{{ $GlobalService.$LoaderService.loadMsg }}

Please log in to view this menu.

Your Alerts ({{ $GlobalService.$FeedService.itemLists['userAlerts'].length }})

{{ alertItem.created_date | date:'medium' }}

Welcome, {{ $GlobalService.$UserService.userData.fname }} {{ $GlobalService.$UserService.userData.lname }}

You are not logged in

LabTech TV

Client Health Report Support Webinar



  1. hard drives29:59, 30:03, 30:54
  2. operating systems18:05
  3. Joseph Smith20:57, 21:06, 21:13
  4. pre configured8:42
  5. virus scanner10:42, 11:17
  6. Knowledge Base articles36:08
  7. CPU usage16:39, 16:59, 17:03
  8. tech software16:13
  9. support channels23:46
  10. individual system22:17

Automatically Generated Transcript (may not be 100% accurate)

Hello and welcome to this week's support webinar. In this week's webinar we are focusing on the Client Health Report. Before we get started I want to make sure that everyone is comfortable with their virtual environments. In the navigation control window of the webinar you have the ability to ask questions. We will silence all communications during the webinar and use the questions window for primary interaction with the audience. We will conduct an overview then move into a demonstration followed by our live Q&A session. It is recommended to send in your questions as soon as you have them. Thanks for joining and let's get started. I would like to introduce our speaker for this weeks webinar, Bill Hennessey. Hello my name is bill Hennessey. And welcome to lab tech support webinar on the client health report. In this webinar we're gonna talk about how to update the current health -- Scripps. Will take a look at the health report overview. And we'll take a look at how the scores are compiled. Before we begin need to make sure the we have the right server control Centre version. In order to update to current script -- -- have version fifty point 170 install. You can find -- at support dot lab -- software dot com. Or I actually found mine on my RSS feed. In order to acquire the new. Daily health -- scripts and health reports will need to get them from the lab tech marketplace. To go to the marketplace you'll need to make sure that you're on your control center server. And go -- the tools. And lab tech marketplace. -- and it opens. So from here. Who wants you scroll down and highlight. Scripps. And look for. Now this is going -- -- to download other scripts that go along with that just go ahead and say yes. And you'll see them popularly down here. So now ready to update these scripts but we also need to make sure that we update. The results -- going to look a little bit different. So we'll go to. -- We need to walk grabbed. Each one of the -- to make sure we have all the updated Scripps. At our disposal. -- and you'll see that they as well population down here. From here you can go ahead and select update. I already have done this so I will. Move on. The first time your on the daily health check -- it creates all the new properties that dictate how the check performs. Once the health checks script runs increase the properties for even the dashboard. It's a good idea awaited near you -- -- the updated strip improperly gather the data. But for our example I'm obviously not going to wait so -- here will go ahead and schedule the health checks script. Will go to a group I'll select the all agents group. And go to scripts. As -- C area have -- scheduled. According to ignites it is a best practice to have this script scheduled. -- 6 AM. No need to add any parameters. You can't just go ahead and save this. Close that out. Now scheduled to report scripts. From the year will go to the dashboard. Go to management tabs. And -- is scheduled client Scripps. Once -- you can see add the schedule already. However according to lab tech ignites it is best practice to have the scheduled at 1:30 PM every day. This gives sufficient time in between both Scripps so you can get the most accurate data. Every day I need to repeat. And safe. See updates. Are close this out as it's ready. It'll open up my company. -- go to the info tab where these daily health check tab resides. On this -- you have many options. Server -- action workstations failed action. What these are asking is how you want the server workstation -- reacted if it gets a failing score in the health check. Do you want to do nothing do you want to record -- and raise alert or create ticket. It's best practice to at least record the stats that -- go back and add them to a report at some point. Some don't want the health -- record. AV or performance stats. For the servers. Here you can disable that. Same with the fire scanner. This works on both servers and workstations. Here you can decide which reports you want to run. And where you want -- -- to. Please note that it is important to have an email address. In putting heralds there will not be airport. Just some information for you. As you see -- several options here for reports. Full is not the most robust report. There's more information on all these reports individually it supports -- lab -- software dot com. However if you want the most robust report -- clearing now that is simply choose health report. And it's just another piece of information for you if reports -- days. -- tech will default to the most thorough report for instance if you have. Daily reports. Running and a monthly airports running the data at the monthly and the daily report -- -- It will default to the monthly. Make sure you save your work. And close out a client. Now we're gonna quickly go over the report itself. This is the first page in the client health report known -- the summary page. You'll notice the top left has overall client health score information for the day. Your top right has -- OS's. Middle left has what type of devices are detected. Mill rates at the -- -- space status. Bottom left is detected commands applications and alert information. And on the bottom right is the top five and the bottom five -- systems. Here you can see the detailed server report. On the top left is useful server information. Top rated CPU and ram usage and this is for the time period that the report -- Enron in this case it is -- the last 24 hours. In the middle is the record of the checks that -- run and the results. On the bottom left -- prevalence event log -- and next to that is available shares on the server. This is the workstation summary page and it gives summarized information on what workstations failed what checks. And the last page of the report -- a -- So where exactly do we get these scores from. Well -- based on properties their pre configured for you. The values can be modified to fit your needs. Each -- scores comprised of multiple checks each check is assigned a way to. The sum of all health check waits equals the health score. In these can be modified like I said at dashboard config configurations. Properties. And they will look like. What you see below you'll see script underscore DHC underscore and then the value. It does need to be noted that if you are. Making changes in the properties to not change the spelling of any of these properties because the check will -- not give you accurate results. If he do you go in and make changes to the properties I wanted -- -- Get an idea of what shall be looking at if you scroll down and find. The daily health check properties you'll notice that they look like this they'll say scripts underscored DHC -- begin with. Mod or -- and then followed by a value -- Mod stands for modify or and that's basically a -- -- -- threshold. And an example -- that would be a defrag percentage. And that value in there would be 15% so you didn't want to the defrag to go over 16%. And weights are used for compiling the actual score that goes in your reports -- an example of this would be if one of the checks is worth 50% -- the actual value of that property would be fifty and once again you can make changes to these. And it is important to note that if you do make changes to the weights. Make sure that if you have the health check weights and another health check way to make sure that -- equal 100. If you do not then -- report will return strange results. Now let's go through each check its weight and how it scored differently. -- start with the anti virus health Jack. This check will go looking for whether you have a virus scanner. Whether -- definitions are current and whether your fire Skinner auto protect. The feature is enabled. And you'll notice that to each one has a weight assigned to it to the -- scanner detected -- is worth 50%. So therefore if the check runs and it does not to detect -- scanner then your check is already down 60%. Next to it there's an example of the wait that is in the properties for this particular check script -- DHC underscore -- virus scanner found. Now like I said he could make changes to these. As long as with any -- they all equal 100% and as you can see in the -- -- fifty plus 25 plus 25 equals 100%. This chart explains the difference between the old way of scoring in the New York. You'll notice that computer one and -- were pretty self explanatory. Computer one passes all checks and to fails -- -- And in both methods -- new way of scoring and the old way of scoring they would either get 100%. Or a 1% failure. The difference comes in computer three. You'll notice that computers three has a scanner installed definitions are up to date to but the auto protect is not enabled. In the old message computer three would -- for the day with a 1%. In the new message -- you now have a 75%. Now let's say for example you didn't want auto protect and able to be part of the scoring. We would go to dashboard configured configurations. And properties. And redistribute this weight of 25%. As long as it equals 100% at the end of the day you can make changes in the properties. Another important note is that scores will not be applied retroactively when you update your health -- Scripps. Running the checks for weekly health report for instance. You'll have to have seven days of news scores to cycle out the old ones and receive accurate results. And we'll take a look at that here. You'll see that one and two produced the same results. If we take a look at day three we apply the new scoring. 3459%. The weekly however doesn't get the same bump yet because the scores are retroactive it's gonna take the rest of the week to cycle out the old scores. They'll take a look at the drive health check this one's a little bit more complicated. These are checked against each internal hard drive. For example the event -- drive check on a PC with three internal drives. Overall this check is -- 30%. With two out of three drives passing -- this check is only worth 20% -- The checks -- -- here are. Checking to see if there is a minimum drive space free and that's for a 15%. Is it below maximum amount of fragmentation and that's waited at 15%. Does it pass Smart tests and that's waited 40%. -- -- a recorded any dried -- errors. -- waited at 30%. They'll take another look at this chart. You'll notice that computer one and two pass and fail in both methods. Computer three has one drive that doesn't pass fragmentation check worth 15%. -- -- on computer three it's only going to receive half credits or seven point five for the frag check. In the old scoring the single drive would -- the entire computer for the entire day. Drive health checks are giving partial credit. All other -- checks like easier performance are pass fail or full or no credit. Now let's take a look at the virtual computer. Notice the big -- zero. The end to not get Smart checks in the old method this BM would return a sale on Smart and -- -- -- for the entire day. When the new health -- script runs it checks for -- If it returns true then the Smart check doesn't run and -- percentage for Smart is redistributed equally. Among the other checks. 13% is added to each of the other check waits for instance drive space is now worth twenty point 3% instead of fifteen. -- event errors is now worth 43 point 3% instead of just thirty. Here again you can see other weekly health scores applied. Computer three getting credit for the drives that passed and -- not taking Smart -- gives a significant bump once the new scoring has applied. You can see the weekly score slowly rise as we cycle out the old scores. Teachers and health Jack. This -- the event ID is representing a failed login attempt in the event log table. The default for this check is 25 which means that 26 would mean failure. -- you can adjust this in the properties that dashboard config configurations and properties. And there's a list of events that the lab tech looks for at support dot lab tech software dot com. Search how health scores are calculated. Now take a look at performance health. The first checked detects average CPU resource usage over a number of days and this is -- at 30%. The default number of days as -- there's another modify -- associated with this check and that's Max percentage threshold which is forty. So that means if average CPU usage over the last eight days is greater than forty but it fails. The next Jack is the number of hourly CPU spikes. And a CPU spike is defined as the Mac's CPU. Exceeding the average CPU by a certain percentage and this is weighted at 10%. -- -- -- CPU usage. And gets an average every hour -- -- CPU usage goes 10% over that hours average is defined as a spike the script counts how many of those have occurred in the past 24 hours. And if it's anything more than six and it equals the sale don't forget that these can be changed by going to the dashboard. Config configurations. And properties. Next check is to detect the average -- resource usage over a number of days. And this check is -- at 30% to. This works the same as the CPU and uses the same -- fire as CPU with an eight -- default. Again number of hourly -- spikes are rams -- is defined as Macs ran exceeding the average -- by certain percentage. And this is -- at 10% as well once again this works the same as the CPU spike. The last check done here is the minimum OS version and it's worth 20%. What this is looking for is operating systems at XP or 2003 server and above. Here's another example of how the new scoring is applied. Computer three -- checks one and two waited together at 40% -- the new score is 60%. Vs the old scoring which would fail them immediately. And get a 1% score. And again you can see how the -- scoring on. The service health check this checks for automatic critical service is not running since last -- -- Critical services are defined as windows services not drivers and not printers and not on the event blacklist. This check is on weighted so that means it's pass fail. -- take a look at the updates and health store. What this is looking for first is the outstanding critical patches that are not installs. Critical patches are defined. As critical updates and or anything with a critical severity rating. By Microsoft -- has a weight of 75%. It also looks for any outstanding elevated patches that are not install -- An elevated patch is defined as a security update or anything with the severity rating that is not listed -- critical this is listed at 20%. And lasting -- looks for -- any outstanding standard patches that are not installed. A standard patch is something that is not categorized as critical or a security and has no severity assigned to it. This has a weight of 5% to. The way that this is -- it is directly related to -- how many patches are available for each check. For instance if there -- ten standard patches available and you have nine of them installed. You automatically receive. 8090%. For that score because each -- is worth 10%. Here you can see the very large disparity between the old and the new scoring. Computers three has standard patches missing and it would resolve a failing score but not anymore now scores -- 95%. And you can also see what that does to your updated health scores over the course of a week. And as it has been said before the scores are not retroactive. So you see -- rising slowly. It'll take a look at the event health check. This is gonna look for any critical -- from the event logs that have been recorded from certain information gathering Scripps. This check is on waited so it's pass fail in any detected -- equals failing score. At this time I'd like to move to a question and answer session with one of our top developers Joseph Smith. Please feel free to type in your questions through the webinar and jolt you out. Would like to thank you for your participation -- my name's bill Hennessey and notes welcome Joseph Smith joked. This is Joseph Smith from the report developer with -- -- software and address and your culinary questions here we've already got a couple that we're gonna run through so let's go and jump into it. First question was when I go to get daily health checks for from the marketplace. It's listed as having local changes instead of update available how to update the script and that's -- -- Well but we can't do that is that you can just go ahead and check the daily health -- stripped. You'll load in all the dependency is the -- script go to the report you may see local changing on the air and set an update available go hand in just over -- -- and you'll and -- listen tomorrow and the marketplaces. -- update and a go ahead and update -- -- All right so our second question what is the difference between -- health and update helps this is a great question the -- we receive multiple terms -- the past that's part of the reason we update in the daily health check is that you could. Address the concerns that the existence of this difference between actual. It used to be that update -- was more focus on the number of critical patches that -- income on each individual system. If you had at least one credible patch outstanding would -- -- check automatic. Patch help is more focused on the number of hot fixes and patches are available for your windows systems. And we separate them out into three individual levels of critical elevated standard -- this has been -- -- of last year -- -- health impact review reports critic of the -- -- -- see -- patch was not installed and so -- So -- with this release we decided that. Wanted to fix that disparity between up to health -- parent -- partial -- same way. Update health now scores. The same exact message every day that passion health -- so for instance you look at your parents help on Monday that -- seventy check your update help for that day from -- computer is also gonna be at 70%. Instead of a 100% or 1% so you're gonna receive the same exact or that you see on her patch also TC that you're scores low. You insult you catch is you run the -- health reported in -- -- review reported in on that computer you get it up -- -- 95%. For that day the update health will be 95%. So now up to help his shifts from. Running measure of what your parents health has been over the time period for that report. All right so question at three. Hello I just the day of the week in the day of the month -- the health report is emailed us a great question we've had this several times through support channels. You look in the properties list that we direct you to earlier what you believe is the from the dashboard -- you. -- -- And then the properties -- you'll see that there are two properties there -- one is called health report email. -- month and health report -- -- week. Understood it to number values. Of those first one month is gonna be basically matching up -- in -- so if you set that value to -- it's gonna set it on the -- -- she said it's a fifteen minutes instead of on the fifteenth. You have to be careful about when you modify that number is it she said it's just -- 31. Because you want to -- at the end of the month won't not every month has 31 days so she tried to -- -- -- in September on the September 31 that it doesn't exist so people just skip over that instead of nailing it the next day so it's very important that you try to set back to mediate between the first of the twenty. The weekly email day it is a number based off of basic and that number can be sent anywhere between -- range of zero in 60. Representing Monday. So if you set that date due to which can mail it out on Tuesday she said to sixty may hold out on Sunday so on and so. All right so and so the next question. I assume that the updated scripts are already loaded for cloud version of lab -- we actually have not updated the cloud version of web -- for the daily health -- script hasn't yet he's been trying to make sure that a cloud installs are having universalist and that there -- affecting everybody the same time so to make sure that happens right from the -- first so we've held off on that on that version being installed and I believe it will be on the first of them. -- month I will need to double check that so if you have any questions on that you can contact support. The next question was why would you disabled EGM performance section of the reports costs a great question. That would disable section lets you choose for servers only whether you want to cover -- Eighty checks and performance -- throughout the -- process. There are some servers that you would want to disable the -- checks on their some servers he wanted to see what form -- -- excellent. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- System automation folder search let's underscore -- daily health check folder open up the daily health. -- -- And there'll be to have on the right -- you can click on -- -- what you foreign scripts. Will pop up window rebels say do you want to include. All groups in this or something similar to -- question you click yes there until list out all the groups that are calling the script. I think this question might have actually come from an ignore user. You vignali. Agent automation scripts as -- actually calls the daily health -- script it's automated as part of the process within it so. -- questions idea of them. Reports sent email to different people but we've never received -- now what could be causing it not to -- we've had this question coming to support several times it's really difficult for us to tell without taking a closer look at the system it may be something as simple as the way that we entered emails into the health -- email parameters. Or could be something more complicated like -- connection issue with your change server. So in that situation I would recommend contacting support at lab tech and they'll be able to invest -- system walk through with you and see what would be causing them. Station. What can we do about the services war. I'm assuming that -- question is referring to what kind of changes that we make to the properties to table for model fires and waits for services services are pretty much set up the same way that they were before where -- -- service fails the entire -- fails for that day. Now if you have a service says that continues to reappear in your list you can have that service European blacklist. And that'll prevent it from firing your service pork. All right so the next question some of the health reports used to include back up in the health report is that still included if so how -- -- this from the report. Sure in the past is that the report shows 0% for back -- and some clients and are using a back up service from -- that's a great question the backup section of the health report has not been modified from the previous version that's been out for the past year. So we still include this is the way that we have back -- set -- is that that section only runs when we are actually collecting back up data via scripts. I believe there are stats gathering Scripps. In the -- section that you can run that will go ahead and gather that information to -- -- stats table the daily health check is designed to check -- -- and associate with each computer that has a back -- running that's what's actually given us the score for Beckham's successor backup fail. Report that showed a 0% -- backup and some clients -- -- -- -- of service may wanna contact support about that to see if we can find out if there's a script that's pushing the value in for backup health that you may not necessarily want to be pushing in the next question how can we exclude VH DS from health reports. -- is for virtual hard drives. But only exclusion were doing were virtual hard drives this through virtual machines so if we detect that key -- and machine that is a virtual machine system which she conceived fuel into the computer -- screen and in the operating quarter will be about shift to talks -- there's one of -- says virtual machine if that flag is checked -- we -- exclude. Around that virtual machine from the Smart checks are running against the drive. -- We actually don't exclude -- Smart checks we we distribute the -- waiting for that check across to the other three checks so we're basically saying okay you don't wanna run -- its virtual machine because you're gonna come back with false positive so word -- just re distributed and make everything else a little bit easier so that it compensates for the lost amount on that a Smart check. If you have suggestions for other ways that we can detect virtual hard drives or other -- them are being affected by our virtual hard drive for hidden contact customer support and will take that as a feature -- -- access into will be able to change its future. Okay next question daily health check is no longer running after updates. We have any ideas property security missing as well from the dashboard. Like a little bit of follow as we wanna look into that -- I wanna call tech support for this issue if you have downloaded and the newest version of the daily health check and -- Has stopped running those properties are not visible and that means of calling have a problem with the script itself from going through now the properties only appear in the dashboard. After the first time you run the daily health -- scripts what's actually happening in the first couple lines he call me another script called -- properties stashed daily health check. And -- -- goes through and -- the properties table to see if there are any additional properties that need to be added in that may have been deleted the previous day. It also checks to see if you if you have the properties in their at all if it sees the properties in there it's not -- updated policy if it doesn't see that property name listed as an added in. As if she's there with default values so hmmm if you're looking to -- properties you can go in and run the -- properties daily health -- script -- -- that you'll be able to find that under system automation. -- dysfunction is -- of another question do you have a list of services are checked for the service -- we actually do what I can tell you that we filter that list by whether it's -- driver or not it's it's it's it's a windows driver we excluded if its printer we excluded. And finally we look. Look for the of -- blacklist. This is -- blacklist just -- Even 2012 might have been a little bit earlier this event blacklist which you need that the service steps should be automatically running and is coming up the -- -- you run the check so any service that's on that list it is going to be skipped over as part of the -- process. Under tools reporting configure manage risk for. We can change weeks yours well does this do the same things change and in the properties there's also an update client health scores option here to. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- teaching -- some questions user friendly -- the executive summary report in management report are also are actually health reports as part of -- health reports that the executive summary report it is actually the same as the monthly summary report in the management report is actually the same as the Motley -- reports so if you're looking to get those ports are -- scheduled you can go ahead and select those that names won't be the same but they are basically providing the same information. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Scroll all the way down you should see script underscored THE underscore -- -- And there should be a total of five waits for the performance section. Obi -- -- CPU spikes memory -- Memory average CPU average and -- OS version costs you can go in. And and reduces CPU spikes. And 20 and the memory -- -- -- zero. A gesture -- three up bounce between them so that they all add up to a hundred. And at that point you'll have effectively remove the CPU spikes in memory -- from Europe for performance health -- checks will still be performed but they will not impact your overall score for performance. I want to thank everyone for attending this week's webinar. This webinar will be made available both on the forum under Lindsey corner, and on LabTech TV under support webinars. I also wanted to remind everyone about the resources we have available for you online. By going to support.labtechsotware.com we have a variety of educational resources, including documentation, Knowledge Base articles, and LabTech TV. On behalf of LabTech I want to thank everyone for attending and hopefully we see you at a future webinar.

