HTTP. Colon whack whack and then there's the public IP address or IP address that there. So that's how I want to be able to that's gonna want to log in to the control sinner from my workstation. Another thing we want to take a look at our user permissions. So permissions must be granted by client. If you go to your client you open up there and you go to permissions tab. I'm gonna want to select a user class. And these are the four. Items that I want to make sure that are enabled for my technicians. Allow redirect to remote control. Allow peer to peer tunnel and ability to view and commands. So when I open up a client issue it looks something like this. Here's my client here's my permissions my user classes over on the left. And then here are of the access. Permissions that I want to make sure that are enabled for all my Marie directors communication. So let's go ahead and let's jump in and take a look. At this information. So here are bring in my control sinner and you can see right here I'm connecting. The via my FQDN. It'll always show me how I'm communicating I'm connecting HTTP and then FQDN in my server. On the flip side. If I'm connecting via the and IP here's my HTTP. And the IP address of mine LabTech server so don't mean that anymore I'm going close in advance. So that's how I'm logging in here's my client. I open that up I go to permissions tab and here you can see I set up user class. Specific form my client and here's view command sync commands allow redirect allow her to peer tunnel so this is the user class that I want at a minimum for. For tunnels and redirect I want to some basic commands. If you want to create a new and or add that to existing ones you can always do that. As well you can see when I add a new 1 am gonna have any thing if I want to grant access. Four tunnels and redirect work I'm gonna wanna set these permissions accordingly. So Basically logging in port forwarding though I'm not gonna have access to get into that from here but that's something you can take a look at when you're going through. This information. Hey how on logging in HTTP or HTTPS and FQDN or the an IP and only make sure I have permissions set up so that's kind of the first part that we kind of want to talk about. Hey I need to have access and need to have ports open I need to give my users access to be able to initiate means. They can initiate commenced and I'm pretty much dead in the water. So as we come back here now gonna talk a little bit about tunnel configuration options and some of the settings that are in there. By. To the dashboard configure Ted to the DNC ticket priority and actually an evil tunnels to allow communication open. You're gonna uncheck it tunnel disabled and click save tunnel configured to enable tunnels. less troubles during shooting or deploying a work around the remaining option should be left at default settings as seen. That's kind of what I mentioned earlier. If you have any reason to change it weeklies. Always recommend you contacting lab tech support you walk through it together to make sure everything is optimize. The options here controller what ports tunnels communicates over. The size of the packets use or you and the tunnel shut down time and various other settings. So if you go into your dashboard you can see under configured VNC ticket priority I have this tunnel configuration section right here and blow that up for you it's gonna look like this. Now you can see right here that are highlighted tunnels tunnels this enabled because I've that box out of the box if you don't do anything. with your. Configuration. In this will be checked so you want to make sure that if you want to be able to use tunnels. You're gonna come in here and uncheck that box and you're gonna save tunnel configuration. One more time I want to highlight this period each settings should not be changed unless directed to by lab tech support so these are the default. settings if you need to change in please contact support so you can walk through and kind of fun all the optimal. settings for your environment. So let's go ahead and into our control singer. Here's my dashboard. You can see go to can I go to ticket priority. You can see that parity have tunnels disable but that's basically what you're gonna look at if you go here for the first time tunnels are gonna be disabled. Our want to uncheck that box. And save tunnel config so just know that. All of these different sections have their own save button so if you're making any changes with a tunnel configuration make sure you're hitting. That tunnel that's safe tunnel can it. Can always go back making sure that everything. Saved correctly. So there's that information so now let's talk about. How basic read directors connect and this is non tunnel related so here. What's gonna happen is from the controls and machine in the agent both end points initiate a connection with the server import seven ETC he wants the connection is made communication data through the LabTech server over port 49152. To 65530. Five once a connection is made community communication data relates the LabTech server. Over these ports both in points recognize see the connection. To the lab server. Now can't show you actually this communication but I have a handy a little screenshot. Presentation here you can see I'm using the server kind of relay the information so I in my control sinner and I have my agents of the controls Tries to initiate communication goes to the server and over to the agent and communication flows through the server. Now on the flip side. How tunnels connect. So from the control machine in the agent. Both do an outbound requests on port seven DUDP to the sun dot server dot com and perform the connection handshake. So once the connection is negotiated all communication takes place between the two end points. over 40000 to 41000. Beauty he. Now take note that no server connections are used here. And kind of what that looks like here so we re direct. Information through seven UDP to the stunned not LabTech server dot com this is all done. Default tunnel method UDP hole this is what we're gonna do organ initiate the handshake. We're gonna say hey I wanna talk to this guy and I want talk to that guy okay we're gonna use the stun server. To negotiate that communication and then you can see it's gonna be appear over the UDP ports. Now for whatever reason. If this connection fails UDP ports are open we have a firewall issue or anything like that. The automatic fail over is to use TCP relay and in that situation from the control machine the agent both an outbound requests on port seven ET CP. To the server to initiate the connection. Once a connection made still gonna have communication data relay the server over. Ports 49152. Through 65535. TCP. Now the thing is that neither endpoint recognizes the connection to the lab server it's going to be a transparent relay. This is gonna be simultaneous. It's gonna try the UDP doesn't work it's gonna try and fail over to the TCP relay. Our tunnels connect we're gonna try that you DB connection first if that fails for a reason we're gonna do the fail over that. method which is going to be the TCP. Relay and that's how the basic communication. Works for this setting. So. The main thing we wanna do is our right I can't see this connection may be able to track it so. We're gonna kinda talk about some troubleshooting we're gonna kind of jump into and out of the control Senator kinda walk through a couple different ways I can trouble shoot some of this information. So we're troubleshooting may be work troubleshoot performance. Or it will not connect the first thing we wanna kind of take a look at. Is whether or not it is a tunnel connection. if it is we're gonna wanna bypass the tunnels by holding the control key selecting. A redirect enter. If a non tunnel connection performs better than a tunnel connection the problem is likely a firewall or configuration issue or an AV issue. Something is causing problems with UDP traffic. We also wanna make sure that the users logging into the control using HTTP or BS. And not mapping port 3306. If it's not a connection the tunnel connection and then we're gonna try to enable tunnels and try again with a tunnel connection. If this works then something is interfering with the TCP traffic between the controls and machine. And the server or the agent to the LabTech server. We also. When the test from the lab server possibly controls and workstation and another control workstation outside of the Atlantic server network. Just to see if the behaviors are different. Also tests to another client location to see the issue is client specific. This can help determine which side the connection. Either through the partner or the client is having the issue. If the issue appears to be global troubleshoot this systems or the firewall. If is client specific pay or we can narrow it down to specific client. Issue and that'll help us narrow down the problem. So. Basic. Communication here I am back in my control now Alba the ways I can test is I can pick a machine. And I can tell whether or not I'm going through a tunnel. I can come here and I basically are any connection I want to use all disuse C. Win the issues advanced. I can see this this window here indicates that I am connecting via a tunnel. So here you can see my command is pending and I'm waiting to see if it will connect. Now here's where you're gonna kind of check the timing. Is this taking a long time I'm connecting over a tunnel I am waiting to see how long this is going to take and then. Or gonna kinda time and out accordingly now you can see it's trying to run Latvians C initiating communication. And now I'm kind of just waiting for the application to run an open up the that. So now it's running C now I'm connected to the remote here so I can see hey how long did that take to connect. You can see all my other screen and dragnet and I have a connection. So getting connected I know that hey something's working correctly. Or one quick thing you can take a look at is a cover here and I hold down my control key and then click. I'm gonna pull up my tunnel information. See you concede a here's my here's my UDP port. And you can see hey using the TCP relay connection through the server so here I may want to take a look at. Any communication issues if I don't see this information. I can kind of whole control I can see this information accordingly that'll give me my tone information that's gonna help me with troubleshooting hey if something looks. Out of of the ordinary I'm not connecting correctly. I can take a look at this information and see what's going on. And you had the ability copied that stated to the clipboard if I do that. And then. Just easy I open up mind notepad and I click paste and boom I can store this for future use may one inch checked. Different applications one information is going through that's another way I can troubleshoot. So have that information. So I have my deviancy connection let me go and close that. If I do and I wanna make sure. That I'm closing my tunnel. If you have an issue. And you have a latency or other issues one thing you also wanna check is how many tunnel connects in my using. So my connecting to a bunch of machines all that could be another area where I could take a look at. I connect to one machine I've done my work I want to make sure that close that out and also close the tunnel so I don't have multiple tunnel. At sessions open at the same time. Now to bypass tunnel and kind of see are identified by past the tunnel let's see if that's any quicker. So what I can do is I can come back come to Murray directors and here. From here I'm gonna hold down my control key and I'm gonna click Latvian C you can see it's still gonna asset. And there I issued that command now when I hold my control key I'm bypassing the tunnel so you don't see that communication. So now you can see was that quicker. Yes that was you should command I connect a lot quicker some may be bypassing. The tunnels is the way to go so if I'm having issues with the tunnel taking a long time. Hate let me go ahead and troubleshoot. That information if I past the tunnel and everything is better. And then I can kind of near where my issues are. Also one thing you can check is here in the status. You can see hey I'm redirect ready connecting he can actually show you. All the commands and I'm sending the day here's tried to do twice. But here I can kind of track all the information all the commands that I'm sending so we're talk about troubleshooting we want to make sure can I connect. Can I use one method over the other if I'm using tunnels. Is there a delay is there problem yes there is because if bypass the tunnels it's a lot quicker so maybe I don't wanna use tunnels. Or maybe I wanna kind of run checks between the two. So usually a non tunnel connection performed better I said. The problem is likely a firewall configuration issue or an EV issues so that's what I wanna kind of focus on. When running these tests as always you have any problems we use contact. Our support department so they can kind of walk through what's going on. Now we also can test the NTU. Information. By pinging the public IP of the aging network with a dash says from the well so that's gonna look something like this a dated eight dash F dash L 1450. If this returns with fragment lower the 1415 does not then set the MTU size. Where we just looked at the desk or configured B C ticket priority. Basically what we're gonna look at here is I'm gonna go back and machine and let's see if I can pinging. So go outside the parameters that we currently have set the default setting is 1450 and again we don't recommend changing unless you're talking. With our