Related Videos:

  1. Network Probe Configuration SNMP Traps Part 3 Support Webinar

    Tue, 27 Oct 2015

    Hello and welcome to this week's support webinar. In this week's webinar we are focusing on the Network Probe Configuration SNMP Traps Part 3. Before we get started I want to make sure that everyone is comfortable with their virtual environments. In the navigation control window of the webinar you have the ability to ask questions. We will silence all communications during the webinar and use the questions window for primary interaction with the audience. We will conduct an overview then move into a demonstration followed by our live Q&A session. It is recommended to send in your questions as soon as you have them. Thanks for joining and let's get started. I would like to introduce our speaker for this weeks webinar, Scott Logan. Hello everyone and welcome back if you joined us last week last week we talked about using. -- collection templates and detection templates to. Retrieve information from S and NP devices. Today we're gonna talk about -- and MP traps and syslog traps both. -- traps and -- traps are automated messages generated from a device that are sent to a target in our case the probe. That contain information. We're gonna talk primarily about -- and empty traps for the majority of this discussion NM attempt to silence the end but the underlying values of what we're trying to accomplish the same. The purpose behind us and empty traps last week when we talked about the prove -- we talked about getting information from an S&P device. That involved T communications involved a get request from the -- to the device. And then a response from the device basically saying hey here's the different the information you asked for. In order to alleviate. Traffic on a network and to. Alleviate the need to quad console inquiry and device are you okay are you okay are -- okay. This concept of traps developed and it originally started as a way. For routers to basically say hey I'm alive hey I'm -- starting -- -- -- about to shut down. They are very useful in terms of remaining traffic on your network. They're useful if you don't want to partner network with traffic or you don't want to use up your CPU cycles on your probe. There is a fundamental flaw in them though that everyone needs to be aware of if you are counting on them. A 100% of the time there are only good if the device is actually on for example -- Router will tell you -- I'm about to shut down but if someone goes and pulls the power on a router he can't tell you -- about the shut down. So it you need to use S and MP traps judiciously also they are UDP packets so if you do not have equality network. There is a chance -- they will get lost. So now let's talk about traps and how they work and the -- tax system. Now last week if you joined -- we talked about -- change the dynamic tracing in the probe. To see what's going on -- collection templates it is almost critical. For you to leverage the tracing that the pro provides when your handle in traps. Majority of the support calls we get ours basically one line messages saying my -- is not receiving traps. Nine times out of ten that is because a firewall is blocking the traps and or. There is a another application on your pro machine that is also listening for traps and it grabbed the port before the probe did. So what I recommend everyone does which is -- that's how our internal support behaves is if you want to monitor traps. The first thing you wanna do is go to commands probes and last week we use the tracing -- This week we're gonna do a Trace dot. And what -- chase dumb does is it basically rights to a log file. And it has the probe basically say hey here's exactly what I'm doing and every piece of X apart -- of code that I really care about. So you can see the tree stump has completed. So now I'm good -- -- machine. And I won't. Refresh. And UCF file LT probe traced -- Sorrento open that look and we're gonna see. Inside is the excuse -- thing EC probe traced -- performed C didn't know you get a concept -- doesn't work. And then you get information about threats for those -- don't know a thread is a separate path of esque execution -- program. And raise the topic can see here's our syslog listener. And the into what you want to focus on is seen in packets which is one. What that means is since the pro has been alive. It's gotten -- -- are trapped and then underneath that you can see that's an MP -- listener. And underneath that you're gonna see in traps for that means that since the probe has been alive it's gotten four traps. If you think that you have a device that is sending traps of the probe. You want to look at this -- up -- in traps value zero that means the traps are not getting to your machine. If you have another device listening on the UDP port for traps. You'll see something along the lines. Tracked listener shutting down because could not listen on port. If that is your. Concerned typically what we do is we do a netstat dash -- in being. You can see right here. -- see UDP. Port 162. Is the LTE service that's the most -- C two's the S and MP -- listening port. -- -- -- the LTE service application is the application that is listen on that port so we know we're listening wants listening for traps. So. We've actually gotten to the point where we have we've verified that our probe can. Received traps effort -- this -- now are actually nineteen to go ahead and do something. Now for this demonstration I have to. Test applications that actually generate -- so I can do a low -- different testing -- -- demonstrate different features that typically what you'll do is you'll have your router or your UPS or some other device sending capture -- proved. Q you have to go into each device and manually configure their device and -- You're advised to point to the -- usually the IP address of your pro machine. It is our roadmap sapped some -- -- line to automate that but we don't have a definite date at this time. So. I'm gonna go ahead and additionally verified that the probe can handle -- an empty traps were talked about when we actually want to do with them. So I'm gonna go back to my program. And there to actually and he trapped related the one is the S and MP traps which is really your trap filters. And then the second tab is the traps receive those are actually traps that pass the filter now what do I mean by -- I'm going to -- here and I'm going to -- a trap. What we're trying to accomplish here is. It's quite possible that you'll have a router that might send fifteen -- Maybe -- sixty traps a second if it's sending a heartbeat trap. You don't want all of those traps to be sent to about tax system you only want to filter. What you care about. So we have you do is we have making make these -- filters now if you want you can say. I wanna make a generic -- -- that passes that allows every -- -- go through but that's typically not what you wanna do. So I want to go ahead MAK. There -- generic filter for now transferred to Google's press. -- -- -- -- Now I'm gonna talk about the different fields in this dialog. When a truck comes into the proved. There is header information and in -- header information or to codes -- generic code and specific code. There are -- leave six values that a generic code can be and those in default. Warm starts cold start did I lose network connectivity. Except Europe. If you are isolated on one of those traps then you want to focus on the generic code. It's very rare that I -- customers do that but that's what you're going to if you want to look for those traps then that's the future character. It's a generic code is six -- that means that the second field in the header which is the specific code is relevant. And specific code is a manufacturer. Dependent code that means custom data just like last week only talked about how. There's standard midst that all printers or all BC -- routers will will support they also have their customs section of data that has there. Unique manufacturer information. This generic -- specific pairing allows manufacturers to provide -- support the generic foods but also. Handle specific situations. So for our case we're gonna just make it generic type filter and we're gonna make it equal to four. And that's all I care about I don't care where it came from I don't care about any values that came in and I don't want to assign an alert template. So I'm gonna go ahead and save that and then delete -- -- accident moments there. Whenever you create traps. Whether there S an empty traps or syslog traps. You need to tell the -- to refresh its configuration. And this is the same thing that we talked about last week when you create -- templates and Clark -- detection temples and question templates. The reason for this is typically you make them in batch and we don't want to after you create a single one. Send a command to the -- to update its configuration win three or four more ones might be on the way. Okay so I'm gonna go ahead and do began commands prove. Refresh configuration. -- what that'll do is it will tell. You can see we've got to refresh can say here and I won't go ahead and so now I believe I have a trap filter that's looking for generic type result. Now the next thing I'm gonna do because I'm trying to Trace what's going on and debug what's happening I'm gonna go ahead and remain -- Good -- commands. Probe tracing. And turn my H traps specimen B traps off all the way to normal activity which -- listen -- the most information. I know the same thing for syslog -- and make sure my tracing is on. And how do I send commands. -- -- Excuse me so. Let's see if we can actually. I'm so what I did stent did there was I use the -- -- program to send a packet to myself I want to seven as -- -- 01. And with the general -- before which hopefully if the gods are nice will. Match -- filter. So let's see what -- log file -- One -- my LT -- errors. Okay so here we can see so. Because I turn my alarm and all the way up you can see exactly what happened so. We got a track from -- to seven hazard -- 01. -- -- -- Was. This now the key to this for those that are interested if you really -- -- get into the nitty gritty. When you see the trapped -- the last few values are your generic and specific code. So you can see this for that's your generic code and whatever -- generic code is not 6 which means the Pacific is nothing it puts a one in four. So you can see the four for a generic. So now I've converted the trap Beloit and I pulled out before for general pulled out the one for pass. And then I started comparing against my filters. And then test an empty -- matched -- generic type filter which is exactly the filter I just made. And let's see if we're -- what he. Hey look at that there's there's there's the -- received on the state. Now another thing that is critic. -- to understand. We expect the people who make their traps to. Use them in a mutually exclusive manner what that means is if you have ten filters on your machine. None of those filters should ever overlap in terms of what did they check. The reason this is critical hole is because the second to probe finds a filter that matches the criteria. It will stop matching other filters and assume that that's the -- you cared about. So we've had a -- support -- people make a generic filter to catch -- traps. Them make a specific filter for the IP address of the UPS device they care about. And assign an alert template to that wind and then wonder why -- error when there UPS fire's trapped and not getting their alert. And the reason for this is because. The generic catch all. Filter that they made first was the one that caught the trap and that didn't have an alert template assigned to them. So. Now we're gonna go ahead and make another filter for specific type. So I wanna go ahead and how to trap. And this one is gonna be my specific. Filter. And for here am I care about -- equals. Fifty. -- -- So again so now I've -- another felt certain because -- -- -- I need to. Go ahead and refresh my configuration. So began commands probe. Refresh configuration. And I'm gonna go away -- use the trap -- And this time I'm gonna tell it. -- AK -- put the specific code of fifty. And let's see what -- a lot -- tells us. Okay so you can see you we. -- -- -- And then here's the -- when they came in we Parse. -- six in the fifty out of it and then we started comparing it to our filters. And you can see. Generic -- failed for filter for basically what that means is whatever filter -- floor is he didn't match one of the criteria. So. Then down here are some assessment be -- -- filter specific filter so we did match something that came and and let's say if we got the final. Validation that it actually is our system. And look at that now we've got our here's our generic one with the Ford -- one. And then -- specific one and and you can see specific because the generic code as a six. And then specific value is a fifty. So some of the older device is the only way to communicate and I do mean the only way is not through -- -- MP but because of the traps. The reason for this is it's a lot cheaper for manufacturer to write code -- just broadcasts traps. That is to write code that actually sits and listens for an SMP request. Parse is that it. -- identifies the data that is being requested. Formats the response in -- appropriate protocol and then sends it back. If you're just broadcasting traps it's a lot easier in terms of development time and you'll send out exactly what you want. So it's not uncommon to see that being used. Finally I'm going to send out a -- with. Dies so again wanted to back to my -- filter. And I wanna -- -- trapped and this -- say -- test for. Always and -- and in this case. Let's assume -- those that we have -- That comes back with one that deal would values 12345. And it's -- UPS device so if it's on wall power descends a zero. And minutes on a battery -- sends a one and we only care about when it's on battery power. So we're gonna say equals. To one. And really good and save. And that's kind of being commands. -- -- so. Yemeni is my -- can test our. So now -- sent in a specific. Trap with a value of 12345. And the always value is a one. Now let's see with -- large file tells us. Okay so -- boy came in. It had a value of one. -- a notice up an analogue earlier of the trap boy came in but it didn't actually have a value is -- Through illegal in the S -- -- -- protocol for you send in a trap that has nothing but a header information. This is common because it's the the tests and MB protocol is expensive in terms of bytes so every time you have -- value pair. You're talking. I don't 1203040. Maybe even fifty bites on your network now again it doesn't sound like a lot but if you're doing it once a minute and you -- if you can -- fifty -- -- -- That tends to add up. So. Go again -- -- got we gotta attract value form. So the probe starts comparing its all of its filters. It generic chart fails. Specific -- failed. And then -- me. RS and MP -- matched filter for the test for -- guys. And. And sure enough here's our perceived -- with the boy and the value. Com wanna go ahead and see if I can. Get this thing to do something. -- Okay here's where traps it really fun. You can see right here in the -- value gonna see -- -- -- type and then hello. In. The -- most recent devices that are out there is becoming more common for them to send five or six values per trap. This is kind against the whole design idea of what a -- is for but manufacturers are doing it anyway. -- -- in order for the electric system to accommodate this when -- -- has. More than one only to value pair. What we do is the -- identifier of the first value pair. Is identified as the void. And then for the chart value which you can CO RE -- error. We triple pipes separate. All of the values. So it. If I go back to mind demonstration you can see that I generated a trap. That is to -- value pairs the first one is one got -- -- three airport at five. With a value of one. The second one is 12346. With the value of the word hello. So what the probe does is it. Records the first all lead of the -- value pair that comes in which is 12345. You can see that up here. And then it -- separates all the value cedar one. And in your three pipes and then your hello. This requires a lot of engineering on the partner side if you have a value that's in the middle of these types that care about. And I'm gonna say -- what I did last week you need to become. A red checks master if you are going to really harness the power the pro and mesh is probably the wrong word but you really need to understand. How rich or X works and how you -- leverage it. If you go to the -- or prog forums there's a ton of posts on how though I use. Reg -- to solve for this situation there's a lot of partners that are very good -- it and the developers here try and monitor the network -- form as much as we can. So chances are if it can be solved with -- -- if you can't figure it out yourself he wanna go there and you'll get some pointers. So. At this point we've pretty much demonstrated how traps come -- The only thing left to really do is if you want to actually do something. With one of these traps. Basically what you do is you set the alert template and what will happen -- when the traffic comes in it'll say oh I've got an alert template associated with this. Let me fire the alert. Typically what the power users do because basically the when you -- the alert the message is the complete -- -- What a power user will do will have -- their template fire script. The script will be passed -- from the trap. And then you'll do additional logic in a script to figure out whether you -- -- generated particularly want to close the ticket successor. Okay very good I'm gonna go ahead and start talking about syslog traps. Now. Functionally. They were almost identically to those that don't known syslog traps. Are actually they started I'm gonna say -- years ago but it might be even longer than that basically a developer. Realize that he wanted to know what his program was doing so he came up with this. Unique format of log messages said he broadcast over -- UDP port. And a bunch of people of what this is a really good idea. And started doing in themselves and kind of mirror the format the kind of put their own tweak on it. While fast forward about twenty years later and then somebody -- a bright idea -- who should write a standard for this. Let there is a RFC standard. Debt -- -- Texas and supports a number of the top of my head at least in -- documentation. But the -- key takeaways is if you have a device that generates a trap. That does not follow the standard. The probe will interpreted it will detected an -- try to Parse the best as can and but there might be some issues if you really -- trying to isolate on specific data. And show you and I mean -- on actually look at what a properly composed trap looks like. -- this is a little. -- tester program that we wrote for our QA department. And if you focus on the bottom half of the screen. Each trapped has what's called a facility this is basically. What is what is the thing generating the information value can see it's very -- -- -- so is this the mail system is it a esteem is it a network system as an assistant -- eccentric so. It's up to -- after -- program. Is or piece of hardware is generating in the syslog message. To decide what their facility is but there have to date under the standard there -- supposed to provide a facility. And then secondly there is a severity. And these are in order. It. There -- eight that range from zero to seven. So emergency is obviously the greatest and then information -- down the bottom. Then there's -- host name which is just a plain text message of what is sending the message and then the actual message. You know if you want to send this information that is contained in the constructed box. It should appear based on the standard. In the following text format if you're gonna use -- -- and look at the that the message. So you've got a less than symbol a number and -- number is a composite value of the facility and the severity. And then be greater than symbol and then the date. Here. The hostname. And then the actual message. So the domain generate another -- armament and a bad parent going to sing. And you can see that because I change the facility and -- change to severity. The number interest in me had greater than less then actually change because again its composite value. Where this comes up with is just like we had the S and -- -- -- filters hepa filter on Reuters generic type -- specific type. Our syslog filters allow you to filter on facility. Severity. Or the message. Let's look at what paying. I've had so you filter on the IP address that it came from. I can -- felt on the facility. And again you see the facilities that. We saw earlier. The severity. And then they result that's the result is actually the message that came and so I'm going to do may. Matter alone -- time. Error for Google's. And then again and alert template that if this match is one alert do you want to happen -- -- hit save. -- -- So I created a new filter and again -- -- refreshing my configuration -- to the probe knows about it. Can. Now let's send us -- and see if they cannot figure it out so most often. And puts you at a large file tells us. So we didn't impact could 76. -- or -- -- We did actually get. The it's -- sort tester error. -- -- -- -- Now syslog behave a little differently then -- traps. Again that it's not uncommon for. Or a -- application neither software application or piece of hardware. To generate thousands of syslog messages a second. So what we do is we store -- -- syslog passes a a filter we stored the syslog messages locally we don't store them on elastic server. The reason we do this it was killing the -- tech data -- -- it was killing the band width between. The pro machine and the about -- server. So. Any -- logs that pass -- filter. Will be in this syslog tax file. Whenever you send in Europe dance however frequently you do that -- probe will. Go ahead and look at this file and find any. Traps up to a count of 300. That are new since the last time -- scan the file. So what that means is that you were traps will be upload it once a day. That's why we saw S&P traps received we saw that right away. But are. Our syslog logs we don't actually see any because they haven't been sent to the server. They will be sent to the server when events are done. Another frequent call we -- from support is still how come I don't see my -- logs. Messages in my event -- typically what's happening is you've got a race condition where. You're sending your offense once a day let's say 1 o'clock in the morning. And then 3 o'clock in the morning -- database maintenance is moving your syslog events to your historical table. There is a bug in the -- -- system where syslog messages do not appear. In the historical -- -- that is fixed for the service pack one release coming up. South Africa -- covers how syslog messages come in again the key is -- want to identify them make sure the coming into your machine. Making sure that your filters are correct. And then -- the appropriate alert template to the the traps that are coming in. South I think that about covers sit do you have any questions from anybody on either S and MP traps or syslog traps. All right outstanding I want to thank everybody -- there -- Signing on. I want to thank everyone for attending this week's webinar. This webinar will be made available both on the forum under Lindsey corner, and on LabTech TV under support webinars. I also wanted to remind everyone about the resources we have available for you online. By going to support.labtechsotware.com we have a variety of educational resources, including documentation, Knowledge Base articles, and LabTech TV. On behalf of LabTech I want to thank everyone for attending and hopefully we see you at a future webinar.

  2. Network Probe Configuration SNMP Templates Part 2 Support Webinar

    Tue, 27 Oct 2015

    Hello and welcome to this week's support webinar. In this week's webinar we are focusing on the Network Probe Configuration SNMP Templates Part 2. Before we get started I want to make sure that everyone is comfortable with their virtual environments. In the navigation control window of the webinar you have the ability to ask questions. We will silence all communications during the webinar and use the questions window for primary interaction with the audience. We will conduct an overview then move into a demonstration followed by our live Q&A session. It is recommended to send in your questions as soon as you have them. Thanks for joining and let's get started. I would like to introduce our speaker for this weeks webinar, Scott Logan. As you can see we've got the electric control -- up and we're just gonna start talking about progress and -- and detection templates collection templates. -- -- -- -- I'm gonna talk but any questions right now on anything I'm doing please ask and I will try to answer them immediately or when they come up. Are what we have -- right now is a virtual machine and one of devices on our network is this. -- -- -- One there -- 1110. Now -- now going to open it up so we can look at it and see what the program has discovered you can see. In the main -- that we've recognized it as a mass -- we've seen that. It has a public community string. And the most important thing for those of you who care about us and and is if you get this system info box down here. That is the key that's the thing you wanna look forward you're doing collection templates and detection templates this means that not only -- -- advice bin. Identified as an S&P device but we've actually gonna collected data because this box is filled using any collection template. It is possible to manually set. The community string up here and some people get thrown off because I'll manually set -- -- -- those soon because it's set. Or you're an upgrade from a legacy system from maybe a year ago. We set that automatically in the past you negate you'd think that it was working and it actually wasn't so the key to see if you're actually collecting. This is see if you get the system info box staff here. One of the things that we bring back is storage she tells. Him now. -- electric works do you get collection templates and detection templates out of the box. The the way we do question temples and detection detection templates is we try and leveraged the standard. RFC. -- and -- us standards that are. Across the board for all devices for example. To get -- -- club all we. Take the pop -- -- and we incorporate that into our collection templates. -- storage T tell us we leverage the standard to price our resource allocation tips. And that brings back a variety of usage now that includes drives and ram usage so you can see down here -- -- got indexes one through seven that are the -- on the net now has struck. And then up here in the upper range I've got three. Memory usage it is that correspond to the ram on the device. That's an empty from -- lab tech collections standpoint from the standard templates that come in for like a better word is. Is down it basically just goes and gets everything that's out there are so from our standpoint we don't. Necessarily know that this -- a star -- just basically Ericsson device. All your storage units please tell me about them so. Or a large -- now strife or small and has -- that might happen you make it one entry you might have ten you might have fifteen. And -- and he is an open standard so basically the make a date. Management information base bar that the Starr describes in broad terms what the data should be -- It's up to the manufacture to decide how they're going to provide that to. So again back to The Who -- resources. Table that we're using to get this. There is there's a standard -- you have to describe what it is unique to you provide the overall. Allocation of -- you need to show how much is use. And that's how we get the allocation -- size for the size but there's no standard in terms of how many device you have to do there's no. You can only shows three drives -- for drives you only have one ram chip -- ten. So it's very -- in terms of what can come back. Down. So -- got that and then the S -- explore this. This is how if you're interested in making collection templates and detection templates how you actually want to do -- first -- you wanna do is you want you. -- the device. And what are -- does it basically says hey can you please go out there are. And tests the device what do you -- what can you tell me about yourself. And I'm going to refresh this hands. I. -- -- I showed -- treat you because it's a little bit better. Let's talk a little about voids and how -- constructed -- -- when I was at automation nation got a lot of questions about this so. Boys are object identifiers and they basically allow you to drill down -- she knew. Pieces of data -- like to say that they're almost like an IP address for a particular piece of data. But other people in the office said likened it to -- national -- where you asked for single unit at data. The -- investment he works is there's two types of data there's the single units and then there's our regular date. The -- distinction that trips people -- is all single points of data and and adopt zero. -- you can see if. We went over here in the system info and you've got. Your name your description and your object ID -- -- time. -- were all buried from this system quite so you can see there's my name Q now this exact same data that's how I got it. The description. That's the description that he saw on the other -- These are all single units -- whenever you have -- regular data and target the data would be those -- -- that I was talking about our. If you -- -- think in terms of a router you might think along lines of I wanna know what's happened at port five report fifteen. And for those. -- -- -- You can see here are your. Future storage table and -- Here are your -- descriptions that we saw on the other -- Here -- you can see that you've got are one through dot seven and then you got 10112103. Again it it. Doesn't end in dot -- it's a tablet PC data and the last. Dot value or to dot values are the indexes -- that table so. See we access devices one through seven and then devices one on one or two and -- -- operate. So the typically won't happen it is -- If you're gonna be monitoring and advice out of the box. 90% of the time the collection templates that are come a flat tech are gonna be exactly what you need -- we have out of the box. Templates for route. -- analyst -- -- -- routers we have a nurse for getting to ink levels set trip. Usually what Apple will what happen it is -- want T monitor something. Manufacture specific or if you know there's a problem or something -- those clients so. The first -- you're gonna do is you're going to walk now. The other thing to note as -- going through the awards you can see here that they -- every lawyer is gonna start with one dot 36 -- one it's almost like a header. -- -- The one -- three S six not one that too. Those are all going to be your common once as the -- that are shared across all devices so. The standard ink well will that we -- -- that we use to get any club -- it is under the dot to. Standard -- managed device -- that we use to get your disk space ordered not to. The -- for that is your manufacturer. Specific. Values so if -- -- had a cut HP device. You need and you wanna look for the HP immense it's gonna be under your dot foreigner. -- Well. So in this case we have UC Davis now. What we're seeing here is UC Davis is actually an -- university California are Berkeley at Davis campus. And they actually wrote a freeware. -- But they use the 2021 identifiers marked as private. So this is this this is -- -- leverage this. Free library and use it to perform document information you can see that they have things like. What's the matter. And area CPUs are so CPU systems so. CPU system and this is a percent of CPU time spent processing system level code. Now and the use case we're gonna try and do unless anybody has questions or wants -- on a different direction is we're going to. Create a template to collect this information. -- We've gone ahead and we said hey look at what we're trying to solve -- is I wanna know. How much -- CPU this -- using whether it's over worked or not and I wanna bring that incident database central database in electric system. I want to look at it over time. So because I want to look at it over time -- remote monitor isn't the solution if you wanna eight. You just wanna be alerted when something goes above or below -- threshold and you don't wanna worry about the ban list. Or the central database stored on a remote monitors the way to go but. Let's say you wanna keep this for historical purposes. Season so I've gone ahead and -- identified that the CPU system is the this is the thing that I wanna bring back into central database now again. Just to see what we're looking at here the -- values on the left are what we brought back the bodies on the right. This is what -- treatment -- from the walk and -- up in this first box that's actually the data that we brought back. And then in this box here. This is. We're able to analyze the oh okay great -- I have a town. I have a question what are the marine Tex represented that's -- -- question. Go to your. You do that -- server Hurt -- system and you go to the status window. The first thing you'll see is. -- -- -- -- Loading MIB files found. Basically Annan on a standard install -- -- -- Biotech list. I'm gonna say fifteen -- I don't know if it's fifteen minutes at this point. What happens is -- -- lose those minutes and -- memory and a -- is a text file that is descriptions on now. Data is stored on devices they are they aggregate on top of each other so -- and dependent upon other -- We basically load all those -- into memory. And we out we store them and what that gives us is. The -- contain information like the description of the value. And the SS CPU system eccentric. So what the green check means is that we have -- in our memory. That corresponds to the object we found so we have a pretty good idea what it it is. -- it if you if you want a device that -- -- does not have the myth four you'll see your red -- The key there is this war are quote -- sick man is you don't typically go to the all -- cool. Utility -- and nine times out of ten you're running on the -- file. That unique and if you care about that EU. Take demand probably downloaded to your transfer RFC Myst directory and tell the control senator reload it. And then you'll see it on -- Okay so I have another question can you find her grab the value from the manufacturer specific -- values without having amid files. -- querying the -- The I think what you're asking is do we need do we need the farthest thought to -- -- files to operate -- answer is now. Technically. The probe has no idea what admitted it just knows what object identifier -- Our midsummer mid -- route toward the construction project are identifiers are more important. The translation and understanding of -- Are the most important thing in a -- are on our demonstrate this year it is. You're looking at -- files. This is the thing -- gets everybody. There is no concept of a -- small in -- in -- cement peace ports and supports about twenty different data types from an IP address to a Mac address to text. To a number there's no concept of the deaths so I can't send three point 14159. Typically what happens in those situations. Is. For -- if you wanna think about com. If I wanted to send. Wanted to send power I would choose -- reporter -- -- 159 and -- -- now. Typically what you do is you'll send it as a as -- -- more offset. -- will send 314159. And in the mid it'll tell you its sheer number and hundreds of a value or thousands of -- value. You can see that right here in DR time. -- time when it sent in is -- hundredths of a second it's a lot since it was turned on so when you seen. 1000 any. -- -- -- -- -- -- and thirteen seconds that's really not second sets text which means that it's only been on for 1008 seconds. -- -- going to -- up actually. Most like it's gonna affect you is you're doing something -- monitoring a UPS device. Are sometimes a UPS might say something right. Okay I'm on a return the percentage of battery left maybe I'll send it back as 95 or send it back it's war. But. I might send it back in units of tents so. If it's at -- 950. -- send back. If it's at four point 5% I'll send back number 45. What what is seen happen in his. It'll send back the number 45 and and somebody will go and not create any internal monitor on the database. And -- database query will send in a long lines of where temperature. Is greater than four -- are less than four. And -- wanna get the alarm well because the numbers coming back as 45 and not for. Or whatever -- and you're never had that tear down 2.4 percent. So you always want to focus on the units. -- arm. Next question. What is the best way to troubleshoot -- in -- errors like an error message in the console hears from our. Are the best way to do that is to get on the forums only for me to answer that is the best way -- second best way. Are there is typically two types of errors and -- fortunate we don't have a solution for. The in the first type of error is. When the more -- -- amid news format are there is no official standard as to how a minute spot should it be. Format so you'll see all kinds at different things nominal. Not wanting to step to illustrate this. -- -- -- -- -- -- This is a standard -- file and wants a little doubt when. It without -- thanks. -- -- -- -- Okay -- read this is where we get the incredible story -- attacked so standard format amid is. Your media unit. And then this is based -- equals. And then now how what's displayed the status and then -- description that's how we figure out what it is. Syntax you never have to worry about that. And so on and then. Down here you can see that I've got. -- a marker supplies class is an object type that is -- -- The -- marker supplies entry and it's note for this for right here that's the where we get the one that's three got six -- whatever. So -- basically build parent child parent child trees and -- constantly get these numbers. There is narrow. Format has -- A equals sign and then -- curly brace with no space is legal or not -- Cost some people do that some people put it on a different mind it's really -- the manufacture and make their own midst. The tool used to load them is forgiving but it's not super forgiving. Every -- that the only when we export the mid -- -- the part of a lot Texas some we had to go in and clean some of them because of these issues. Com if you get an error unable to open up our open our myth and an error in printer amid dot -- dot -- on -- 500. Chances are it's you've got something wrong on that file or an -- so. I typically open up emitted in some kind of editor that allows -- to see in line number. I go to that line and I see if something's. If it's on -- is what -- unhappy about and I try and fix it. The second problem but you're gonna get into is missing. I header files or include files so if we look at this current permit. The very first thing seen -- file as this imports. And basically all that's what that's saying is saying what other mid -- -- need or do I depend upon that need to be loaded. So when we -- when we actually going -- -- arm dash mid continent file the first and we do is we see. You through all these imports and say okay I need. S and NPD two dash semi. And argue we don't look at that in China and those that never personally load all the files that are in need it. If that file has not found then we can't -- -- and you'll see an error unable to find are unable to load this file -- you don't get it. Again no standard on how they should be format it and this is gonna bite some people because. You'll sometimes you'll see this file -- this. Sometimes we'll see it as this dot -- Sometimes -- see this as. Dashboard. And so -- so. The lab tech requires that all -- files and -- dot Mitt. And I'm pretty sure. More -- on. So for example here you now. Radio -- and okay here we -- so we've got here we got an RFC dash -- thirteen dash mid. And I got another RC 1213 dash -- dot midnight got -- RC 1213 mid. RC 1213 dot net that's because. Some other mid had been -- import section. -- -- file exactly likeness so all we did was we took the RCE dash. All twelve -- copied and renamed it so that it was available. The third thing which is going to be the most in court earlier this wouldn't be the most difficult salt -- Is and so frankly we have -- and found a solution for ourselves is. If you have names no names stats are -- conflict with each other for example. This hearing here says that PRT output remaining capacity is the fifth child. Off print output entry. There's another mib file that says that something else. Is the fifth child out of print output entry. Then that's a conflict. Typically that doesn't happen where it does happen and is in each. HT used to make their root node name system. And somewhere I don't know late 1990s they decided that systems already use so they changed it to each piece system. Because of that old HP -- will not. Correspond with -- is -- with new HP -- What -- -- to do in that situation is if necessary. But just get to. So -- hidden. You see this right here is are always selector where basically the shows all the toys that were loaded. What we did -- is you can see down here and -- policy can do all load it. Or what you can do is if you really really need to get its axis and each -- mid. Terminal system something -- probably can make a sub directory. What that -- and all of -- requirements in there and then. Basically do -- custom and though the minutes from that directory. Are we put data functionality in about a year ago and I haven't heard of anybody -- that but that was kind of our fail safe. If you absolutely have no other option that's what you -- Okay next question -- a device fails to walk but you are able to get a single value. -- be the best way to trouble -- this problem. -- still -- but you are able to get -- and no doubt it. But by the -- I had never okay from each Demetrius -- stand corrected. The only time I've ever seen that is if you have some type of router. Or switch that is doing -- -- and keep blocking and darted. The first -- I ever went to you -- demonstrated the are the probe was. Actually in a hotel in Chicago and we set up on their wireless. And -- the interesting situation where I could. Walk all day long songs I walked in batches 25. As soon as I tried to -- under at a time. I could not do -- walks for about an hour and at first I thought it was our system and and actually downloaded a third party law utility an exhibit at the same behavior. It turns out that there -- router or whatever was on our network was interpreting. The costs and S and a few requests as some kind of probe to determine passwords. And -- -- them down for an hour. -- -- only case I've seen of that not working so the first thing I would do is when you go to -- device. You can set -- results met I would set that's -- and see if ten works. The next thing I would do is I would take -- tech out of the equation if you go to the -- -- prog forums. And do search recipe walk we placed eight S -- -- utility up there it's a standalone application. It uses the same code that the -- uses. You can download that and put that anywhere you want I typically tell people download that put that on your machine point -- to your destination IP enshrined you'll walk. And if that doesn't work then go to another machine that isn't a probe to see it there are not -- eliminate. If it's a firewall on your machine or if there's any kind other port walking. -- I've never singing. I've never seen a case where all. I get worked and I walked in -- work that wasn't. -- related to far wall blocking or some kind of intrusion detection on the device itself. Okay so now that we've talked about all that stuff so where were more. -- saying we're gonna make a collection template to hold back on -- The CP stuff now. Not talk a little little -- looks a little bit about how we actually got to the point of this being a parent and Astra. Now I -- -- You to -- -- control center I went to the name pro -- -- And this gets me to the -- template management. Now there's three words that I wanna use out and -- is going to be semantic -- second -- it really is to end port is important. The probe does three things in -- are distinct and unique. It does discovering. It does detection and it does collection. Discovery is what is out there on my network. Detection is once I found the black box cannot figure out what it is. Collection is -- once I figured out that it's an HP print are what do I want to get from. The first step -- approach starts is discovered that's when you set up the network -- -- and those of the things that they talked about last week. Once a device is discovered then we try to detect it and we typically we currently are we do is detection -- and an eight. So what you're seeing here is the pro template management. The known device SDs are. Devices that can be discovered by allowed tucked in some way shape or form using S&P. We -- it when we created a -- to go from a tight unique model no word shall see. A bridge and then a Cisco and then Cisco models are received Brenner and an HP trenor. And then I HP sell. EU want to if you want a close alliance a you know what about that doesn't know what the heck they're talking about and we wanna make her own you are free to do that what you will lose. It is all detection templates and questioned -- buzz out -- techniques in the course of our. Integrating new devices are going to be based off the small I'm only upload them to the marketplace the going to be. Additions to this tree in this models so if you decide you're -- way -- on -- you really are on Europe. So discover devices and the way it works here is we have today. S and MB device that would have a Nash drive and then we have our Q -- -- and we have -- inept TS one town. To. So the question is how do we get on -- discovered device to a Q not TS one -- You can see there's only one thing on there -- discovered device and that's -- and a -- device. Basically. All we're trying to do at that point it is. We're gonna say hey do you answer investment KRU. Dual do we know your password isn't and we talk -- -- and communicate. Most of the time the goal is to go down the tree one at a time. So you can see more wanna figure out if -- -- HP laser -- 1160 meego from discovered device which means we just found she'll. Two and S and a -- -- And we asked if you're Brenner -- -- ask if you're an HP printer and then we ask are you an HP laser jet 116. You know if you want to see. How that works you click on the detection -- And anytime you click on a known. It shows you all of the single steps that you can get -- -- -- used to get from eight a date and I say single because. You can actually -- -- some arrests and show that with -- -- But. Lets us talk about how we would have discovered an HD -- sixty if. Are -- -- on our network. The first thing we would Adonis -- jumped from discovered device tests and -- device. And the way we do that is we run our internal tests. The internal candidate probe has six or seven hard coded internal tests that we know already know the orange so we don't ask -- U. -- demand or or use and basically we know what we're looking for so. We're doing here is. How we're doing an internal tests are -- into the probe. Arm to test connectivity and I think going from memory but we actually asked for in that test. It is. All we do this we ask if the device response to the I guess the name -- what it but it might be the description but all we do is we asked for one of these and say hey do you answer. Once we get to that point then we have. We have tests to get to a bridge we have tests to get to a prisoner -- -- -- to get to your would -- Well let's look at the printer want to tell us what we're interested for this demonstration. So. Here we're doing get number of her ports and this. This is our way how we get from -- -- device tests and MP -- what we're dealing here is we're using our detection rule. Now the way detection templates work is they detection template is composed of one or more rules. Any entity rule is added to it -- -- template it must pass you have as many. Rules as you want but anyone detection tablet must pass if they don't pass. Then you then detection template fails. If you look at the template you can see that the name of -- here is our -- detection protocol assessment. Apply student this is. Where were we in -- -- and results and this is where we trying to get to so we're trying to get to and a snappy car. Identification this is important if you are -- agreed to let PSA or you're doing -- kind of asset management. If the template passes. We will set these values if they exist. So basically what we're saying here is if this template passes. Change the device type to a -- And if the manufacture -- set loose at the manufacturer. Would set the monolith that was sat. -- Now let's look at the actual rule. This template has one rule and it is. The rule name is consumer reports the rule type is validate -- -- And then this is the object and -- No way -- works is if you ask it for the device and it knows about it'll return -- to. It had asked for a device that it has no idea what you're asking for it'll return an error. So the theory behind this template is. All printers are supposed to implement that standard -- -- and that's what this. One dot three not six. 43 that's 43 is the standard -- information that all parents are supposed to answer their -- answer to. And underneath that five -- one dot one -- one is number print reports. If US and the -- to a router it's -- I don't know we're talking about and it's been a throwback in our summit to a GPS device it's gonna throw back -- -- So. This is our way of making a very logical guess that this is indeed a -- -- -- -- -- We have other rules the Wii can delay the internal validation -- we've talked about earlier and then our regular expression. Or. We do a -- what -- verify that the -- doesn't exist. Com and other words week asked for an ordinance and -- that it doesn't actually answer to -- that allows us to prevent false positives. So. The next step is now assuming we've tested do you have printer ports and -- says yes we've identified as a printer the next step is to. They are you an HP prior. So we have are tested HHP. Partner. Now. This is a more complex here rule in that were actually retrieving the value our doing a regular expression against it. Rated this I'll tell everybody here this and that's -- -- -- automation nation if you don't know regular expressions. Take the time to learn nom because -- you it -- Greatly increase your productivity and my tech architect -- laws regular expressions and makes things a lot easier when you know them. So what we're doing here is we're doing the -- by the enterprise number and -- the regular expression now what is the enterprise number. Every device has six -- sentences senator OS they're supposed to respond to him and -- the -- that we talked about earlier. The description and -- -- time -- track your object -- That basically. That's the way of pointing to your private -- you know where your manufacture data and that's harder enterprise -- There is a media INA international. Internet registry association that actually registers values. So 2021 is registered to the University of California Berkeley. Eleven -- is -- is registered to HP nine is registered Cisco. RT 52 Xerox I think. So what we're doing here is for basically signing. And. -- -- -- -- -- -- -- Okay so we're basically saying -- your enterprise Floyd. This is right here and then match against this regular expression and you can see. In a regular expression. I got the number eleven that eleven. Is the code number registered to Hewlett-Packard. So hey -- -- Xerox combat has a 250 T 252. It won't match and we're good. Now this actually cause us a little bit increased because I think it's -- -- actually bought. -- Hewlett-Packard's firmware. And it never actually went into their agent and change the values they were returning -- -- and for a while. So these I think this is an older BM I think even -- marketplace now we have an additional checked to make sure it's not its -- So once we actually verify that is -- -- -- the next thing we're gonna do this want to verify that it's a -- So. This is another matched so we're using the check -- named -- regular expression were asking net four. What's your printer name this is a standard -- her mid values saying hey what do you call yourself what's your model should -- And we get that value back and say hey are you -- -- revision to 1160 series. Now. For critters. I -- I -- -- of a hundred you really don't need anything other then. Whether it's an -- and MP -- -- -- The one thing that you're gonna wanna end want to use if you care about it -- you care about print management. Take into account number -- -- just print it and I say not necessarily because it does specify a number of resources used. And most printers -- used resources used in terms of -- print it. But they're technically number under no obligation to do sorrow so it's not a full truth what -- -- you octane number three sprint plus. If you care about print management you might care about legal -- paper set -- RC can see here we have a brother and -- Announced it off topic for a second. One of the things we did this for brother -- we actually bring back number pages print it and this print pages corresponds to legal all this is up. -- Normal size and the -- envelope and I don't remember art but -- allows us to get account on our her papers. So if you want managed print and you wanna care about pages and it then you need to go ahead and poll. Other pages -- -- -- those -- and figure out how to get this page. Okay so gone ahead and we've demonstrated detection at that point once -- -- -- now question is what we want to get. I apologize if -- -- So we got a question Muslims -- Stand -- I do not have a question on the -- are little BM has given announce a little bit ahead of -- -- -- -- -- so what we're gonna do now is we're gonna talk about collection templates and -- -- gonna go ahead and make a collection template for that device. A lot of times they are. I don't know if I admit -- -- earlier sometimes you don't actually need to do a walker you need to mid. I if you go out and you do if you let monitoring nutshell raid drive -- -- on you'll find sites and actually -- this the weights. And you can make a remote monitor verify that the always come back -- -- -- collection template and put you would in Nancy you get the value back. -- you don't actually need to myths. The out of the -- does not care about -- approach the probe was designed to Raun. -- remote machine and take up very little CPU space and memory hard drive space so. In order to accomplish that we don't care about -- -- don't analyze Mets you use anything -- -- all the pro cares about is hey we're back. Okay so. Out of the box you get your SUP -- -- collections around this is. This is that stuff that you wanna get from every snappy device so storage area is that's year drive space. -- Product S -- basics that's your name your -- -- -- trailer and then you got your. Arm. Interface table -- your. Arm that's your bandwidth usage and then you got your I'm sorry your interface and your -- count our. And then you're and -- shoots. A little bit and talk about S 91 vs SNP to -- -- three versions of us and MP. S and -- to add that a 64 bit counter. -- -- -- You want to track and with usage on -- -- router. And with usage is done by keeping track look at of a counter and the odd analogy that I which he uses an odometer if you buy a car -- ten years old that just a few thousand miles on it you don't know -- it's got 50000 or a hundred. -- 300000. -- so long as the odometer could have flipped over. How many times. The same thing happens in -- routers where it's a constant counter and it'll clip over eventually. For SMP version one devices -- a 32 bit number and with a high speed networks that we have today that number's gonna flip incredibly fast. -- for the 64 bit numbers it's not gonna flip as frequently so. You can actually get some valuable information. The latest -- works is we sample -- week we asked the device hey what's your calendar and then a minute later we say hey what's your tower. -- -- -- We say okay that's number -- that went out over a minute. And then we go backing me that's our band. Now the problem what that is you can see. -- -- Out of the box out of box we -- on the side -- we didn't want to blow anybody servers with. So much data or mail it back and forth from the probe to the -- -- server. So you can see that the interface is -- only. Asked for every four hours. If you care about bandwidth usage -- -- increased our frequency at the every minute. I just got a question is there any fix for the -- up time -- -- being 32 bit and rolling over once every year and however -- While that's an awesome question I don't think so I don't think anybody ever. As ever address that and that's the first time ever been asked that so -- -- very good question. -- I don't know. Yeah I yeah I -- I don't know -- never. I've never even encountered that that's an excellent question arm. -- I'm so we know that that's a very question. Of those people who can't afford to. Sample error. Error routers every ten minutes or so on and you just wanna get a snapshot. We had this concept of a sample interface table and sample I can honor. Basically what we do they -- is you can see how it's set every six hours. Well we do is on in the samples is will. Asked the the band with our ansari X on a router what's your -- will wait fifteen seconds. -- -- ask it again. -- get a snapshot of what you're doing and what this does is it allows you. To get us argue over the day of trends and overall usage. Are so you'll see that during the -- -- to be a much higher then join at night. So you can kinda get a sense what's going aren't you won't get everything so -- if you do it at three units four and everybody in the world its YouTube at 330 you won't see that. But you will get a trend over the course of the day at a very low cost. So that's -- -- difference between this employing and then these two actually bring back all the date. So now. An hour -- were actually going to make a collection template so I'm gonna go back -- little mind. -- -- -- -- -- -- Okay so here -- are not CPU system -- -- a time. Processor so on this phone to. Pace said or did. England -- Yahoo! and won't go back to -- temple -- mansion. -- I go to my collection templates. And I'm gonna make a new question -- -- and it's. -- -- -- -- -- We're going to add a reward. To Warner. And -- news. -- -- -- -- -- -- -- password every ten minutes. That's the -- that I care about what caught CPU. And our -- says manager now a couple things going on here. Collection and of all that's how often you want to collected and bring it back to the database. Historical interval that's going to be how long we keep -- only cheap values -- record keeping. So if you want to monitor the CPU every ten minutes -- an internal monitor. It you only really care about tracking it twice today for your record. You can do some -- Mike. I want you clocked it every ten minutes but I want you -- every twelve hours. And that rule allow you to not overwhelm -- -- database and historical data -- yet. Near real time data for your internal monitors. -- -- a manager that's basically the value. The value comes back and we try converted into something usable. And readable -- human beings so. Nine not so it's time you're gonna wanna do it in -- jury want to do readable text. If you care about a Mac address that comes back -- -- -- turned format. On. More standard time text and then. Some old systems will return. -- ID as an eight bit feels a -- -- eight byte field where -- encode it. So if you actually wanna convert that into a month day year hour minute second you need to use -- -- -- time. I don't think anybody's ever use that that. Most of the time it's either an insurer or readable text. And reminding you this as an -- It. So -- that it might -- now. Targets this is very important for the bandwidth -- are conscious people. Networked devices this means that this template will be downloaded by the probe for use -- number devices. Probes can not target machine -- agents on and the reason for that is for asset management. -- physical box can only be either a computer or network device can't be -- Because of that that's -- you've got -- Dell server that has ray drives. Opera. Sees me and you want to proteins collection template on it and -- an Asian aren't you can't do it because the probe can't see that machine. So what you do is we had this concept of self collection where. Since then. Every computer I open up -- this is -- server machines or. Every computer can do -- and and he templates on itself. So you -- set up the settings and -- -- -- collection template to use it works the algorithm is exactly the same it's just. Basically looking at itself -- -- to going out on the network. The reason why this is so important -- is. If you mark a template as a computer template. Means that temple will be -- -- every computer in your system so if you're down with. Conscience you wanna make sure that when you make your templates in their -- for the probe B only check network devices more courteous thing you just. Look your -- we don't blow it up but you'll Ati again and said. So our current. -- And and DR. DO the we added the ability to make some procedures basically make like almost like template collection libraries. So you can make a list a collections and apply them to multiple devices that's what template is -- procedure is or. That's not really not for news. -- So I made my template. I've applied it to a device. -- and our device and I've done my gets CPU. We're going to a -- So now I added my collection template. -- -- -- -- Now god this is something that are the causes -- -- -- -- forms. We. We do not automatically tell the probe to update itself after you make a template the reason we do this is because typically make it will make templates and -- its. We don't want to be constantly telling the -- -- -- templates to get templates and a template so once -- Don and make new templates you need to tell the probe to go and get it. The -- will once a day refresh its information from the galactic data being so if you don't do this is gonna have to wait. Arm so when -- data might be in -- -- -- probe. And do a refresh configuration. And this will tell the probe. To go down on our come -- about the server and -- for its configuration. Now another thing we talk about along the harms is the probe has a lot of -- To let you know what's going on where succeeding where it's -- where -- -- So aren't gonna do is. ID just created a collection template I must see if it's working on C that's not working. The obvious check -- the ultimate test is going to be does it come back into the system but I want to monitor it. I can turn on the -- culture Racine and see what the probe is doing not -- So I can go commands. -- -- And I wanna turn pro -- seen on. And I wanna go to collection and I wanna turn it all the way up to normal activity this is gonna log everything and related to collection. Very important to understand this window. That's what you want to set it does not reflect the current settings of the -- If you turn the Sonoma activity in the new look back into it it's gonna have everything in Paris because this does not -- system has no idea what the current settings -- a crowbar a one way. Sent. -- must send this command to the throat. And. -- So we actually happen to be on the pro machine right now so. When -- go to my seeing. When -- -- yes we've seen. And you see I've got my LT -- errors LT errors is where the windows Asian blogs its information. -- -- probe errors is where the pro wants this information. Excel I can see that the tracing options that -- has been completed. Obsessed changed to one that means that the tracing -- on. And let's see what's going on and world's. Here I can see right here I can see that it looks like. I might be happy cause latency running collection template. Get Q -- CPU time for IP address so I can see I've already. Tried to you that I don't know if I actually got a value though. So my -- happiness I think arts performance. Roosevelt -- system. Hey look at that. There's my object identifier. There's my CPU the RM I came back and there's a value so I went ahead and I retrieve the value to. So I now have. S -- collection template that is bringing back SN key value store and it into the central database. I can write an internal monitor on it. -- the other thing that this gives us is right now in a remote monitor system there is no concept of -- -- were more or weights together to it to analyze them for example. For the the resource usage you wanna know how much drive space is used -- -- -- strive. There's no single value that -- -- how much space you've used you can get total number of space and you can get. Mom you can use volume are used and total number -- blocks if you will but you can't get percent news. So what you could do you -- to -- create a collection template to get the blocks used and so on. And then do an internal monitor that analyzes as two values to -- now we actually do that for you under the hood but that's an example what we're trying to accomplish. Now along the same lines arm and if you're creating detection tablets to go down the train you also want to do. You can Trace that is well -- going to. Armstrong and go to mine grow I'm -- -- begin commands -- Racing. I don't -- termite detection all the way up. And what's this useful for is. If you're trying to -- if you have a new device -- -- -- Cisco 5000. And you're trying to your detection templates to work but you're not getting successful. -- what you want to do is you wanna turn that all the way out. And then you want to detect the device so I'm going to. I'm gonna go to my -- discs might do -- began commands read detect. And what that does it tell us the probe hey whatever you doing stop written go ahead and -- that device. And. -- -- -- -- -- -- -- Okay so. You see right here if you look at the -- it takes you exactly through the -- the probe is thinking says starting detection for. This device -- template it applies -- internal test. -- internal tests has one rule. It device -- internal tests. So now without a -- that applies Q -- precedent Peta vice. -- are running so -- and a basic takes through all the rules. To go through its and figure out what -- what felt eccentric so it'll take you through all the steps to figure out detection so if you. You might -- lot of happiness you haven't really wrong or your reg ex won't be a 100% as a have a lower character proper character. And -- so -- tell you either rules -- or they felt and all right get your text templates up and running. -- -- -- -- talks for about an hour now to have any questions out there errors anybody wanted it. Talk about anything else wrong wrong and so about detection a collection templates. -- Okay 12 everybody we got a question about bandwidth monitoring and I'm gonna -- for its impairment screen and then -- well attempt to address it. Question was. Are monitor bandwidth on a machine or network. Bandwidth and -- layered. -- -- Or. Pro right now uses a -- -- query. Courier routers and S and if you only tells you so much. -- what it won't tell us is who's going to Yahoo! who's going to ESP RR espn.com. Is our goal to integrate -- flow into our system which does provide an -- but that's probably happen to be until 2013. In the mean time what you can do is you can use the -- to monitor bandwidth on a per port basis. And if you wanna take the time you can see who his. Who is allocated to each quarter but that's that's a lot of work typically what you want to use appropriate now is just. Total bandwidth used as a function of whether the device is. Is being over utilize -- maxed out. And with tune from your -- server and lab -- storage. Easiest thing to do is to go into the pro template system. -- your interface templates and Tom go -- and collect -- a minute or once every five minutes. That's gonna -- more bandwidth usage than you ever want. Those -- you can't afford the bandwidth that bandwidth used or the storage information or you want to isolated. What I recommend is -- -- -- Custom template. That is. Up that is -- eight and with usage in other words -- -- -- for this specific device. I want you to collect interface data every one minute. And then when you open up the device you can see down here in her. -- -- But down here you can see -- there's a custom collection template what you can do is you can tell every device instead of using. The standard collection templates that are applied to your devices. Just go ahead and use this one collection template so. If you've got a if you got an office that has ten switches are so -- but only one of them is sure when and switch to the Internet. Every switching your office I would say use your default except for your -- and switch and for that line. I would say go ahead and create a custom template that's collecting data once every minute and assign -- to that. So you can go here and say. I want yet make -- make my super and with collection information template and assign it here. Com. -- once we get bandwidth. We are west we sent -- -- the server we. Smooth it out and aggregated so we not only do we send in -- -- but we do percentage of total bandwidth -- structure and we store that in a table so you can go ahead and write monitors against that or you can aggregate that data. -- Again we're looking sometime in the very near future. We're really looking to improve -- not only what the probe can get but how we. Report that date are we are over negated in -- SP one but. We started sitting down and designing net and it is just became too much of -- tests for us for -- this release so it is on our roadmap. Up for those that are in -- and I'm pretty active on the forums and I'm actually need a what do you wanna see in the probe. Topic so between now and I must say -- were -- actually starter next -- sprint period. I highly suggest you get on there and give us -- -- recommendations as you want because now's the time to get your ideas. Com -- I have another question someone. Once you to go over storage. Not sure exactly what the nature of this question has but I will. For those of you who are actually. Escudos -- going to be going into making your own monitors. I if you ever look at your database. Ominous say almost all -- the tables are either. All the protein it was use care about -- with broad. You can see -- here. And then -- -- tables are. Your H underscore -- The -- internal storage -- areas -- look at this table. You can see this is an exact stated -- drives that. -- you saw. So you can see we've got. The description. So you can write monitors against this information. -- -- -- If you care about ink levels you can do term. That's in our friend -- markers table hands. It. Now it. Just you know. I don't know inside information if you will. -- print or marker supplies this is rare and globalstar and you can see. You've got tables PR team are her -- and -- personality. Says supplies left. Max capacity and so on. And an over here to the right you've got derived percent last. That's a field that the proved. -- out on its own it basically says okay if I've got. Sixteen units of any gardener can hold a hundred and I've got. Seventeen units in their last. And that's might percentage left as a number. So instead of having to analyze how much data coming up but the thing -- -- -- number that you can monitor all clubs. Were or are necessary. And -- end. -- -- -- -- -- And then if you are going to write monitors on data that's come back from collection templates all -- that data is stored in the probe collected -- and key table. -- you can -- I've -- device three which is my -- -- And then the value. And we also do. Aggregation on that data so we have. The average value for the life of its collection and how many times been collected which is to. The lowest it's -- -- the -- severed then in the last time. So this way if it ever spiked and you didn't catch it or cared about it ago. So hourly how low power the allocation grass may be how location graphs are made. By looking -- the. -- an error internal storage areas. So you can see our -- -- a 4096. Storage size. And then the storage used. And basically we -- -- we wrap these numbers. So the numbers in that table drive every -- PC. -- are there any more questions before we sign off for this so webinar. All right thank you very much. I want to thank everyone for attending this week's webinar. This webinar will be made available both on the forum under Lindsey corner, and on LabTech TV under support webinars. I also wanted to remind everyone about the resources we have available for you online. By going to support.labtechsotware.com we have a variety of educational resources, including documentation, Knowledge Base articles, and LabTech TV. On behalf of LabTech I want to thank everyone for attending and hopefully we see you at a future webinar.