support department go outside that range needs to be fragmented. But if I kind of take a look at SS. And I want to set this back to my normal range or if this continues. To fail. So here I'm using to prescribe brings a recurring we have for whatever reason that this is failing and then all what gonna end user to lower that number. Until it doesn't. Return with the value and then we're gonna go back in number and set that into you accordingly we're gonna go back to the desk or configure C ticket priority. And the change that setting so here I use 15100 not gonna work but I go down to what our default setting is. And boom I give a reply. Everything is sent and received I don't lost packets so that's another way that we can kind of troubleshoot and test. About to make sure the MTU. Values are correct. the last thing is. Is it application specific sol we're gonna talk about here if tunnel non tunnel connections are working or for whatever reason you do not want tunnels and able. And then try several redirect applications to see if it's out specific. What we're talking about his take labs the C works fine but RDP does not so is it RDP configuration issue let me take a look at that. If none of the directors or any of the communications work in. Then all we want to make sure that LabTech on the latest version we definitely wanna contact lab tech support to see if everything is set up correctly. And these are our basic troubleshooting. Guides so here's primarily what we want to look at its. So we're taking a look is it a tunnel connection if that is hey let's try bypassing the tunnels by holding down the control key it's not let's try enabled tunnels and try again with a tunnel connection. So we want to make sure were using the most. You know efficient means to communicate to our agents for and you bar or read directors that we have available. Now I know this is lot of information. but we have a large number of knowledge base articles that can help you with troubleshooting. Now I know I'm gonna bring a lot of information on the screen. And I know this is overwhelming and I also know that you're not able to click on these links so. most of the webinars that I like to show you is how to get to all the information and I just talked about. You can see that I have a lot of information here but you don't need these links which you can do what I recommend is causing this video and taking a screenshot of this information. And this could be a very quick link that you can use when trying to access this information. Now what do I mean by that so if you take time and you jot down a couple of these let's say I have 66. 88. That is the knowledge base article reference number that's gonna talk about proper configurations for firewall All right I also want to look. At you know tunnel issues affecting control 5784. So I really only need. Than the into numbers in order to look up the ease of articles. So if I come in two. Our documentation page. And here we are I can do a quick knowledge base search and I only need the reference numbers of the actual article so if I type in Boom I can go straight to that site and here is my proper configuration so VNC connection since. Here's my total configuration. Here's. what we. But typically recommend other configurations. Here's firewall at your clients in front of the server hears that information. So I have a real easy way to kind of get to this information it's. If I wanna take a look at my other option which was 5784. I only need to know that number and I can quickly get to this. So tunnel issues affecting control And I can kinda take a look at use case if this is the issue hey here's what I to try and resolve it. So our knowledge base articles are a great tool for you to use so were written. By our support subject matter experts they have a lot of information and they see a lot of issues so they have direct. Direct ability to create these articles able to our partners out. If you want to just looked at all of them you can just type in tunnels in here. I'm gonna have 32 results and here's going to be tunnels and read directors and it's gonna cause show you you know all 32 that we had. So if you wanna kind of take a look at these hey here's my user permissions as you can see that's actually where I the information for actual slide deck. Is looking at these KB articles so we went through we kinda took a look at these got the most pertinent information so we could have that information for you. For this webinar but all that information is going to be here. You can access it real easily it's. Also don't forget our regular LabTech documentation page. Where you can find all of our information using LabTech. All the way down the bottom we're gonna break down starting to redirect or starting a tunnel. You're gonna see the here's how do you here's where I'm gonna initiate the tunnel and we have all that information accordingly. And it also breaks down all the different after that we currently have and how to use them so a lot of good information here. And also we mention about port forwarding. So if we come to getting started and installation. I go to my prerequisites here's where it got that port forwarding information. So here's of that information. As a reference to you can also always take a look at port forwarding. And you confine that information here pro and make sure that we're giving you enough information. There were talking about. Different ways that we can but due information we also have here in tunnels and directors we have trouble tunnels. So here's a lot of information for you so you know here we talked about. Our basic configurations we went over port forwarding we talked about granting user access so they have the ability to initiate these commands. And we also talked about the right way to log in the controls use an FQDN. Or your win IP within took a look at how basic read directors connect tunnels connect. And if we have an issue with one of these connection poll how we gonna troubleshoot it so we looked at the different areas. There. And basic communication. So come in here here's kind of what we talked about. Here's my basic. Three directors here's my tunnels and here's my troubleshooting aspects now here we have. All of our knowledge base articles. We're trying to arm you with as much information that you have in order to accurately troubleshoot this information why it all works how it all works. All the general information with tunnels and redirect yours. Okay thank you for joining today's webinar you can sign up for our support webinars at support dot software dot com. For additional training opportunities like becoming certified lab tech professional please visit us on the web at software dot com. For slash training. Thanks have a wonderful day.

News Feed

Failed to load the news items.
Click here to retry.
Still not working?
Click here to report it.