  3. Network Probe Configuration Part 1 Support Webinar

    Tue, 27 Oct 2015

    Hello and welcome to this week's support webinar. In this week's webinar we are focusing on the Network Probe Configuration Part 1. Before we get started I want to make sure that everyone is comfortable with their virtual environments. In the navigation control window of the webinar you have the ability to ask questions. We will silence all communications during the webinar and use the questions window for primary interaction with the audience. We will conduct an overview then move into a demonstration followed by our live Q&A session. It is recommended to send in your questions as soon as you have them. Thanks for joining and let's get started. I would like to introduce our speaker for this weeks webinar, Scott Logan. Welcome to the support webinar. For network probe configuration. Part one. The network probe is a service that runs on any -- -- agent. That allows that agent to discover other devices that are connected to the local network. Let that can be configured to push the agent to any windows devices we find. And also gather data via S and -- about any of the other devices that it encounters. Today we will take a look at enabling the probe. And making some configurations to enable the push. As well as detection of devices. Part of the -- being able to push the -- -- out to devices it finds. Is making sure that there -- passwords set at the client and or location mobile. Before making -- computer probe. It's a good idea to make sure that their passwords -- on the client and or location. When -- double click on this client. You could see on the passwords have. I have an account called location admin. And you can see here the format of that is domain backlash. Account name. If you're -- -- -- group environment this can also support using dot backlash. And in the account name. This one is set at the client level. And if I expand the client and double click on a location. I can also have password said that the location I was well. Once we're sure that we have valid credentials. In either the client or location on the -- were stabbed. We're ready to make a computer -- network -- -- double click on this computer. Here on the welcome to have. In the agent flags section. You can see that the network -- -- fox is currently unchecked. As soon as a project in the check box. It's going to ask me if I'm sure that I want to enable the network probe on this computer. -- click on yes and that will launch the probe -- set -- wizard. When -- click next here. The first green is the deployment setting screen. If you recognize these two accounts. Those are the accounts that were listed on the -- which have for the client and location. If I decide that neither one of these is a valid administrator account to be able to deploy. The -- occasion to any of -- computers at an probes found. I can right -- -- here. And add an entry. I'll go ahead and make a couple of selections on here notice how log in -- -- for administrator access has a drop down. I'll pick which one of these I want to use -- location have been. And I have to select a template to be included in the deployment package. All -- default selected. -- next. In our on the detection settings portion of the wizard. Here in the community strings field. We have to tell -- which community strings we wanted to use. It is preloaded with public private and -- them. If the environment. In which are enabling -- network probe has separate community strings. -- them here. Comma separated. By default these -- the -- that we are scanning we can add additional ports here also comma separated. And the -- frequency is set to one today. By default. Notice how the check box here for collection is currently turned on. That means this probe will attempt together data via as an MP form. If I don't want that function turned on I can uncheck it now. An average -- -- here to enable automatic. Agent insulation on its own devices. At this time it's not checked and I'll leave it -- -- for now we can revisit that after we complete this wizard. -- -- -- And quicker and finish to conclude the groups in a process. After I finish the wizard I can go to the commands have. Connect is to have -- program. And status of pending. Click on the -- to continue to refresh and notice that the status is changed to success. And it shows that probes installed. And even as -- saying that I now have a new network probe cap. Here on the network probe tab. I will start by going to be -- settings section. And we need to popularly. Which IP addresses we want the probe to scam. Please note we do not have the ability. To exclude certain ranges that we don't want scanned. If there is one entire subnet but there is a chunk of IP addresses in the middle of that that we don't want scanned. We need to set -- ranges to -- below -- them and above them. Thus omitting the -- we don't want -- There is no way to say simply do not scan these address. I'll put -- my address is now. -- -- that one. -- modify marine slightly. And on this one as well. And so here you can see I'm scanning from one to 49. And then. From 75 -- to 255. Thus omitting everything between fifty and 75. Notice here we -- that enable collection checkbox that also showed up during the wizard. This is what's going to allow the probe to be able to collect data from -- devices -- has detected. You could turn this off if you don't want to probe to collect data at this time. For with a checked it will attempt to collect that data. We will go into greater detail. About -- collection. In a future program and -- Back over here under remote push settings. You can see -- again. -- for credentials. That are available. To attempt to install galactic agent on devices that we find. Here's my drop down if I decided I wanted to add a different account I can select it. And that it. And I can even select. One of the passwords in this list. If more than one is present and choose to move it down or up. To change the order in which we attempt those particular. Credentials. Right now. The probe is not attempting to install the -- and tiny computers it -- Because enable automatic network installation. Is not checked. If I put a check in this box. Then every time the -- scans which is currently. One today by default. It would attempt. To install that -- tech agent on any windows computers it found. That currently do not have the agent on the if we scroll down a -- here. You can see we have. The S and MP settings that were available during the wizard. If I need at a later time. To add more strings. Or change some ports I can do that here. And notice now. On the screen we also have -- an MPV three settings. S and MPB three requires authentication if any of the as an MP -- devices at this network location have as an MPV three enabled. We'll specify -- -- an -- were. In this section. Okay let's take a quick look. -- some of the other tabs that are available. -- -- -- -- -- -- -- I have the -- command step. Commands have that exists on every computer. It will record actions that have been sent. By this group. So for example we attempted to install the agent. We would see the results in here and get feedback. If I can tie this into an example. We'll go back to the general -- I'll go back to the general tab and you can see here. I still look this check box unchecked to enable automatic network installation. Perhaps what I might do. Is go to the network segment for this location -- probe is. After the probe. Has scanned the IP address is selected. There will be devices showing up -- network. If I double clicked on -- device. I've gotten install button right here. So perhaps before. I enable automatic network installation on the probe that would come here and -- on install. That I can go straight back into my pro and I can go to the -- commands tab and watch the results here on the screen. If the results are successful. Perhaps -- come back here to the general tab and -- that enable automatic network installation. If that's my goal to get the let's take agent on any device -- -- Or perhaps there'll be. -- -- -- -- That will indicate there was a problem -- Deploying the agent. Perhaps indicating. There's a problem with this password. Or something else for -- to troubleshoot. So the probe commands have as were -- going to be able to see. Functions that the probes trying to perform. Okay S and MP traps. It's an MP traps are going to be available on certain as an MP enabled devices. On the network. If the probe. Has detected one of these -- and MP devices. And that device is capable of sending straps. You could tell that device to send -- -- To this program. And when I go back to the general tab. Appear in the identification section because -- the local address of this program. So if I went to some device perhaps a rotary switch that's capable of sending there as an MP traps to a specific address. And we'll tell what device send your traps to this IP address for my network -- Now back here on the it's an empty traps -- I need to tell this probe to trap. Any data that's being sent. Soared to -- -- Perhaps I would call it a catch all. If I don't specify any additional filtering in here at all. I can use this. She simply gather any traps that are being sent to this IP address of my network probe. By any machine. It's just a catch all. Alternatively. I may choose to -- a trap. For one particular. Device. -- -- -- -- -- -- -- -- -- I'm looking for traps -- coming from this device. I could save it. I deleted this one. Now I will only be trapping. -- data that is sent from this IP address. After that has been set up and the device has some points in the straps over that it is -- -- appear on the -- Ability information. IP address -- -- it is of of the term value was etc. -- -- Notice how I already have -- -- -- showing up on this tab. As soon as I made a machine a probe. It shows approved configuration and synchronized. Notice here I have other values such as starting -- system. Notice here have. Networks can cute. It's showing me that I have initiated scanned. If I want to see what the progress of the skin as. Within this -- computer. I can go to the tools tasks in groups have. Americans check the -- can position. For me reflects that has done. If it was not done you would see a certain number listed in this field to indicate. What position was and within the scam. The -- of -- have is going to show you. Probe activities that have been sensitive scan. Such as enabling the -- or changing settings. -- events. Are similar to what we saw back on the -- and MP -- step. The -- probe has the ability together syslog data. From certain devices. Right clicking here and -- -- trap. Once again maybe -- will say -- I want to know. -- information from this device. And save it. Now we're telling the network -- to try to reach out to. This address. And get through this -- logs. When they're gathered -- gonna show here in the syslog. -- -- The network -- can also serve as the TF TP server. I can use this to. Serve files out. Two computers on this network where the probe is located. And I can also use this to have computers upload their files. To the probe as a TF TP server. If I have recently added devices. To the network. At this particular location. -- -- re -- network. So for example if I went and installed 25 new computers. And I wanted to probe to find them and try to -- -- them as soon as I it's set up all 25 I could come back to my probe risk and the network. In double -- them. And if enable automatic network installation is. Checked. -- try to -- -- -- to them. Read tech devices. Is related to -- -- -- collection. That is a topic of network pro configuration. Part two and not something that would be included. During this conversation. There are also some commands that are available. That are specific to the network -- On this program for quick and begin. Commands. -- -- to probe. And we have a few options here. Disable. And enable collection. It's simply another way to. -- and check that checkbox. Fast -- -- -- the computer in fast talk. Current devices. Purge any network devices that this probe has found. For slept at two PC. If I could have -- slept at two PC. -- could specify the hostname or IP address. Of an individual computer wanna turn to use the probe. To -- the -- here. Refresh configuration. Means that perhaps I've come in here and made some changes. To some of the settings -- general tap. Refresh configuration. As telling the stroke to update the configuration settings and that's something you would see under the -- events have after the configuration have been -- Refresh push installer. Perhaps there have been some changes you've made through the push installer perhaps there'd been an update to -- tech and a new version of which installer is available. We will tell this probe to refresh the push installer so that when it tries to. -- epileptic agent it will take the changes you've made the changes related to the new version. Start networks can. Is identical to just come -- clicking -- re -- network. Tracing. Is going to give us a much -- detailed. Description of what's happening when this probe. Is out there scanning and attempting to perform actions such as pushing. And the tree -- Just used to -- the -- walks to say summer. That concludes this portion of the webinar. Hold -- turn -- -- question and answer session over to. Kevin Davis. So our first question is is it possible to exclude -- PC from the network probes automatic deployment. The ways these system currently works is that we scan. Via BIP address so if you happen to know the IP address. Of that machine. You'll excluded from the range. Next question. Is there a way to probe different view lands within a network. The probe is not capable of crossing the the aliens due to the -- cables. And -- switches. Work with passing packets from one network. Segment to another this is why we asked that each viewing and have its own corresponding location. In and you put a probe for each location. Next question. I am unable to delete a machine that was the network -- This is by design the reason being is that you are allowed only want. Network -- per location and an order to delete that machine humans first -- check it. As. A network probe. Then you can go ahead and remove it if you were having problems with this we do you have a script. That is located under the maintenance agent. Probe removed from an offline agent this can be run to correct this issue for you. Next question. Our servers the optimal location to install the network -- No. Network probe. In scanning functions. Are very processor intensive. We actually recommend and best practice is to use the least utilized machine. That it's on. Within the network to reform the network scans and act -- -- -- -- question how frequent can you skin I see the one -- but whats the Max scan frequency. DB once -- day. It's -- best practice however. You can go as slow as once an hour. Please realize that based on your network configuration. And approach configuration. That this may flood your network. As well as its over task. The machine designated as a -- again this is why we recommend once a day. Next question. -- remote agent deployments automatically update the -- package to be pushed after agent updates. Or does each probe enabled computer need you have to refresh Egypt and ran on. -- -- machine will deploy the most up to date. Package available from the system. It is also noted that the agent even if it is a previous version prior to an upgrade. The agents themselves will automatically upgrade. On this next subsequent check -- so it doesn't matter if you had. An older -- push from the probe because the -- Self updates based upon its templates addicts. Does the probe acting as a syslog server where we can have devices push lost the probe or does it cool -- from the device. When you designate a probe to be -- syslog server. It is just like any other syslog server package out there you must configure the -- device to point to. The probe machine IP address as the syslog server. It's a push operation not a pool operations. Pool is actually be accidentally templates. Which is covered in next week's advance. -- Is there's still an issue with the network probe and AVG. Version eight ethnic east cause a blue screen on the -- This was a problem with the EDT product not the -- -- network probe. This was due to do there. DO -- included. In their product. As far as I'm aware. This problem has been resolved but again this was a problem with the EDT product not the network -- Next question is there ever any reason to deployed more than one network pro that location. You -- its system actually prevent you from having. Multiple network probes per location. This -- single pro single probe per location. Should a probe also be configured as a master. It does not necessarily have to be again we are using a least utilized. System. Whether it is a master or not. Can the -- can be configured to automatically check. The external sync flat boxes such devices will automatically sync to connect -- For this operation I would actually recommend running. A script you could write a constant script that would actually interface with. But this is not within the scope. Of today's webinar in -- actually part of an advanced scripting. -- power. Next question is -- script that can run against the locations such probe that will alert me when it finds -- -- new device. What I would recommend. Doing is looking at our new computers detected internal marcher. And modifying it to look at the network devices table. -- questions -- how do you prevent the -- from shuttle and duplicates in the control center. IP addresses. It is clearing the inventory once per day. So if you have multiple skins. And DH CP you potentially could have -- computer. With different IPs listed one would be on one would be off. This is. Default behavior. And at this -- cannot be changed. Next question what traffic is required for the automatic -- of polish installations are PC. God this actually should be. Covered in next week's more advanced webinar. But it does not utilize just ER PC or -- 445. And 135. We have multiple methods to attempt a push from the probe to the endpoint. If we have a server set up as network probe but would like to change it to a less used management PC is this easy to do. I. Check on the other that is the correct operation he would first -- check the server designated as probe. Wait for the operation to complete. They -- she released PC that you want designated as -- management PC. Go ahead and select the network probe and allow. It to be in -- Can you please recap the difference between -- detect devices. And -- -- network. The -- detect devices. Will go ahead and -- -- list of devices currently listed in the network devices. The re skin network is when you want to change the IP range. -- to attracting or adding. X question does the probe deal with casting. And what is the best way of troubleshooting. -- Not sure exactly. Understanding what casting. Is to do with networking. If you're talking about -- -- and this is one of the reasons why we cannot cross the Orleans. Question can you save pro configurations. For changing pro machines. These probe configuration. Is stored at the location level. So if you. However. I would question why he -- constantly change -- probe. Machine or -- designation from one machine to another normally this would want to be said it wants configured. And then do not change and less required to. If the location has a large amount of clients and devices is it worth it to have -- dedicated PC for this. This would all depend upon the amount of information you wish to collect and if you wish to collect information about both desktops and servers. It would be best practice to have -- designated machine. However if you're only looking at its servers. You may not necessarily need to do this. The best course of action would be too. Baseline. The amount of information that is being collected as well as the resource usage. On the machine to determine whether or not you need a dedicated pro. What is the best practice when the probe identifies a host as a network PC when it is a piece. I believe you are referring to. Hypervisor source such as if sex is sex -- such accident and hyper V. In these instances. We have other methods. To designate them for VMware we actually have an action data field or additional info to designate. The machine. As. A hyper. Visor host. For the other. Hypervisor -- You can install -- Linux agent. And if the hyper V supports dot net 2.0 framework you can install an agent on those machines. However. If you can not get either those requirements. It will always stay as a network device. Well it seems that we have answered. All the questions so far if there's any more remember we will be doing in advance what the -- next week. Think you. Have a great day. I want to thank everyone for attending this week's webinar. This webinar will be made available both on the forum under Lindsey corner, and on LabTech TV under support webinars. I also wanted to remind everyone about the resources we have available for you online. By going to support.labtechsotware.com we have a variety of educational resources, including documentation, Knowledge Base articles, and LabTech TV. On behalf of LabTech I want to thank everyone for attending and hopefully we see you at a future webinar.

  4. AV Detection Support Webinar

    Wed, 14 Oct 2015

    Hello and welcome to today's support webinar how to configure BB detection. My name is Chris parent and I'm a technical trainer here at LabTech software. Lets first talk about today's agenda. We're gonna first talk about are supported AV definitions currently LabTech supports he set viper web brute and Symantec endpoint. Then that we're gonna talk about how to create it do you definition and the minimum requirements which include the name. The program location the definition location to EP process and the date mask. Then we're gonna talk a how to test the definitions and whether or not they're existing in the bit current directory structure. Last about least we're gonna go through a few troubleshooting steps and also show you some links to some. Documentation that will help you after having issues. So first currently. These are supported AV definitions ESET viper web root and semantic and point. We have documentation available on our site docs dot LabTech software dot com that will give you more information concerning each one of these. For any other product you must create your own definitions but you can review our forums for community created problems. So let's quickly navigate to where you can find this information. So ducks that LabTech software dot com add ons anti virus you're gonna see a list of our existing supported AV solutions. If you're looking to transition to one of our supported solutions you can open up the anti virus feature comparison. And he can show you the one that will best suit your business needs. If you're currently happy with the your existing one bought. You want to know how I can create specific definitions. You can navigate to forums dot lab techs offered are cop. Select anti virus. And coming here and you can see some of our partners have. Provided this information. A good one to use as an example is viper seven definitions here I king did it. The program location definition location AP processes date mask that's that are so this is a good place to kind of get information. If you're current AV solution is not supported by LabTech. So let's now talk about how do I create a new definition. If I navigate from the dashboard to configure configuration. Virus game. I'm in the need five minimum requirements first. I'm gonna need the name of the AV software. I'm also gonna need the program location which is the path and file named to the virus scanners executable file. This files used for command line scanning and if the file exists been scanners assumed to be installed. And that's gonna need the definition location indicates the path to the definitions file. If the depth location as a file named in the file date is used as the definition date. Eight key process this is the process name that LabTech is looking for. If this process name is found running an auto protect is assumed to be enabled. W mine is queried last in the out of protect scanned. This means if auto protect is turned off in your security senator from the windows control panel that might show as disabled in the control center's computer management window. To override this function we recommend adding the star at the end of the auto processing. This will skip the W mice game. The last item that we need is the date mask this is just a regular expression to extract the date from the definition locations return data. We typically recommend to enter that dot star as the date mask if this is a universal volume to determine the latest definition date of the file specified in the death location area. So let's go ahead and jump into the control sinner and see you'll where we input this information. So here I already have this up and running you can see I open the passport went to configure. Configuration. Virus scanned and this is gonna be a list of my current definitions that LabTech as an a database. You'll see that we do you have a lot more definitions here than the ones who we support. So at one point in time we loaded this information that should be ballot but it could be outdated. If you're using palm one of these EEV. Platforms. You may just need to update the information of where the structure is located the program location in the definition location it setter. So if I want to add a new one I'm good at least need the name. The process. Program location definition location and the date mask. So let's take a look adding an existing one which is what we usually recommend if you're creating them from scratched. Go ahead and use one as a guide to kind of show you what you're looking for. If I was integrated with the viper 201264. Bit here is what I would input in there. So here's my name here is my AP process you can see here that I'm adding the star again this is for W in my scanning. If we want to bypass that to make shirt that that's working correctly. There we want to add this starts a recommended best practice to put that in there so we don't have any thing mislabeling that as disabled. My program location here you can see that I am inserting a reg kicking. Which is a looking at a install directory. And looking for this executable. So we've mentioned that the program location is looking for the exe file. Same thing with our definition location as we're looking to see where the definitions will be held. So here you can see where implementing the I can also specify if I'm using all my OS. Our types you can see here that were specifically running for 64 bit so we're gonna select the 64 bit for windows. Update command can be used if you know. How to update the virus definition file if you know the path you can input that here. Here is an example of an uptick in fig viper enterprise. What this is you can see it's an executable file with a switched update depths. What bits gives me the ability to do if I'm integrated with this software. I can then go into you. This machine. If this was running viper. I can come in here and update virus deaths. That update can take command works in conjunction with this command update virus definitions so when you execute that command. Here is what that's going to be. So very beneficial if you do have this information to and put it but again it's not required. At a minimum we need the name. We need AP process. Program. And definition location. And the date mask. All this other is. Additional information. To add other functionality. Additional features only supported on ESET viper V6 and older web root and Symantec endpoint only. Just to keep referencing net if you're looking for help. We might not have this information available. But again it might be available on the forums if you are using and on supported. AD. Platform. So here's where we're gonna find this information. Configure configurations. Virus game. You can always use. An existing. Set up to see if you can kind of mimic or use that as a best practice god. So now we've got that input and a let's take a look at how we contest to see if this is work. First thing we need to do is ask ourselves do the directories exist. So by default it takes about 24 hours a populated we need the agents to check in with this information we need to run that checked against the database. You can possibly speed up this process by running an update config which updates the current configuration. And and Reese and everything which is gonna update all of the computer's. Data to the lab techs are. What we should see in the computer management screen on the welcome tab is that the Skinner that we have installed is currently. It's set to skin are running. Now the difference between scanner running vs scanner installed. The scatter running means that AP processes found in a running state. Which greed as everything is working correctly if it's just showing scanner installed it might see that its installed but it's not currently running. So we want to kind of take a look and see will we can do to alleviate that problem so a quick way to check to make sheer. There directories exist and I'm using the right information. Were gonna go ahead and we're gonna take a look and it amnesty. So here is MSC so you can see I have my name I am looking for the AP process. And here is the program location so if I copy that. And I go to a machine where I think MS he is running or MSE should be running you can see here are right everything should go through. But if I'm not showing. That process is running or if I'm showing it it's installed. Comma but not running then we can run a quick directory check. So if he can't see that that's my double quotes there. I wanna go ahead and run a directory check on this path. And what should happen if everything working correctly I should get a return value for this I know that this directory exists. If it goes out there it finds it and returns a value so are a very simple directory test can. Look and see on this machine to make sure this information is there. So were running through our local machine software Microsoft. Microsoft. Anti malware or install location. It's gonna look up that the directory. And by the time I read all that boom we have a valid directory showing up so I know might executable is where I say it is so that's good I'm running neck checked against this specific machine. So the other check I want to run is my definition location. So if everything's working correctly I should be able to ping this information. Again I'm gonna run another directory. My. Double quotes that are hit enter and again we're gonna are on the same checked. So here it's in the same pass but I'm looking specifically put specifically for my definition files. Signature location. And there dot DD MM boom. You can see I'm running a directory checked so here's my stored values I should be able. Two ping this information with a directory checked from the command prompt this is a very easy ways to validate that might pass that I'm using. Is accurate and eye and I'm reading it and my agent and my it LabTech servers are both on the same page. If our word to test something that didn't exist. So if I come in here. And I copy of this and monsters run a check on meant to show you what you don't want to get it. Again simple directory. I'm looking for might know dirty to you executable. It's looking through my registry see if he set is here. And you can see. File not found. So I don't have that information here you can see here is. Accurate. Information it sees the directory and can run it a check against it if I don't have it here's what you gonna look at so if I install it and I know it's installed. But it's not showing up is running let's check arc has first so much checked. The location of the executable file if that exists on a checked. The the location of my definition file so that's what I need to run my check against to see if that information is valid. What we should and always one SE. Is that scanners running here you can see the virus scanner which is the name of our TV platform and then the definition that. So we should be able to pull that information. If you just installed. Artists and do you want to kind of force the issue. We mentioned running the uptick in fig command and then when you're done rescinding everything to see if we can force the issue a little bit. If you install it and you don't try to force it you need at least 44 hours for all of via the M in Tori to reset and populated according. But that's a quick way to kind of check that to test the definitions and making sure that we have a valid location. File here and the dashboard. So now. Let's go through some troubleshooting and some of the common things that we see here at LabTech. LabTech is not detecting the AV so we install the AD we can't seem to find it. Mama oh we may need to update the definitions. From the marketplace. They might not be getting detected. Or it could be that were blocking. This information with a firewall. So we need to check go to the marketplace make sure we have the most updated information from the marketplace for our virus scanners. A make sure we have all the valid information. And also will make sure it's not getting blocked by anything. So AV disabled monitor triggering false Paul's of alerts we want to make sure. That are AP process has that star at the end of it. So this is a very common mistake. So if we're reading net as a disabled function we want to be able to add that start to bypass that. Are right. Last but not least we need to LT share access to have everyone and giving them full rights to the you know LT sheer folder. So on your server that LT shared folder. We want to right click. Adjust the rights and make sure that everyone has full rights so we need to be able to access files in net across our system. So let's go ahead and jump back in and go through a couple of on these scenarios. And also. Show you where we can find this troubleshooting information. So from here first. We have our configuration AV definitions creating. And editing anti virus definitions so the information I just went through is also available here. So it will walk you through all the information we just covered from going to the dashboard what all of these flags mean and also. Creating a new definition what we need. The information here walking you through that process and also testing the definitions. By opening amber command prompt and I recommend using. The directory command not the echo the directory is going to be much more successful. So that information will be an. So another site you can come into here is. Anti virus lab tech not detecting. Anti virus. Also from here you'll see after creation near anti virus definition LabTech fails to detect it. So from here you can also see I have a link to get to our form states so very cool the you can kind of jump through and get tunis. Also how to create your own definitions. Is gonna open up our anti virus definitions page. But from here you can see that we have a couple steps that we recommend going through. First is updating definitions from the lab tech marketplace. You can see here. I've opened. My marketplace all the way down to vaught bottom you're gonna see that I have my virus scanners. From here. Note that any new items are gonna show up here and you can see I have. A number of semantic and point protection we're not using Symantec in our training environment so I'm not gonna download these. But I just want to walk through here is where you're gonna find new items for our virus scanners so. Just like anything with our marketplace you can only access it. From the LabTech server. You wanna open up the marketplace down the virus scanner. And see any new items that are available to you update and go ahead and download him only the ones that pertain to you. So if you're not running Symantec endpoint protection than there's no reason to have this remember the marketplace. Is only used to update existing features that you're currently using your practice. All right so another step is a new definition is created is not detected. So again we're gonna highlight where the says. And this AP process is what we typically see as the problem and missing the stars are really want. To you kind of reinforce this instance. Where I want to add the star so to get that process. Hummer recognize. So again you have any questions about this you can access our docs and RKB's. So they antivirus solution may be blocking processes and LT SVC. Folder so we're gonna make sure we have these existing exclusions put into place. We want to allow though when directory LT SP service. And we want to these file exclusions here. So another common thing. That we see here at LabTech is we need to confirm that the configure the G easy file and the following location. Here on the machine is the same size as the LT shirt share transfer. Config config studs easy file. So I'm gonna walk through how to check this real quick. So here are my LabTech server. If I go to. My LT share my transfer file on the C this config studs easy. And it's currently have fourteen KB's. So what I want to do. Is from my Skinner. I can go and choose the file explorer. Open up my C drive my windows directory. My LT ES TC and here I have a configure studs easy I need the sizes of these to match so if I transfer this file. Up to the lab tech server. I can compare the two. From here. LT shared up loads. LabTech. Here is the server I was just looking at config veggies the hey that's a good indicator that the the file sizes are the same so I know that's a good. Are ranked. Also wallow or in the file explorer on my server. All we want to make sure. That if I were on the server. Reorder property's we go to security. Up looks like were night here. We want. Every one. Full control of this file. So this is another common area from which is why I'd kind of left this. Out so I can add it so if you have an ad. Of the ever one filing of an access to it here's what we need on the L teach here we need access to this to write and remove. Rom files to and from L teach here so go ahead and give everyone full access to that file so very important. So here should be able to its to a the same thing here security yours everyone's our right were cool so that's a couple of of the common troubleshooting steps. That will help view. Gives you or definitions up and running in communicating correctly. So. Another topic that we we currently see alliance. Is false positive up may be disabled monitor. So if you have. Skinner installed the Davie disable monitor shows the anti virus as disabled. But you see this. We may need to just wants this is been successfully saved. Confirmed the correct AP process the scanners re running and then reiterate the point or want this is saved resent everything. Where it tiller command finishes and at this point the agents welcome tab should display scanner running. See randomness or go. So these are just a couple ways that we can ensure that everything is working correctly. Soul what we did today as we walk through. How to. Create a new definition. How to test it to make sure we have the right path showing up running in the command prompt a quick directory checked to make sure that what we have in. The lab tech server is the same thing that's on the age so we don't have that right. Communication of those right file set the word I can be able to accurately. Portray that information. So here what we really wanna see is scanner running and an updated definition date. You can see on other machines if I don't have a be installed. But let's say this one I've ran it. But it's not showing up then I'm gonna go through my troubleshooting steps alone to make sure I have the valid information the my directory. And for my program and definition location are ballads I'm and run a quick command I'm on that agent to make sure that information is there. So that concludes our webinar on a V detection. Okay cool rates thank you for joining today's webinar. You can sign up for our support webinars at support dot LabTech software dot com. Thanks and have a wonderful day.

  5. Offline Server Monitors Support Webinar

    Wed, 9 Sep 2015

    Hello and welcome to this week's support webinar. Which webinar will be focusing on troubleshooting offline server monitors before we get started I just wanna make sure that everyone is comfortable with their virtual environment in the navigation control window of the webinar you have the ability to ask questions we'll silence all communication during the webinar and use the questions window for primary interaction with the audience we'll have a live Q&A session at the end of our demonstration. It is recommended that you send in your questions as soon as you have that. Thank you very much for joining in let's go ahead get started. A like teachers are speaker for this week's support webinar aired Alberts. Good afternoon everyone and thanks for joining I've heard Albertson and today will be discussing wrap text offline server monitors. We're also joined today by Joseph Lombardo who is our key support I would LabTech monetary. Senate time to waste let's get started. I want to discuss the differences between their offline server monitors. I'm speaking asked specifically. About the offline location. Vs but offline servers. Vs the offline master servers monitors in you're not tech says. We're gonna touch on some best practices related. We'll look at a workflow of these monitors. What kinda get a step by step of what happens when these monitors start to fire op. Will look at what groups are tied to and how they're alerting. Will be discussing things to look for when attempting to troubleshoot. Especially in regards to false positives with these monitors. Answer we'll talk about customizing properties. In order to change the alerting behavior. So my goal today is to familiarize you all with these monitors and how they function. There are expected behavior and ways to manipulate they're alerting. I hope you all will walk away from this webinar with a better understanding. Out how to utilize and maintain these monitors to benefit your business. Okay so first thing is first we have three different offline monitors. We have one designated for offline locations which we're going to discuss in a moment. And then weight have the offline map. Your servers and the offline servers. So it's important to understand the difference between the last two we're gonna talk about. So first and foremost. We have different groups that push this monitor down to your agents. These are offline monitors and there any feature set up late nineties so bear for BC ignite service plan groups. Pushing these monitors. Be offline servers monitor has to capture a wider picture up all servers. That were monitoring. And because of this week's CNET monitor enabled on multiple operating system service plans. Whereas the offline master server monitor we do not so let's take a look at this side by side. We can see on the left side for the offline master servers monitor or only really utilizing new windows operating system service points. On the ready for the regular offline servers is where we're taking advantage out all the operating service. Op service playing grips. Next we have the intervals for which the monitor runs. So a rule of thumb in LabTech is master computers. Those which have designated as a master per the check on individual machines computer screen. These are checking in every thirty seconds and therefore it the quickest answerable for which the monitor can run. Is thirty seconds. So there for our offline maps. Stir servers monitor will see the frequency run at thirty seconds. Non master computers. Are checking in every five minutes. So therefore we'll see that offline servers monitor. Run at a interval frequency out five minutes. So that's another main difference between these two monitors. So let's talk about some best packets. So our best practice is to use these. Offline monitors. And enabled them within your service plan groups. By default we saw the ignite managed when it will seven. And managed eight I five service and groups and they were pushing these monitors automatically via the service plans. If you've created your own groups and your not utilizing the ignite feature sad. You might think about enabling v.s monitors on those custom groups who created it. He can simply mirror the alert templates calls within the ignite managed service and groups. And in a minute I'll discuss how we can leverage the properties in the dashboard with those alert templates. Also it's important let's meet all those critical servers at a location. Master computers. And utilize the offline masters server monitor. Because of the frequencies for which it checks and remember we had talked about. Masters checking in thirty seconds non masters every minute. So masters a lot for a more frequent check again. And its ability to respond to commands so again it's always best practice to me on your critical servers at a specific location. Masters. Okay so let's discuss the offline location monetary and it's work well. Here's how it goes. If you navigate to the computer screen under the effective policy. You might see that the LT offline locations monitor is being applied to the all agents group. And that the alert template type to it it's set to default do nothing. This is actually a bug in should be fixed in 2013 however. If you come across this where your patrons. Are getting signs the offline locations monitor. By the all agents group. You're gonna want to follow these simple snaps to remedy past okay. So from our monitors. Button. You want to select the als he off locations monitor and go to the monitor target tap. You should CD all agents group listed in the groups section. Simply double click to remove that group. So when you see and now this. Becomes a global. Monitor. Now I know that because there's no groups appearing on my monitor target tab. It can be a little deceiving but when there's no group groups showing up on these internal monitors on this monitor target cap. That means that the monitor is essentially global. And is now getting applied to all agents. Print this specific monitor are offline locations monitor we want this sat as default. We want every agent checking into your control center to get this offline locations monitor. So bite removing any groups. And inclined to locations computers X Sadr attacked the monitor where essentially making this global monitor. So now you'll want to control. The alerting for this monitor. At the monitor level. If you want to customize and create different alerting options for different locations. You can do here one offs by creating a copy. Out the monitor then make your custom alerting configurations. Such. Don't forget. To green name your copied monitors renamed them however you're customizing them. Name them accordingly so that the mark marketplace does not over write them. Okay so here's attempt to reduce the amount a false positives. For that offline locations monitor. First let's create a location. This new location while house our laptops. Only. So we're gonna put those laptops in the newly created location. So why are we going to do this air and why I'm so glad you asked. Weakened then exclude. The location and from that offline check. Simply oak. Relocation. And under the night's tab you'll see the offline attack simply checked that box to exclude any locations. Or any agents belonging to a location. From this off line locations. Server monitor. Okay so that's kinda how work. Do in the specs practices. Reduce those false positives especially be seen as a lot of times with laptops. Because of the frequency for which laptops come. Edit all our network. A case and now let's discuss another way to exclude location. By customizing within the monitor. So you can choose to exclude locations. By manually. Inserting the location ID EE. Isn't an additional conditions. Section on the monitor. Here in the additional conditions section. We can read further action this monitors configured form. If you want to exclude additional location I can annually answer. Me here you see it highlight it. Com on your screen. Don't forget that you can separate with a comma for multiple entries as you can see an example with locations one and you. I also wanna point now that in the additional query. You can see how we are also looking for that stack army as a extra data field but on the case. That is the I'm. Exclude location check we just look at onto the app and tap on location. Okay so if you don't know how to. See this location ID's. To get IDs at your location go to your tools menu and select show IDB's. And then you'll see those IDs popularly. Entry. So you can quickly CE which locations are down. I'll from the market monitor. On the location tab out the monitor so when you select monitor. From our menu under the location tab. Here is where we seen those sales for let the offline location monitor. You can exclude. Locations from ever appearing on this tapped by adding that location ID to the properties in the dashboard. We find those properties under dashboard. Configurations. Properties. And then excluded locations line item. Simply highlight and have the number at the location AT. As you can see from slide you can insert multiple locations. I'll look it he's here as well. Again you're using a comma to separate. Again to see those ID's those location IDs tools and then select show. So first and foremost let's talk about how we travel should be off server monitors. The server stops checking in to your text server. This is gonna be the first indicator that the monitor is going to fire op. Second is the offline servers for the offline master servers monitor is going to be tree. So we're going to seen BG tacked it under our monitors. Dip. Ignites feature set automatically has the monitor calling alert templates 31. Okay this is the auto X actions server off line scripts. And remembered that it. Is an actual scripts that we are calling here so you can see. Which script. Is running so paint into it if you know what the script is doing. You can find this script by following the bread crumb trail. So we can look in the auto fix actions and look for the monitor offline agent scraps. That should run when this alert template is triggered. Okay so let's take that script now. So again this is things that we might be doing when we're troubleshooting. This monitor. As you can see here I've searched under scripts auto fix actions and then I found my monitor are one agents. Pay attention to the notes within the script. It will tell you exactly what the script is supposed to be doing. In this case the monitor off line agent scripts attempts to determine. Whether the individual agent is down or whether an entire site is down. Step five. This is where that script is executed. Its determining if the server is. Really off line there's several tax going on in the background. Like first it attempts to locate and leverage another machine at the same location. And in the same network subnet as the offline server. It attempts to execute in number of tasks from that machine. In an attempt to diagnose the nature of this type about it on the server. If it can contact. It will attempt to bring server back online. By remotely restarting you OLAP text service on the offline server. Okay so two things are gonna happen one. The each comes back online during this script accidents fusion process. And then won't happen is the script will automatically clear that failure from the monitor. Reset the monitor for that server and then access with no notification. Meaning no tech work email is generate. Okay so that's only half the server checks it and add some time in the middle of that script execution. That was that step five that we saw. So in an attempt to locate and leverage its executing some tasks. The easy comes back online. The script is going to note that it's a six that's it's going to clear the monitor and resent the monitor for her that server. And it acts it's with no notification. However. If the agent is still offline and it's not checking in to your lab tech server after the script execution. What's happened is the scripts will call alert template theories Q which is our server offline. And then when this dies is this performs a series of alert actions configured fair. By default that should create a ticket and sent in Ian so let's look at app. In the dashboard we can find number template I keep saying alert template 31. Your alert templates Leo's globally in the dashboard. So within the dashboard we can select the management tap. And then it's alert templates underneath that. As you can see it on the left column. We have template ID. So I can quickly navigate to template number 32. And highlight to see what exactly is being calls here what alert actions are being created out of the box. So the bottom you can see out of the box I have an email being generated a page or a waste a ticket. All of this is generated by default. When it backs. Offline server monitor. Still will not checked in. Even after the initial. Script oughta fix has been run and determined that server is actually off line. So that's when all these alerts it triggered. So it's important to understand why the initial scrapped the one that got executed in step for that one that we talked about the alert template number 31. Where it's auto facts. It's the one that's trying to leverage and other computer. It's trying to wake the machine up restart the LabTech agent determine if that servers actually off line. So it's important to understand that this screw that. Takes approximately. Fifteen minutes to run and diagnose the information being processed by scrapped. So I'd tell those scripts complete and determines an actual server down. Daniel be notified by step seven. Where we call the alert template number 32. That generates the email the ticket of the ways that page are Sadr up. So what that means is they about it. It could be up to fifteen minutes that a server or some way could be down before you're actually it notified by that second alert template. Which is alert template number her it's have you. It's gonna be about fifteen minutes. Before that he might be notified right violet are alert template 32 so that might not be ideal for your business practice right. Okay so if you stay on top of that. And be notified backward step for initialized that initial scripts that runs to try and wait a machine upper leverage another machine. Restart OLAP text server. Agent on it. Let's look at how we can change the properties in the dashboard. So that you can be alerted automatically. When these initial auto fix scripts starts to rot. You've leveraged the ignite properties within the dashboard. To change the behavior of how you can be notified would be offline server monitors and the auto fixes tides. Remember that I'd just add ignite property and cash. So I mentioned at the beginning as that these monitors. Are technically. An ignite feature. So these monitors are being pushed by night groups out of the box which we talked about earlier. So therefore we're going to find the properties in the dashboard. Items are at the end nine top. So if you're concerned with the op line agent email address. And offline agent email immediately. What we're going to do is we need to adjust both. Of these properties. As they work in unison with one another. So you can insert an appropriate email address email address where notifications. Are going to be sent. That's the test at test dot com music on your story. And then I need to turn on the offline agent's email immediately meaning as soon as that's script runs. That's script is looking to the gas sport to see if this type of functionalities turned off. If it is it's going to attempt to send an email to that offline agent email address that test at test dot com that we see in front of us. It's going to say hey guess what this auto fix script is running trying to wake up a little case so. Or a wake up a server and offline server. So again we how to adjust the email address here we have to put in an appropriate email address. And we have to change that offline agent. This is simply turning. On the functionality. By default in the dashboard this up this stop is turned off. A case and don't forget to change. I'm always when we are saving additional fields we need to be saving at the top of our screen on at the bottom. So once you have adjusted these properties. You're now going to be notified immediately when that auto fix script runs. And this is an attempts to determine if the server or servers are actually offline. So this way. You're now able to start your troubleshooting process. Soon after. Fifteen or so minutes when that ought to scripts realizes that it can't actually reach the server. You're on top of that you're starting to troubleshoot and determine why that server may be offline while that Otto picks script is doing the same thing. Okay so this leaves me my next point and that is failed checked pants. The following are the most common reasons. Or failed seconds. So these are the things to look for when you're starting to troubleshoot. These offline monitors. When they start to fire off. First and foremost. Is the target server busy. You should ask yourself what type of server is this for the location. And why do we want to ask ourselves that's. Because the LabTech agents check in process. Runs at the lowest possible priority in the operating system. So should the operating system determine that the resources used by this process are needed for something else like come back opt. Warming the machine is running and eighty scheme. So that LabTech check in process is pause. Until resource has become available again. This is kind of a prevention measure for the lab tech agent on four impacting the target servers performance. So it's a good idea to it in app evaluate. The individual server they'll check and first. Next we have DN apps. If the target server at a location is on cable to resolve the IP address at your LabTech server. Due to issues with Ian asked then obviously check in is going to be a problem. You're gonna see a problem with communication with all those agents in apps is that the root of the costs of course. First thing to look for is log entries. These will be created and can be found in the LT airs dot text file. That's located on the target machine's. Windows directory in the LT ES BC directory. Okay so it looks a little something like best. You're going to see the connect failure message as. Unable to connect to the remote server so that's purely indicate a ID NS issue. So next week have AD policy may be changes to the AD policy has happened at the target location. Blocking check ins to the lot text server. So contact filtering must. Included the LabTech servers fully qualified domain name to ensure that the filter doesn't interfere with the check in process. A tank. If all servers stopped. Checking in at one's. The issue might be weren't Lott's text server itself. Text servers and its performance. Performance issues can prevent the timely processing of agents' actions and can trigger those monitors. So you can double checked the status of your LabTech servers environment to ensure operation and activity. And internal networking issues may be some external DM asked all of these prevent the process of check him. For breaching your lap text server. Okay so let's take a look at the stuff for a quick out with in our control center. On my pretty much covered it then we're going to do eight I'm human hang with by the general. Okay so here in our lab tech system. Monitors. Again when we're talking about those offline monitors. These are internal monitors. So I just wanna quickly show where they are located as you can see here are offline applications. Off my master servers and offline servers. Going to double click in to use the opt locations monitor. First thing I want to low or that we mentioned in the presentation. Is the markets are targets have. Is the all agents group applied yes it is a case that this is this is something I want to remedy I want effects. I'm going to double clicked to remove that all agents group. And when I say it. This monitor has now just become a global monitor. So I'll agents reporting into my lap tech control center are going to get that off line locations monitor. And that's how it should be. So now. Now that this offline locations monitor is and who global monitor. I can manage the alerting on a global level. So here on the alerting tap I currently have this set to default nothing. But if I want it to call that auto fix script. I'm going to find that here as an alert tab plant. Order I wanted to do one offs and can't really customize pants I could create a new alert templates. And added my own. Alerting actions. So may be I'm going to add an email. Every day. Maybe I want it to contact. Somebody specific. Maybe I also want to go ahead and stagger a script action in here as well and called the scripts. Week in the actual alert template which is a best practice. So maybe I'll it's hams to resolve as well. And lacks the admin know that the script is running. So there's a lot of different things that you can do to customize that's. We also talked about in our presentation the other two monitors. Our master servers. And are offline servers. We talked about and it double click and go into your monitor target tapped. We can see very quickly which groups are pushing this monitor out. Remember we talked about that this is night op feature set so therefore we're going to C 898 groups pushing this monitor. So let's take for example the service plans windows servers manage it act by. We can follow the bread crumb trail groups. Service plans. Servers. Eight backed by. Going double clicked to open group. And you can see on my internal monitors tab. And I scroll down and find he als he offline master and offline server you can see that there enabled at this level. And pushing the alert template. Again at best practice is is we urge rot letting people groups drive d.s. Two particular monitors. That Napster servers and the offline servers. It groups are really pushing the panic and we can double click we can enable disable at this level. If we once you create custom. Alert template at this level we can. I'm out of the box. Is always going to run these auto X I I action scripts. We talked about how we can leverage. The alerting style on the initial script execution. We talked about that as being in the sports quickly. So here in the dashboard. We want to find those properties under the top that are going to let IS. Turn on that email immediately. So could fake integration. Nine. We see that I enter. Our default settings. Of email address and email. Opt by Asian immediately. So here I'm just going to highlight. Select one. And essentially I am turning on that email immediately service and order for this to work must change this email drafts. To save those changes. So now. When that the initial script executes. Or offline master server offline location X that are out. Since we're in the dashboard I might as well mention that you can set the default value of this offline. Alert template ID. I would keep it at standard 32 but again. This is where you can change that. I get the script is looking to that this value here when it notifies. If you ever wanna know why its business description is you can see a grief description of what this. Fields is actually supposed to be doing. Okay. So now I want to take some questions are questions from the audience. I'm going to introduced. Joseph Lombardo whose art he's support guy. And he's going to hopefully answer all those wonderful questions. Thanks for listening and term don't take it way. Not so fast Aaron for handed over to GO. I just wanna stress a couple points this is instance in teaching him instructor here also Atlantic. And as Erin mentioned earlier in her presentation. That in 2013. As we can see here the LT offline location monitor. Is enabled through service plans. There's servers plans will be your windows servers. Manage 24 by seven. And your windows workstations and managed by five. So just as he stressed this is it any ninety. Enabled monitor in in his set through these service plans. It's not gonna be on the all agents group like it was pre when he thirteen. Now for you guys that have not upgraded to Tony thirteenth which you would like to do so to take advantage of all the new bells and whistles gather. You probably will see it back on the all agents group. The LT offline master server. Is enabled through our servers clients and that's taking advantage of the servers managed when he four by seven. In the windows service manage it by five. The LT offline server. Is enabled through not just our wind news service plants like the other two at the top. But is also utilized to our Linux and Mac. Service plans. With that little bit. That tidbit of information at it now we will let you fire away any questions you had. Two joke. Are sneak. For our internal monitors. Thank you. Good afternoon though my name is Joseph Lombardo I am the monitoring and alerting subject matter expert here LabTech or an answer questions. I'll remember you do you have any questions it's met them. I. Should the first question and so if you put all of your laptops on a different location as suggested. There would not be approved associated with that location on this is corrects. And so boasts probes futures are not required formal devices of this type that Saddam it's still recommended you don't need to actually graphics and corporate consultations so on so that is correct. The next question is I should we remove all the all agents group from the LT also in locations monitor our guests if your loyalty offline location monitor is applied. The only agents group. Should remove that's on only two groups from them on her. Then you're Warren checked the alerting tablet real you'll slide locations monster. And ensure that it has similar assigned to it. That match your word art or are general practices have server offs on. Older templates or assign to that martyrs as do our ticketing and emails functions by default. Next question is some what determines an offline location of the criteria for that monitor. It's what it's looking for is I'm. A all agents at a specific location. Having zero check ins within ten minutes and that's Kurt seriously off on locations Molitor. Arnold so if you have a location the past five agents it's no agents have checked in which in and minutes it will trigger smaller church for outlook. Next question assume we have found that these server offline. Off server scripts. Or more are slated to scruples sometimes sale to completely wrong and create a ticket I'm so we had to implement an immediate action creation script will this results in its arms in the com script itself tomorrow natural or an agent script has an option property associated with that. Called email immediately. Around this is sound in the dash or burger considered considerations. And properties. On this email immediately property and set one arm and he triggers that scripts to immediately notified via email email associated. So it's aren't that. Basically it will across the scripts. And you know initially ones so or any other actions are taken orange should be used on. An email will be generated. Such you know trust send shouldn't god this is so the first and best option. S it will mode or you immediately. Started if you don't follow ups. I'm not good indicator that a lot about a you know immediately will also Falwell ones pleat. Instead are who you machine itself back. I'm it will books or Wales will follow just like bureau are. The next question is there a good way to test the offline server on a per without actually turning off the server there is a way to test this if you have on local access. Console access to a server on that this monitors are true and edit access outside of LabTech good a good example that mobile locals are merger office cash you can stop the LabTech agent services on any of your monitor servers. On veterinary groups that have the Matra are on you wanna start to checker utility each urged and then the LabTech agent itself on that. Agent service is being stopped server speaks to stop the check in process and simulate. And offline server event it's essentially the same and so they'll check in process running. On this server will trigger the monitor and trigger it's a worm and some super where you actually went through into Iran you can do goes on its you'll orchard clients. I want them all ordered go ahead and and while you're on sites simulate legislature. This year. Next question is there a way to rank you higher priority workstation as a server so that it will report and if it goes offline a not necessarily. What you can do in this case is you can designate that our computer as a master of the same way you do it server by checking the master aux will screw up the management for that agent. And then you can create a copy. Of the all sly and a master server is on or. And with the couple's modifications to remove the requirement of the server less and all and that's what's a group you can created group. That Saddam will have these settled master computers and of that willow Wiltshire produce alerts as as harper were to computers so little bit of customization. Updates from the marketplace do not say internal monitors that are in use there are exceptions to choose that on such as about the release a major releases arm a such as a window where it's her team which released a major releases him and expects those induced sweeping changes to existing monitors that are neutral monikers. But in general. These changes are not a strict by standard mark what's up with that being said. Best practice on has been in and still is to make copies. Of marchers as opposed to making changes the existing ones that you wanna put things in place as. Marchers. We're. Next question is is there a list for guides to find possible additional conditions. There is no master list com but says these monitors are. Simply an SQL queries or running on the database so the only limits placed on them are the conference opens of smoke Erie. And so they have from. Org or abilities are as well allow him to stood. On its newest jewels and X is wrapped around mulch or permissions its. On the let your base are more or permissions are what problems are real what its missions through or some. Next question how about checking it for a device at a location with the router firewall and forum Laughlin location. From. That's that's possible are not enough not to discount it is possible you can set up column outside in test for example from me. Always it's always a known to have the site senator and consider and pass. On Tuesday on the public. Side of far wall router. As a let's see what other side on. Accessing from within that site and fortunately not route possible and so it's. Drops out or we wouldn't receive a response girls so I'll it is possible. Recruits. And expression to reiterate so he recommended a template for offline locations was a cult server offline itself over time number 32 by defaults. The next question is so what is its proper name for email immediately other secondary way to set that without going to the properties if you go into the past or under and seeing integration and ignites. Sections for default properties. Are and the property can be found in there. Next person so what is the best way to alerts to song numbers when it server assault fluent. Viewed through best method in this case would be to modify the end alert template which is sort of a number 32. Are named server offline you're just wanna add an additional. Alert action. That includes a lot of beauty. Notify. Our with the contacts are associated. Of the secondary option would be changed the concert details. Of the original are not sure that's. Order to show notes are not best option it creates a contact so and and then go ahead and creates you'll actions that. Model the next question is is there a way to initiate it and the gristle shut down realty essentially saying that if I manually shutting down server that it would send me signal Atlantic server to indicate that I'm shutting down but it's okay and then when it starts back up saying of that it's all right and essentially not trigger the small church there is no way to do that with say one point six we have a series of options to. Handle the situations that say feature going to be taking down server temporarily. Homes were few hours or so are you templates that server it's a maintenance mode. Are rumbles or you doctor. Actions and insert down and millions without triggering our series or monitoring. Com and then when so. Smooth spires of organ well its normal that's the best way. Done by wreck your age and it's. Sort of terror alerts scripts or efforts and if you bowls. The best way to do that I'm also currently a year or to have an extended period of arm encircle service attributes based or arming its maintenance or more than so it's. An ad that machine SE exclusion to. Of the offs or circle mall altering. Temporarily column its manual but I do that by opening ultra cells go and two. X and right clicking on save section. Navigates the computer like that excluded. And that has to be undone manually wants some maintenance is completed optical aids use the same process Sorrell longer her on you that for days weeks months. And those excluded solos a machine or service and some of the agents. Are looks like that's all the questions we have for today thank you very much for attending. If your interest is in overthrew this webinar Guinness should be posted by Monday afternoon. And now we look for to see you again and that's who weeks acute.

  6. Patch Management Webinar Series Part 3

    Thu, 5 Mar 2015

    Hello and welcome to today's support webinar. My name's crisp and I'm a technical trainer here Atlantic software. And today is part three of our past me series where we're gonna talk about troubleshooting are patching configuration. Today's agenda before we jump into part three were gonna briefly talk about parts one in two just. An overview of what got us to this point. Then rant talk about troubleshooting the common issues that we typically see here in our support department. So talking to some of the subject matter experts that we hand and our support department along with some of my own experience as having. Bin that the primary support person for patch management. We're gonna talk about some things we commonly see that give our partners the ability kind of troubleshoot their own issues without having to open up a support ticket. One of the common things or weeks the past due with communication to the windows update site. So this may result team either in the empty patch window or maybe not as many pants as we expect to see on that agents patching ten so we'll take a look at what can be causing this. Also will talk about. Why my agents didn't patch will take a look at our configurations. Will make sure that the machines are online hmmm we do have approved pensions. And a quick way to a to see if we can troubleshoot the windows update log and see if we have any agent related issues. Last ever Wear and talk about his maybe app that's fine but for some reason the agent in reboot so sugary booted after it installed the patches. Will let's take a look at the configuration make sure everything lines up. And it see if we can't figure out what's going on now. The main thing that we usually use when we're talking about patching and rebooting Rommel we're gonna really break down the effect the policy tad that's a relief the easiest way to kind of troubleshoot to make sure my configuration. Is in place like I expected to so we will spend a lot of time in effect the policy tab. Or lastly I'll talk a little bit about customizations. And how we leverage extra data fields or EDF's. And the kind of controlling in customizing my environment. Now a little bit of a spoiler I'm not gonna go through and show you how to create. Specific X or data fields. What I'm gonna do is arm and a point you in the right direction to we're we have a specific webinar that will walk you through the process but also how to get to our knowledge base site. To kind of find all of the existing literature that we have of that cane help you in your data date. Our troubleshooting activities. Troubleshooting. Let's do just a brief review of our first part in our test management. Series. Where we just basically talked about how patching works so basic enabling a patch management. If you remember we talked about. At the location where enabling onboarding we're getting them in to view a contract enabled service plane which is our 24 by secondary by five. Groups by default. So were assigning down to location. Edward kidding our agents in the appropriate groups that put them under contract and then we're going into that patching tam and were. Deciding whether or not we want to turn patching on for workstations and servers and then we're picking the day that we wanna patch. That will automatically get our machines into a group and applying a template that's gonna set the we also talked a little bit about the patch approval process. Keeping everything in lined in the pants mean injuring kinda navigating to the test manager to get my patches approved. Lastly part one we just talked about how I keen disable passing for individual agents by many have a location where I have a bunch of agents. But I want Warner to agents to be able little bit differently maybe I just wanna disable patching for one of them or maybe I just want to disable. Reboots I have the ability at the agent level to omit certain agents from of the locations patch management policy. So from there are all week kind of went to part two where we talked a little bit about the bank in our right part one. We talked about a let's get everything set up how everything kind of works and going through with Dick nite. Then we kind of continue that way is how does that all work in the bank and well everything is driven by search groups and templates so. I put my agents in a search. It gets joint tour group and I apply the appropriate template on that template I'm gonna get my patch install window I'm gonna get my Patrick who window. And that's kind of the automation. Within LabTech. We then talked about daytime patching enabling daytime patching for workstations at the location. And then we're really broke down custom patching and how that works and how I get that scheduled. And how it ties in to you mind. Group structure and most importantly. Giving. My agents in the right groups in the right dating getting net update configure me and sent it to update the template. Appropriately. Then we kind of talked about the pats approval process a little bit more we kind of jumped into how we set up our. Deny groups and now we deny specific patches and we get our agents into those groups instead of denying them globally under windows updates to approve group. And then lastly we talked a little bit about automating the process. How I can use our existing scripts and kind of changed them tick kind of manipulate data that I want to I don't have the existing script stay here and how we can copy a script to renaming. And you use it for our own use. So that's a brief overview of what goddess here. Today so let's jump into today's topic were gonna talk a little bit about troubleshooting common issues. Like we said a common issue could be tied to communication. Where I have an empty patch window Lori don't have as many patches is I think. Should. And the main thing we want to check is do we have communication to the windows update site. So the way they're patching works within LabTech is we send a command to the agent the agent. You know leverages a windows update API it locally on that machine and it goes out to the windows update site they gets all the patch information. While I can't communicate. To the windows update site I'm not gonna get a ballot list of patches or more commonly im not gonna get a list of any patches so there's a couple things we want to check. Do you I have the right services up and running on my agent. Do I have a W Sus server firewall or proxy server that's kinda blocking communication from the H into the windows update site. So we'll take a look at the services that we need to kind of look at to make sure there up and running and I'll show you a quick way to check for W Sus server if that's blocking communication. Don't ever great way out to walk through all the different firewalls that may be out there are some middle leave that up to a of the partners out there to kind of make sure your firewall settings and your proxy servers are in place but we will walk thru the services in the W subsection. Next is I have machines for whatever reason did not patch now there's a couple different things that we can check we're gonna take a look at. One of the most common things Islam was the machine actually powered on during the patch install window. So we talked about the default task window being from three to 5 in the morning that history M to 5 AM. While I need my machines on during this time in order to patch so we can check our event logs we can check various other logs to make sure. If that machine was actually up and running during its patch install window. If it's not alive during the patch install window we are in agony issued the command. In order to set patching in motion. Next we got picture we have approved patches for the agent to install. So I can go to the agent and I can take a look and sort through all the patches that are signed this agent. Making each your. Which ones are missing but more importantly they have to be missing and set to install. If I don't have any missing patches that are proved well they're not gonna patch during it's at patch install window. So the common thing is I have one agent that doesn't seem to be panting we open it up like what we don't have a new group patches so we didn't need to issue the command we need to have that ballot as the patches. That are approved and missing so we actually have a job to XEQ. Were also gonna talk about scheduling. So make sure that our locations are set up and everything is configured correctly. Cause we do you have a bunch of June on patch groups. That comma. Stock into LabTech where for majority of different reasons that I don't have everything set up well I'm gonna get pleas to did you know parents group. And I want to make sure that all my agents are in a ballot patching group. So common examples of we talked about disabling patching for an individual agent a week checked that box it's gonna be in a do not patch group. I don't get my agents under contract it's gonna be that do not patch group. If I haven't enabled at a location that's gonna be another example of getting thrown into it do not patch group. So again we do you have a bunch of different things we can check to make sure word that are agents are setup for success. Lastly it could come down to I have everything configured correctly LabTech for for some reason it's still not patching. Well we may need to check the windows update looked to see if there's any Ayers with the actual windows update each it. So show just an easy way to pull the windows update logs exported into the lab take servers you can take a look at the full report. Now we if trouble shooting our patch is the one thing I wanna kind of stress here if you're not. Using the effective policy to have hope you start after this. Presentation because from here I can take a look at a lot of different configuration settings. I can really. Kind of narrow down my issues by using effective policy to see what groups there and see what templates are getting applied making sure work. I have all of my patch configurations in place on the agent maybe I have a template. Snap who were I have one template trend it's that the patch install window and I have another template with a higher priority that's disabling panting so I can use the effect of policy leverage this tab. To point me in the right direction. So maybe. I did patched correctly but the machine did not regroup for whatever reason. Again. I can take a look at the groups that it's in in the templates and make sure everything is lined up accordingly. The main thing I need to make sure is I have a patch reboot window assigned. And also not only that it's assigned its working in conjunction with my patch install window. So if you remember. Bank are patch install window Patrick the window work in conjunction with each other. I can't have my patch install window started three my patch through windows start at five. And then I think well after it's done patching whatever hits five it's gonna reboot doesn't work that way. I need to have my install window and my Reba window assigned at the same time. And again and easy way to check that configuration is going to be from the effective policy tat will take a look at all of this. In just a couple of minutes. So lastly. A little bit about our customizations. Ain't talking about creating extra data fields. We have a number of ways where we can create. These customizations. Where we're denying patches or even creating our own custom service points. Had a lot of partners and still have a lot of partners that. They want to have ignite control patching but they don't want to use one of our existing service plants. Because they don't want all the monitors they just want to use it for passing while. Out of the box we don't really have an available way to kind of give you. A deep fault service plan that doesn't have all the bells and lewis' whistles aside with ignite. Well that's where the power customizations commend. Now unfortunately I'm not gonna walk you through how to create all of these. And if you're asking yourself why well it's because thirty half and so I'm we already have a webinar on how to create need to figure patching groups. And you can see the link there all show you how to get there we jump in the controls and in just a minute but. I always encourage our partners to take a look at this when they're talking about customization creating their own deny groups creating any Customs Service plans we have the information out there. This webinars just one example of a wave that reduce leverage what we already animal we have existing. And lab tech TV I'm gonna walk you through some in this customization. From scenarios. And lastly that one thing I always want to talk about if you're not familiar with it is using our online documentation. So if you've been our documentation you probably been there before we have a lab tech 2013. It you probably very familiar with that documentation. While we also have our knowledge base articles here and you can see I've clicked on that and I put in a filter of patching and that's gonna bring me all of my patching TVs. Now a lot of the stuff that I'm talking about today does in compare to the amount of information that we have here that'll help you troubleshoot. So or KB articles are typically written by our own support people. We continue to see a certain issues while we're gonna create a knowledge base article that's gonna help our partners. Trying to solve the issue on their own so it just always want to point. This documentation. Al. To make these resources available to you and again coal navigate their together when we jump into the control sinner. Which we're gonna do that right now. So here we are in the control center and the first item I wanna focus on he's communication to the windows update site. So let's say you have an agent and you're just want to check the patch inventories so you open up that aging you go to the patching tab. And here is where you my find something a little off is I have a windows server 2008. That only has seven patches showing for it now. We've been in this business long and how we probably see that though that's a bit off so the first thing that I typically want to do is test the communication. So the easiest way to do that is to go to inventory in recent hot fixes. Let's just see if I can force this agent to update its past inventory. I can come over to the commands tracked the commands. And as gates executing. Meaning the deck ticket a little bit by ants. Instigating the fast talk. And real quick I concede that communication has failed so. Command was pending and all of a sudden went to field so I know I'm having a communication problem so the first thing I always wanna take a look at our my services now. Typically for windows updates on the look for two services. Here RE haven't highlighted is bits which is the background intelligent transfer service you can see it's set to manual what it's currently stopped. First thing I want to do well wanna right click and I won't start that the service so indeed that communication open up. The cycle and obviously is our windows update service so our come down here in lo and behold. I have all of this is disabled and everything is stop so. And that's probably the main reason why can't get my patches if I don't have the services running I can't communicate to the windows update site and they can't get my immune Tori. To show up for this particular device so. Just like it did four bits this one ominous set to auto start. And then I'm gonna go ahead and start this service again as I'm issuing these come means. To the agent I can track them in my commands have to make sure that everything is executing successfully. And it's giving my services started back op. So here I am reading for that to set to auto. Reese and my services. Make ensure everything. Is working like I expect it to. Our main few weeks ago now I have mow windows update. Running and I should have my bit service running so again must have. Before I get too far award I'm also gonna check fork. Is if I have of low number of patches are also want to make sure that I don't have a W Sus server you know kind of blocking communication. Kind of I'm trying to send information from decision to the windows update site if I'm trying to go through Adobe Sus server. Mama I just want to check the registry to see if those keys exist. Now if you've never been in the registry before. Always recommend as soon as you open it up to re load the system cache. So this is gonna refresh all the mandatory one thing about the registry is we don't sheer we don't us store this information. In the database so when we re load the tanks were actually pinging the machine and updating all the current. Are registry keys that are. Showing up on this agent so it's very key to reload that task. Here I am a lo and behold I do you have a W Sus server. A signed here is the IP address now if you don't recognize this IP address a lot of times. Who will have partners take over a client. And they don't even know that they have a W so server place they just know that they don't have communication so we always recommend. Well checked the services first and then check to see if they have a Debbie so a server at the you don't know exists. That's blocking communication so if you're following along. HK LM software policies Microsoft windows updates were looking here for. A value. We're also looking at the AU folder. And we're looking to see if use. W saw server is set to one which means yes. So what I actually want to do is go ahead and modify. This key. And it takes just a second open up. And I wanna set that to zero are right I don't wanna use it W Sus server anymore. It's. So I set that valor weight that changes to zero. I come back up the you know what I'm just gonna go ahead and I'm going to you delete these three cities. Don't want to you. Disable windows update it's gonna stop communication. So it just wanna go ahead and delete all these keys. If I know that I'm using a W sauce and I don't want to. Before. I do all this I just wanna kinda stressed the fact that. If you're actively using a W suss or you had one in the past that you must go into the group policy and disable that because we don't want. To come in here did delete any registry values and then have the group policy up. Date and just put in the bright back in there so again if you do nova W suss and you wanna kind of disable it make sure you do disable. That group policy before you come in here in kind of delete those keys. So goal line go ahead and re load the cache before access and I'll leave that back open. So now. You can see a all right here we are going through. All of these items and kind of seen if all of this work. One thing I wanted to do before our try to reason that elementary is to run an update config commands let's read French art template configurations. And then once that goes through let's go ahead and test are. A recent hot fixes to see if we king did it our patching him and Tori to you update so. So now in its executing and now we're just waiting for that to see if it executes successfully. So now we die of our inventory. Successfully. Getting executed. It could take kid depending on the amount of patches that you have. Now you can see I went from seven to 207. So this looks a little more accurate. And that's what I'm looking for. Now you can kind of see we kind of issued these commands a cool thing about this is if you find this issue happening with the majority of your agents what you can do is kind of start. With all of the commands that you instituted. Even then. Registries. And everything and sending the tanks and update in the country and scanning the patch is the cool thing about this is I can't highlight all those. And I can possibly create a script that will kind of walk through everything that I did now you wanna kind of take a look at this and test it bought. If you find a way to fix this issue and you institute commands in the order in which he gets fixed you can highlighted if you wanna kind of backtracking you know what I only want to script out re setting the services I can do that as well. And it's only going to you create. Of the scripts that I instituted in the order in them which aria is sent the commands to the agent but. Those are just some of the common issues that we have we just want to make sure that services are running both the bits. And the windows update agent. And also wanna check to see if I don't have rod W SARS now another thing with the W sauce that we run into is. You know some SPS service. SPS servers when they're turned on they have that windows update. Service automatically that a role automatically installed that causes. Are a lot of headaches for our partner so here is a way around that and to kind of coordinate your efforts you can send the commands and possibly create a script to kind of automate that process working there are moving forward. Again in the overall goal is to get our parents information to show up so we know we have active communication between the agent. And the windows update site now I can kinda walk you through some a common issues with make it through the services is started in kind of tracking that windows update. I'm gonna leave any firewall or proxy settings as there's so many different firewall. Pieces and proxy settings it could be out there. I'll leave that to everybody out there to kind of troubleshoot your own environment. So that is a just a robbery for idea of how to troubleshoot communication issues. Com and I'm gonna move on to what if they act have communication but for whatever reason my machines aren't patching. So the one thing that kind of want to start with is we must make sure that would ever. Though patch install when there were signing to the agent that the machine is actually on a during that time so. If were patching between three to five which is our. And that we can always check our logs. On to see if it was powered off during that time on this for need to go back any further our team do you mind history. Our show history button and I can go through my event logs if I've passed over the weekend and I need larger set of laws we can kinda see in trouble shoot to see if that agent was indeed. Online when I tried to patch it. Also another thing we need to take a look at. Is if it was on though like a server here it's typically going to be on 24 sevenths com and next thing we want to check is to make sure that. Out of my 207 patches how many are missing. So out of that total I have 32 so here are the ones that I did you have the ability to install. Bought I need to have patches approved. And if I search by missing and installed that means that whole. Of my eye patches that are missing none of them I have actually approved so when the patch window comes around. I don't have any missing patches that are approved then that means I'm not going to have a job so even know if I do restore communication I don't have. Any available patches. And I'm not gonna have it in the evening to install as you conceal all of the missing patches 32. Or pole not sets I have made a pat classification to install it so again I'm not gonna have a patched on the knot on install patches or just wanna make sure Sheen is on line actually have approved practice to install. If I do you have approved patches and it's still not patching. That's one element jump into the effect of policy tab and see Obama have any issues with my scheduling. Now I set my schedule out the locations. I need to make sure that that setting is actually getting pushed down the agent. And I highly recommend using the effect of policy for a lot of trouble shooting especially at the each level by confined. One agent that seems to be having. This issue and I can fix it here ending kind of are. A relay that information. Globally to kind of fix on my agents well that's what I wanna trained it because here I can see all the groups and the templates that are currently being assigned to this agent. So I can track exactly what template settings getting pushed out if I have the corresponding patch install window assign I can kinda take a look at it. So fly looked at my computer's current config. This is was all the settings currently applied to this machine more pain if I expand that the two things I want to focus on right now is a I don't have it active patch into the window was signed it says never so I'm not actively assigning this the template that's assigning a patch install window. Also don't have a patch rebuke window so oh. Last moto on a check for is windows update mote says do nothing. So as we kind of go back through our different parts well I know I need. LabTech mode assigned to this agent which should be so showing right here and I need my patch install window. To tell the agent that LabTech is controlling the pad as well we evolve tolerated determined that. I also need to prove patches so I have none of those three things currently going on this page. So if I go back uproot my patches I can handle that in the doc the patch manager but here goes let's take a look and see why I'm nine Keating. In the parents install window assigned. Now there could be a couple different reasons that I don't have my agents under contract which you party talked about if I don't have it turn on the location. And also like to disable it at the agent. So what we usually animal we have a problem is who we typically. Come in here and what I'm looking for is this wonder right here so. Do not patch servers based on agent we have a number of do not patched groups if you don't have the right configurations applied to the agent. While we're gonna note that we're gonna put it in what we call do not patch groups here you can see. That it's currently disabled the patch windows and I'm not patching the servers based on the agent if it says based on the agent. Odds are I have. A check box does cabling patching you can see that right here so this is where I can track from the effect of policy and say. Hey Tom why are not patsy will let me see what Simon well I'm and I do not pants group and it's based on the agent. So that can beat me here. I can uncheck that box saved my additional information. And and I came get that up and running now. If I make any changes I'm typically gonna have to wait. Are up to thirty minutes for the searches and the groups too refreshed before I can actually see those changes apply. But also in that this training exercise. I wanna show you how I can expedite that process. I can come up to help I can go to server status and I can force my searches Q update. So I don't have to wait the six minutes from my searches to update I hit. This button and if you didn't see where it went I want from help to server status. And I refresh my searches so this process runs every six minutes. If I want to kind of expedite that and force the searches to Ron I can do that here. Once it. On the weight my sixty seconds and I do group refresh this is like opening up all my groups that world once and hitting them run now bought. So I'll want to kind of expedite the process and I want to kind of wait for those processes. To execute in the background so I can see out my changes Tate coal. So now it comes back in my effective policy to add. Make sure that it refreshes. And one I wanna see is it actually getting a signed to a windows updates Monday. Now now I have my windows update template pats install re blue window accordingly. Also one thing to remind you whenever I change group and template assignments I always want to send my update config command if five make changes to any of my templates they need that command actually apply. Of the changes that I just instituted. So wanna make sure of that mine update config command executes successfully tracking everything in mind commands. Have you can see that command it usually doesn't take very long. I come back in here. And now I can see my Monday template and I can see that I now have my Monday window assigned. And I'm currently in the LabTech moat so. That is fixed. Now you'll probably notice that up here I have Mike to exclude path to reboot window. While the event is law any time kidding this century brew windows set to never. So if you caught that on my at night tab this is one server that maybe I don't want to exclude the path review window. Or I want to exclude the captured the window so I have that box checked and again I can track that back so again you can track all. Of our agent specific information. On in my windows update group but you can see I'm excluding the patch review window here. And that gives me is the ability to assign the template. I bought kind of trump that template setting with a higher priority. Looking at the template section of my effective policy I can see the priority. All of my templates are gonna go from. The lowest priority at the bottom in the highest priority at the top soul fun looking and I have multiple groups assigned. And I do have conflicting template settings I know my default template is gonna have the lowest priority and I know my exclude country blue window template it's gonna have the highest. That's just how what's assigning the effect of policies so again. Very useful when I'm troubleshooting. And with so many things control by the templates that. Post Ty to patching that they're using effective policy is really good way to kind of troubleshoot what's going on. So I can see here is my windows update again I can come in here and see that that priority is getting assigned. War with the priority of eight. And mind exclude paths review window is getting assigned with the priority of 00. Is the highest priority throwing neck group up here. Getting my template assigned. And it is actually. Trumping. My parent shall read through window. Where I can see my insult remove windows getting set here to priority of a and my exclude country blue window is only assigning the Patrick the window. So I'm pulling my patch install window from Monday. And LabTech mode from here but the reboot window is actually getting trumped here so this kind of our ties me into art third and final section of if I'm patching and I am not rebooting as expected. War on using the effect of policies to kind of troubleshoot. All of the issues that it could be having. With my patching abilities making sure that the right templates are being assigned and applied to the agent. If I'm not having reboots execute as expected. Q I have a template. Assigned that trumping it or do I have read through window assigned affectively again I want to make sure that I have. Mine. Install and reboot window said at the same time. Or I wanna see if another template is actually trumping idiom any of the settings that I'm looking too you apply. Also I would want to check mine. Patch Reeve who mode to make sure that it sets and now if I just want to execute the reboots without any user intervention. That is one of the other items I wanna take a look at and making sure that the current can fade. Is all of lining up you can see my current configure. Says never I'm gonna patch okay because I have Monday a sign in on it LabTech mode. But I'm not gonna reboot because. I have this exclude Patrick thru window sign so. I'm kind of take a look and see if these are the settings that I expect. I can make some changes I can. I'll apply changes from the effect of policy fine needs you. Change items any kind of get everything working like I expect them to and kind of tested all right here. When I am satisfied with the results and I've meet them. Corresponding changes any groups are templates I just wanna make sure that I send that update configured to re apply any of the changes. That I just went through. But that is kind of running the gambit with troubleshooting patching is a let's start with communication. We must have communication from the agent to the windows update site to get the pats inventory net pass successfully execute commands. Always want to check to make sure my services are running our show jewel quick way to check for W sauce mixture that's not interfering. And all so just keep in mind any firewall or proxy settings that would prevent. Access from the saved it to the windows update site so on the agent itself. We want to make sure that we have the agent online during the patch install window. We do you have approved patches and I'm gonna make sure the effect of policies that I have all of my schedules lining up. Two I have him in the right group to I haven't. Applying the right templates is anything interfering do I have any other templates that are overriding any settings that I'm not expecting but. Again the effective policy gives me great way to kind of track everything in one screen. And I can open up the groups opened the templates from here and adjust them I'm not having to go back into the navigation tree. And kind of find all of this information. Soak your going through here in your still having problems and change. The last area I suggest to take a look at. Is as the windows update look and if I open up file explorer just like my registry settings. The first thing I want to do was re load that system cache because again we don't hold this information. In the lab tech server so I actually need to tell the agent. That I want to re load. With current data and I wanna get all of my information. But windows update log is going to be in the the windows. Folder. Once I reload my cache here is my windows update log now this is typically too big to open up from the screen. So just. Hot hand. In order to upload this Q. You're LabTech server I've always recommend to right click add it to zip. And it just takes and a Koppel's seconds to get that. Then I can transferred that file up to my LabTech server so our great way. To troubleshoot. On get this information. To your server to kind of dig through in the of the information once it's. Goes through successfully. If I'm on my server. I can go to my upload I confine the client that. Relays this information and I could open up the full windows update log from here. And I can look for any ears you can see. Before I had a lot of communication issues because I didn't have any services and I'm trying to exe commands but you can see I have a lot of a failures and then once we kind of scroll down here I could start to look at all this information getting process spot. Not gonna spend a lot of time walking through reading the windows update log. But showing you just an easy way I can zip it. Up load it to my LabTech server and kind of go through everything at my convenience. So that should wrap up for most of our troubleshooting guinier having issues around that any of this information that you still can't kind of or wrap your head around what's going on please you know contact support maybe they can. Hope you find the culprit. From the last thing I just want to talk about that we talked about and the presentation. It is our. Webinar sites and RTB. Sides so. Here if I bring my documentation site over I just want to kind of make sure that everybody is aware of this. I go to doc style LabTech software dot com and I have the ability click on my knowledge base here and then you can see I filter by patching. Most of the items that I talked about are going to be in their own TB here and you can see a lot more of the night. Didn't possibly have time to cover during this webinar bought. A lot of this information LabTech patching 101 that was primarily our part one in this series. And also creating custom service playing a bunch of different key bees that all hope you troubleshoot any issues that you're having again. Majority of these are written by our support subject matter experts. So should be really good information and point you in the right direction and help and you wild. Also I mentioned. I'm wasn't gonna go through. Various customizations about creating deny groups and Customs Service plans. The you can see I have my creating custom service plan as exe beasts here. And I'm that it can walk you through this but we also have. A webinar if you go to lab tech TV dot lab takes off for dot com all of our old webinars are here. You can see how to create and configure patching groups support webinar it was one that works recorded. In May of last year that will walk you through creating your own cost of night groups creating your own custom service plan. And kind of customizing. EU or patch and management environment so. That is primarily. A lot of the information we've covered kind of ring in through the gambit. Of issues mean dealing with setting up. You're so for success. Giving your patching set up correctly learning how patching works and then also some common. Our troubleshooting aspects whether we're talking about communication to the windows update site. Configurations. Changes war items. With the each it to kind of track whether it's offline a game that I patch is approved and also whether or not mine agents are rebooting as expected. You can see we kind of went through. The whole rigmarole of trying to figure out what's going on. But ram. Ramps up. Our part three of our patch management series.

  7. Patch Management Webinar Series Part Two

    Fri, 20 Feb 2015

    Hello and welcome to today's support webinar my name is crisp economic technical trainer here LabTech software. We're gonna pick up where we left off and parked few of our past management series we're gonna talk about configuring patching waste ignite. Today's agenda is gonna look like there's so we're gonna go over a brief review was where we left off last time. And kind of go through of the preliminary information that we first discuss make sure everybody's all up to speed with us. And then we're gonna talk a little bit about searches groups and templates and how they all tied together. So patching is predominately controlled. By our searches identifying the agents is that meet the specific criteria. He's getting those agents into the respective groups and applying the templates that are actually gonna apply the settings that we want so it's important that we kind of go through that to make sure everybody understands about process works because we're gonna didn't jump back into our location and the ignite tab. And we left off just enabling passing for workstations and picking a date and we talked about how those templates to the sign. Well we're gonna pick up where we left off or talk a little bit about daytime patching. How that works and what templates and groups that automatically gets placed in in law. Then we're gonna move across the event tab over to the custom patching section we're gonna break down custom patching how it works what to expect from it. And had a kind of troubleshoot issues and some of the pitfalls that it's not understood completely that we Macy's. Some issues there so we wanna make sure were following best practices for that. And vandal oh we're gonna continue on that were talking about the patch approval process. Oh weeks left off where were using the windows updates dot approve group. And were sitting are classifications they are for all our ignores and aren't stalls and it's an easy way for us to track everything from one group. We're gonna pick up we're gonna talk about how we deny patches in the importance of denying patches. And the best practice for setting those are sol we're gonna kind of continue on we're gonna at denying patches to the list of configurations for our patches. Lastly we're gonna talk about a little bit about automating the process we left off the end of the the webinar. Time that we get asked the question of is there a way that I can. Omit certain agents from some of this process and we talked about opening up the aging going to the ignite haven't selecting an extra data field. And that you know excludes pats reboots or disables. Patch patching from occurring on a specific agent we had asked a question in my weld is there a way I can automatically checked that box without having to open up. All of our agents and we do you have some scripts that will automate that process and I'll point those out to you but also show your real easy way if there is. An extra date field the U wanna automate that where you can right click on any client location or to grouping kind of mass applied this all at once are all show you real quick way to do that so we can put that into your utility belts so. That's gonna be our agenda today so let's go ahead and let's briefly talk about. What we talked about last time. So this was kind of the agenda from part one of our past management series and we kind of does broke down how passing works in the right way. That we get patching to kind of work and the order in which we need to apply them. We first talked about we need to get. Our agents under contract. And the only way we can do that is getting them in the service plan it's remembered back we talked at. 24 by seven and eight by five service plans for both servers and workstations are the whole week for groups out of the box that literary agents under contract by default. So at the core we need to get our agents into one of those groups are in to a group that have those extra data field selected. So once we have that in mind the order in which we set up patching is pretty simple. So on my location I go to my ignite have the first thing I have to do was I need to enable on boarding so that runs through a series of scripts get our agents a guitar agents up and running. So we give him on border correctly we mark on the agent that on boarding has completed. That's very important because you can't join any of our agents in service claim unless they've been successfully on board. So we need him in our 24 by seven RE by five service points that we have to have on boarding Don first. So we enable on boarding we select the appropriate service plain we have our agents under contract and then we can go over to that patching tab and the ignite. Under our location and we can turn patching on for servers or workstations we select the appropriate day. And that more often running. The agents are placed in the group the group applies the template and there were setting the time that day for patching and reap so we have that. Process cover. Next we talked about the patch approval process. Where we talked about using the windows updates dot approve group were loading the information that we want we filtering all the patches that are not set and warming can decision whether or not we want to ignore or installed them and we did some basic maneuverability of on the patch manager. Lastly we talked about how to disable patching for individual agents on my agents I open them up. I haven't ignite tab. Under there I have patching and I can disable passing for that individual agent which basically means a they're at a location where patching is enabled. And I just don't want one single agent that this location a patch so I can disable it individually for that agent. So there's also different groups I can put demand that denied ID EB IE nine's specific patches and I can also exclude patching a reboots from a current so. That's the agenda there were kind of taking up so. If you haven't seen the webinars should be posted on the lab tech TV to get to to speed for everybody that was last week hey that was a about brief cliff notes version of what we discussed and we're just gonna kinda pick up where we left off. And all were gonna go ahead we're gonna talk a little bit about searches groups and templates and I'll go ahead and demo some of the snow we jump the controls and earn just a minute. But it's important for patch management that we kind of understand how all this ties together. Because that's how were gonna control most of our group structure. So if remember back were aware assigning. The the agents in the lab tech mode which tells the agent that lab techs controlling patching we're setting the patch install window on the rear window at the template. So that's how we're setting up patching to occur and we kind of walk through that together. Wall also in the navigation tree oh we're gonna be working primarily with a few different group structures and some of these we argue look debt. First we have my windows updates which have my approved MI deny rules so we already talked about the approved that's the group that I work from. When I'm setting my ignores in my installs were gonna expand on that talk about art deny any rules. While also we have all of our windows updates patch window control groups and these are the groups were placing our agency in. We we meet those selections we enable patching and we selected date. Will these are all the groups that might agents are going to go in there. And in the navigation tree you can see I have my windows updates and I have Meyer approved in my deny rules we're gonna work with those when we get to our patch approval process and jump into the patch manager. Under system automation I have my windows updates patch window control. And here you can see a breakdown of all my disabled patch windows. If I have an agent that in a disabled patch window group. That's doing exactly that were disabling patching we're putting them in to a group. And we're signing a template telling that agent not a patch so there's a bunch of disabled patch windows that we have. Based on the criteria that we set. If passing as it turned on successfully we're not getting in them in the right groups or we can quickly troubleshoot by looking in my disabled patch windows and I can tell exactly what's going on so it helps me troubleshoot. Underneath those you can see I have my wind servers and then all my win servers in my role based patsy. We kinda talked about that the last webinar I am enabling patches for my servers I can turn on role based patching. And I can assign them to the appropriate groups when I picked the date they're all going into these corresponding groups and they're giving the templates assigned. So win I am selecting all these items in my location on populated in extra data fields. Mixer data fields are what we use the population are searches. So we have all the or searches looking for these X or data fields and we have our list of agents. Those searches are attached to work groups and based on the classifications that we make all O for the place. We're gonna put them in the appropriate group. All those groups that's gonna sign the templates that control the behavior of our Egypt's and it just wanna make sure that everybody. Is cool with how this works because when we kind of jump into this album going to be flying around and just remember at the school work. Of almost all the things we're gonna talk about. It just kind of keep that you know and this view of search group template that's kind of the Matra that I want to keep and recognized search group template. While how to and I get that setting applied while populated surgical means a group and applied the template if I select an extra day to feel if I choose an override at the two level or what does that do. Well that populates a different search it gets it into a different group and applies different template world overriding my existing settings so. Really understanding patching really understanding the LabTech at its core. One of the basic font fundamental things is this searches groups and templates. A process of just wanted to highlight that a little bit of because if you understand this you're not only gonna understand patching at a higher level but you're also gonna understand. LabTech and that's the Altman gold it's kind of not only learning patch management in the series but also getting a better understanding of how LabTech quirks overall. So we left off at the location and the ignite tab window. We kind of went there to the patching tab. And all we enabled patching it well we turned it on and we selected today. Now I'm gonna talk a little bit about and people in daytime patching. And how that works so when we assign today we turn it on in this screenshot I enable patching for workstations and I pick a Monday. While five patching by. AM. Well. If I wanna patch Monday morning at 3 am I have to make sure that my users no to leave their machines on when they leave for work on Friday. So if they don't leave their machines on the machines are powered off guess what they're not going to be power on during. The Monday patch install window and they're gonna miss. They're window. So what we have the ability to do is I can enable daytime patching and set a limit of our right how many times looming and allow the users. To leave their computers powered off. Before I change the template assignment and I X Spain in the install window. And packs during the day and that's what this classification actually does when I enable daytime patching. And I in that drop down I select the date time pats missed a three. What I'm telling the agent or the computer is all right I'll let you missed three windows. And then you know what I'm gonna do I'm an Apache during the day. So I try to be nice and I set to up for Monday patching and it's from three to five and you've missed the last three times last three Mondays. So when that threshold is reached. I'm gonna take you out of that Monday patch group number which you with a different group and its are enabled they time patching group. What that does is it populates a search throws you with a different group and then just applies a different template. So we talked about templates earlier. I put you in the Monday group all right Monday is enable for patching the pats install window is from three to five. Well when I put in the daytime patching group. I'm gonna go ahead throw and assign a template to you and the patch install window I'm just going to increase. From three to five to 21 hours X banding it. Throughout the day so whenever that machine comes back online and updates the configuration that we've just expanded our install window. So when I enable daytime patching I'm really just expanding the time that I can allow patches to install. Now one thing to keep in mind is I'm installing patches during the day and I open up that window but I've also dis able that reboot windows so were gonna set. That template. We're gonna set that reboot window had never so we're gonna XP in the install window but we're gonna disable reviews because we don't wanna reboot your users in the middle of the day. So they miss their patch windows they missed it three times all right fine we're just gonna expand it we're gonna install patches when that machine comes back online. But we're not gonna re group we're just gonna flag it for regroup and but that's what enabled daytime patching really dose is. I kind of safeguard. Hey I'm gonna go ahead I'm gonna set the limit of how many windows you can minutes before I just extend it into a window and I patch when that machine comes back on. The next sex or talk about is all that same tab. In my patching is my custom patching schedules. It you can see. When you open up that ignite tab on your location over on the right I'm gonna have my custom patching schedules and I'm gonna have three to from ones to choose from. So when I enable passing for servers or workstations that I've picked today as there's in the dropdown there's gonna be custom 12 or three. When I select one of those that that's gonna open up the corresponding custom patching schedule 12 and three that you see highlighted now. Now what that gives me the opportunity to do is. Let's say I'm passing my servers and I don't wanna do it every day and I don't wanna do once a week maybe I wanna do it twice a month may be don't wanna do it two times a week three times a week. Once a month whatever I want that's scheduled to be. In order to get a little more flexible I have to use one of my custom patching schedules. And you can see here in my display that I have custom patching schedule one and pat stays the monsoonal Obama pats on the fifteenth in the 28 of every month. So what that means is all days that aren't the fifteenth and 2128. Well I'm gonna go ahead and put a minute do not patch route because that's not my sign patched it. On the fifteenth lab takes gonna run an internal script and say hey two days the fifteenth all right let's take all the agents at this location let's take commands that disabled branch group. Let's go ahead and from in my valid custom one group and assign the appropriate template. And that's how custom patching works is we have custom patch schedule. Calculator that's gonna wrong at 1206 each morning and it's gonna determine what the current date its. We're gonna screw rubbed the database to see if any locations are set to Pat's on this date and then we're gonna take the corresponding agents out of an invalid. Patching group words disabled and we're gonna put him in the ballot custom one to three group. And you can see here here I have the fifteenth and 28 custom scheduled to you know what I'm just gonna pats the last day of the month that calculating script. Is gonna determine which is the last day of the month. And it's gonna pats on that day. I also have the ability. Two pats on a certain week here on the week for Sunday. So each fourth Sunday of the month that's going to be my patch Tuesday so I've three different schedules that I can choose from. And I can kind of heater to those I don't wanna patch every day I don't wanna packed a specific day. You know what I wanna get a little more flexible. I can use my custom schedule to kind of push those settings out. So zen that we have our parents approval process continued. We're we're still gonna talk about the pats manageable we're gonna specifically talk about it nine patches. Everything still going to be the same except I'm gonna use a different group Romulus set up to nine patches so we talked about windows updates not approved. That's where I'm gonna go in and I'm gonna set my installs or ignore works. Remember our windows updates dot approved it's got two subgroups underneath it labeled servers and workstations. And all my servers are going to be my server subgroup and all my workstations going to be in my workstation subgroup. So when I may classifications on that approved group a guess what they automatically get inherited down. Will now organ added kind of go down a different path and instead of the windows updates dot approve group. Were gonna take a look at the windows updates dot deny rules group. Underneath that we're gonna have a whole new set of subgroups where were actually going to you. Pick a rube that I want to deny specific patch and I'm gonna find actually be and I'm getting to deny that patch at that group. Then what I'm gonna do is I'm gonna throw agents into those groups that I don't want that patch install. Its main reason we want to do that is if you remember our hierarchy of not set ignore. Install. And deny will deny is that last one and it trumps all my other settings. So you really don't want to get in the habit of denying patches at that windows updates dot approve group because then I lose all flexibility to install that patch anywhere. Instead what I wanna do is I want to isolate to specific KB I want to deny it on that group that I wanna put my agents in that group. That way any patches that I want to or I have to approve it on any other agent that gives me the flexibility. But there's certain agents that can't have a specific patch well I'm gonna created group deny that patch and I'm gonna get those agents and that. Did night. Group and that's where wanna handle denials. Lastly we're gonna talk a little better about automating of the process. So. We talked about on the computer management screen on her ignite my patching tab I have deny specific roles and overrides. So we have some scripts and that our navigation tree under Scripps. Where I can automate the process right don't have to open up all of mine. Agents and checked that box individually what I can do is I can right click on a client on an agent on a group on a location. And I could run that script it's gonna check that box forming. So we're these live you can kinda see is on the left I have my patching tab on my agent I have but my denies specific roles at my over its. Or if you kinda look. At the navigation tree Scripps maintenance patching this few over here you can see eight disable all patch approval check on the agent. Which is actually. Going to check this box for the corresponding box a check on the agent uncheck on the agent. Disable automated patch install a that's that one I'm gonna check in on the agent on on check it on the agent. Denying specific roles they I have one to check on the age at one on checks that we do have a few. That we can Raun. On a larger set of agents in kind of automate the process. Now we got the question last time where hey I want to exclude patch review window what we don't have that script created for that. But what I'm gonna show you real quick is I'm gonna show yeah how to copy one of these and then all we have to do is point to this different extra data field. So we do have some I want to point those out because this was a really good question our last webinar. So I want to point this out we're these scripts lived while we're together date and then I'll show you how to create another one were gonna copy it we're just gonna pointed to a different extra data field. And that's what we're doing today it's so at this point let's go ahead and jump. Into you. My control Centre and we're just gonna walk through a little bit of what we discussed. So here I am. I'm back of my control sinner. A one to kinda show the hierarchy of our groups. We have our windows updates group which we have our approve group were never deny rules were going to be working with our deny rules a little bit later. Also we have our system automation. We ever windows updates patch window control. Now you can see this is where all of my servers in my workstations. When I select. And enable patching on the location and these are all the groups that my servers and workstations ago on an going to respectively. My windows workstations you can see hey when I selected Monday on my location this is the group that it was gonna go into. And you can see here it's gonna get my Monday template. And there's where it's gonna put me in the LabTech moat and assign a schedule so this is what we discussed last time. But you can also see they have an everyday daytime patch override group and that's what's gonna control my daytime patching. You can also see that I have a custom one custom one invalid custom too custom to invalid. This is what's gonna control my custom patching so I always like to go over the group's first. Because when we select the box they're just gonna populate a search and we're gonna throw them in these groups so always like to point out the group's first. And then when we kind of jump back into it day remember me check this box what this is what actually. Gets flagged by the search and then that search puts him in this group. So all of my different groups my windows servers they're all gonna have. Of the same thing now if you remember I only had daytime patsy and able for workstations we don't allow that for servers so you're only gonna see that every day pats. Date time pad to override apply to workstations. Because we're only gonna do that were only gonna Pat's workstation we're not gonna patch servers during the aren't so we're nuts you don't have to worry about that. But also I have my disabled patch windows. So if I'm troubleshooting my agents and they are in this do not Pat's not under MSP contract remember when I talked about a need to be in a service plan. About 24 by seven rate by five it needs to be under contract while the bits are not I can troubleshoot and say. They're not under MSP contracts and not in a valet service plan or they haven't been on boarded. So I can track why they're not getting my patched aren't template supplied by looking at this disabled patch windows. Do not patch servers based on the agent means I have one of those extra data fields on the actual actual agent saying hey don't patch this agent. Internet patch servers based on location or that just means I haven't checked that box to enable patching for the workstation owner or the server. On that location. So search groups and templates kinda drive all this functionality. I check a box somewhere it's gonna populated search. And I'm gonna get thrown in the corresponding group and I'm and apply a template. All of my disabled patch windows group there are gonna do the same thing they're gonna sign it do not patched template. Which. Just what not gonna get lab tech mode we're gonna do nothing and a reset the patch install window to members who were not going to touch it. So search groups and templates play a key role in all the patsy whether you have it set up or whether you don't. If you don't have it set up well they should be in this group after troubleshooting why you don't have it set up odds are they actually got put in this group. When you're patching and everything is good page there eventually gonna Schulte and one of these groups depending on what you set at the location. And that's kind of power searches groups and template supply. Underneath my searches I go all the way down windows update settings. Here are all the actual search is that population and get attached to those crew so you can kind of take a look at our searches. Go full circle and see how the process works but I just want to point out searches groups templates that's what drives. Patching on all the different levels that we half. Whether you have patsy enabled or not odds are they're gonna get put into one of these corresponding groups. Now when we go back to my location. When we go to ignites. We've RD gone through this let's continue on here and here we are in the patching enabled daytime patching. This is where I'm turning patching on and I'm enabling it for Monday's. And I'm telling this location and all the agency of the workstations here. A right five enabling daytime matching item and assign a value nominee tell you all right how many missed windows of my gonna allow before ipads during the day. So I select three I save additional information. And what's gonna happen is I'm and apply that all these agents here. So how about process works is about open up one of these agents now this is a server sort doesn't apply but the field still going to be there. I go to ignited I go to patching well each time it misses a patch install window. I'm gonna check this value so it misses want to change it to want to miss is to retain two to three. When it hits three from our workstations well there it just hit my threshold. So now I'm gonna patch during the day so all that does is it populates a search. Of the search. Populates a group. And and I get thrown in my everyday daytime patch override and you can see I have a corresponding template. And all that does put Atlantic mode now we just expand the install window. So you remember back RD fault is from three to five while a few enabled daytime patching we're gonna apply this template. We're gonna patch it every day sees that agent comes back online or we're gonna do is we're gonna set the install went to started to 45 AM and run for 21 now works. All that means his leg a UMR window. All right we're gonna turn patching on all we're gonna open up the window and expand a larger portion of the day. And that's what's actually gonna get applied in you can see here my patch you grew window we set it to never were not gonna read charger. Your machines by. Reboots. But that's really all we're doing is were populated in your different search. Getting into a different group and then just applying a different template that expands the install window so that's a naval daytime patsy. So custom patching over here. So you can see all use my role based patching for my servers because there are set up. So here I've turned surpassing on for servers and I'm doing it based on server role. Here I have custom one custom two custom three. Now if you don't remember from role based up passing for servers. I select this and then as he's. Unlock and I have the ability to sign. Everything according everything is gonna work the same a five picked Tuesday for VM host guess what they're just gonna get. Up placed in the VM host. Tuesday patching group and assigning of the Tuesday patching template for servers. Again if I have a VM host that's also a domain controller wall who's ever at the top of this list list is going to trump the other one. So pom VM hosts a number dooming controller arm to get the Tuesday template. If from a domain controller and exchange server will the domain controllers higher on the list woman to get my custom three template site. So when I. If I don't have any custom ones you can see that's great doubt I can't do anything. It's when I. Allow or assign any of these drop downs to custom ones but it's going to unlock so by default you open up your locations patching ten. And all these are gonna be grade out until you actually picked up a custom one from the dropdown. But here we are I'm assigning the fifteenth and 28. To be my patch days. So what we're doing is were assigning to specific days in order to patch. All the other days that aren't the fifteenth in the 28. Well all we're not gonna pass on those days. So that's where we come back to or groups and we're gonna say I have. My custom one patching schedule for the fifteenth and 28. For my VM host servers. So here I have my cost some one invalid in my custom one so far I have any servers. I actually were doing that SPS. So here. If I have any servers what that's gonna do is all days that aren't the fifth 128 that well I'm gonna put them in my invalid custom one group. It's not my days so it's invalid and guess what by custom one invalid bears might do not patched template again. So any other day that's not the fifteen to 28 I'm not patching. So on the fifteenth and 28 we're gonna mark their all the agents to meet that. Where remarked that custom one schedule is active. We're gonna take a matter the about the group and we're gonna put him in the custom one group. And on the fifteenth and 28 the assigned to this group and guess what they get the windows server custom one template and guess what that sets it. LabTech mode. And it sets are passed install window accordingly. All of our ones cost him to. Edit LabTech mode and there you can see it's a deep thought or custom one has been changed the most your default templates they older gonna show that 3 AM to 5 AM. But the same rules are going to apply as I move down here any day that's not my day I'm gonna be disabling patching. When my day occurs AM and taken out of the invalid group number put him in the about a group and I'm going to assign appropriate template. Now. I'd look at that template. And you're gonna notice. That it says every day. While remember back. We're only gonna put him in this group and apply this template on the specified day we have a script it's gonna on and it's gonna say today's your day go ahead and order group and assign your template. So no matter what day that is we're setting the template to every day. So the reverse is gonna happen when that days over. So it's no longer the fifteenth. The clock strikes midnight it's now the sixteenth and everything works in reverse. All right our script runs it says all right you're no longer near patch day let's take you out of accustomed to group. And let's put you back in the custom to invalid group. So when that happens I turn patching off so we have the template set to every day but they're only getting it applied on the specified day. That you have set here. Whether it's a fifteen to 28 whether it's the pats the last day of the month or whether it's the fourth Sunday of the month. So were only going to assign the patching template on the corresponding day all other days we're just gonna disable patching we're gonna put them in that invalid group. And then when their day comes along. By the power of LabTech or we're gonna automate that process take a man about a about a group we're gonna from in the dollar group. Organ assign appropriate template. So everything is automated by what I'm choosing here. Now one thing with this that I wanna point out one I'm using weeks of the month. So first of all file amusing weeks of the month and I'm taking a Sunday. One thing I wanna point out if I do something like this. I'm create eating. And and statement. So what I'm saying here is a five populated all of these is it has to be the fifteenth at the 28. And the forts week of the month. And on a Sunday so I'm getting reasonably specific on what day I want to set up as my costs and three patching skits. So be very careful with that so as I feel in these fields I'm creating an Ian statement. So this sorted this and this and this sort passed B one of these two days on week four and it has to be on Sunday. So I know the fifteenth is never gonna follow week for Omega the 28 but the odds that I'm getting a 28 week for an on a Sunday. I'm really limiting my options and actually successfully patching. So be very careful with that. Also with weak for. We four you're gonna be good I wanna point out week one with few. So the way our custom patching schedule works in our calendar works is we designate. Whatever week that month starts on. As the first week of the month. Now what that means. Is if I set up patching for week one on Sunday I want to know if I'm actually gonna have a valid week. Of that month. So far go to my handy Google calendar and I go to month where you can see February AM good march and good but now let's take a look at April. So far patching week one on Sunday well word designated April 1 starting on a Wednesday so would this is weak one. So you can see week one I don't have a valid weak one for April so I'm not gonna patch. So keep that in mind when your X yours scheduling and a using weeks of the month. This is week one week to week every week for an I have five weeks. Move on to may hey here's weak ones starts on a fried 12345. Guess what I have six weeks in me. That's the sixth week of may and I'm not gonna patch again I'm not gonna have a week one Sunday. So the only. Day that will work fine using weak one is Saturday because I'm always gonna have a week one Saturday that is the only day during week one that's going to be consistent. So what we typically recommend if you're gone had passed by weeks of the month is used to three or four. You're always gonna have weeks to 34. So some weeks may have five you've even see an example or some they have six. What all months you will have to report February being the example starts on Sunday runs for four weeks it's exactly for weeks. So all of your months will have weeks to nutrient for so when you're setting this up and you're telling your partners it's very important that you understand. How the calendar works with custom patching especially when I'm using weeks of the month. So be very careful when and I can't assign multiple weeks if I wanna patch 23 and four. Of the month I can't do that I just. Space it out using commas and I can also. Pats on different days during different weeks. So I can't they on a week for I wanna pat Sunday Tuesdays and Fridays so it does give me a lot more flexibility. And all I need to do is assign it and just know how the process works. And just keep in mind all the days that are like days I'm gonna be in an invalid group. Or write them on my day comes around. In the background lab takes gonna figure out hey this is the specified date let's take you out of that ballot group let's throw you in the valley group. Let's go ahead and applied a template which controls the LabTech mode and in the patch install window so keep that in mind. Now. One thing I want to point out it's very critical for custom patching and I always recommend just believe me on this. Is we have our schedules which control. Different commands when they are scheduled during the day. What I recommend is form my desktop slow lapped us in my server I come in here. My update config command I recommend setting this value to 1 AM and repeating multiple times during the day. For custom patching it's necessary. To have this command automated. When I take it at the about a group and I throw it in the ballot group I need an update config command to actually apply that template change. So out of the box all of our schedules started 9 AM so usually custom patching works but at that date late. So what I recommend for all of your schedules come in here on each one of them set this up geek and big. 2:1 AM and he typically recommend running every four to six hours depending on. What you need to do that command is very brief takes about ten seconds or less to actually execute that command. But highly recommend doing that for all of my inventory schedules coming in optic and fig starting in at 1 AM so we can get those templates. Doc configured and changed especially if you're using custom patching. All right so that's daytime patching that's custom patching sober kind of expanding our configurations. What are we really doing what we're really talking about while talking about popularity of different search getting into a different group and applying it different template. All of patching win I'm controlling the date and time is all gonna be controlled. By these groups. Searches are gonna populate these groups and the templates assign of these groups is gonna control the date and time weather on patch and whether I'm disabling it. So keep that in mind when you're troubleshooting the windows updates pats window control. This is where I'm gonna end up troubleshooting. My agents make maturity in the appropriate group. So now we're born back to the patch manager we're gonna talk a little bit about deny it rules again. Were gonna come here windows updates dot deny rules you can see here. We're building specific groups and word denying patches. Here approved a group or talk about installs and ignores the spirals what we're gonna do is we're gonna find. A specific patch we're gonna deny it and we're gonna create our own group around. Or vice Versa we're gonna create the group we're going that group Morgan denied that patched and then. In there I'm gonna put the agents that can't and that individual patch the reason I do that is if I deny patches at this level. Well that's gonna get filtered out all my servers and workstations. So if I ever have. An instance where you know what I have one client that needs that hatch and I've denied it globally. While I've lost all flexibility because all my servers and workstations have that denied I can't trump a deny deny trumps everything. So we specify. A specific patch we create a group we deny that pats on that group that we put our agents in there. So now I'm in mind patch manager. And I'm picking my specific. Tonight groups. Here and selected died a nine. Let's see what I have denied here I'd vote by display in here you can see here's my KB 982. 861 this is my windows. Internet Explorer nine install and you can see all of these KB's I have denied here. So I fix my group. I come in that group I come in here and I find all versions of deny our I. And then I deny all of them so I find every version that I have out there. And I go ahead night deny it so once I've denied it. Then I'm open. To putting my agency in here and allowing. A good that I group to push out that classification. And it just goes to the agent and denies that hatched. Now you don't have to drag and drop each one of your agents in here you do you have the ability whenever I pick up a deny group I can. Add an entire list of clients. All right I can create searches I can create locations. I can put them all in here and I can drag an entire client here along. But that's how I automate this process. So I wanna keep deny rule separate from mining installs and ignores because they trump everything I don't wanted globally denied because I lose the flexibility to install that anywhere. So that's why best practice we come under our deny rules. I add a new group on that group. I either specifying. KEB number or the actual name of the patch. I see event. And then I can come in here and I'm probably gonna need to reload my Pat's manager. But I come in here and modify and then to. All my patches. I know the KB outlook for the KB number if I know what the name of it is. I can filter through I find the specific dot net. Past that I wanted to nine and then I throw my agents and this corresponding. So we talked about ignores them installs. Last time so now we've expanded that we talked about deny rules so best practice create a group. Deny the specific DB on that group and let's get our agents in there. And deny that patched. Our right our last topic. We're talking about. Our agents talk about automating. These check boxes. So you can see I have some specific denying. Groups are PDFs here when I check this box. That's automatically gonna play some in my denying. Groups we do have some built out of the box you can see dot net for I. I can automate the process that's automatically gonna from a knows deny groups. If you wanna create your own. Extra data feels like denial IE ten tonight and I. Documentation we had KB articles that'll walk you through it so I'm not gonna go through that probably save that I'll actually save that for part 3 am and show you how to build those out. What I'm talking about today is an actual script that I can run the keeps me from having to open up all the d.s agents. So if I don't open. That agent but I want let's say this entire location I want to reduce the bull. Patching. Or for this agent I just want to turn off patching disable automated patch install. So I come to scripts I have maintenance. Patching and and here's all of my scripts disable all patch approval that's what checks that box on the agent and it takes. This agent out of the passing group set on this location. I also have a dot net four. I. Soul for our deny specific roles we have the checks in the on checks. For the disable all patch approval and disable automated patch installed I have checks and on checks. The one we don't have. Have and we were asked this question. Last webinar is there a way that I can exclude patch review window. On a global scale we don't have that script here. But it's theory easy. I go to maintenance I go to patching. It's very easy. To create you can see here. I've already copied this and create a copy of disable all passed approval. So fight open that up it's gonna fail. And let's go ahead and just delete down. Atlas is dew roll over here. So here I come and disable patsy. Approval Obama copied the script phenomena create a copy. In that copy comic come in here and what I I'm gonna do is I'm gonna renaming. Exclude pats review window check on agent. Now prominent change my notes. So I know exactly what this does. Now. For all of my extra data fields where the box is I wanna check that is the checked box and it's an extra data field so you can see here. X a data field disable all patch approval if I open that up. Only thing I need to do on my copy is coming here and I need to find. Might reboot. X or data field. Now it should being. Artists. Exclude patch reboot window. So it's gonna run on the corresponding to purity and it's gonna change about you to want. Which means I'm gonna check that box so box checked equals what the database. So I save that step. And I just easily created a script. That's gonna instead of checking the box for disable automated patch install. Prominent critic copy exclude pantry window check on agent and I'm gonna Simon extra data field how many changes to exclude Patrick window. And then of course. I'm gonna change. My notes. And save the step. So now I just easily. Created a script. That allows me to right click. On any age and any location any client any group and checked that box. So that's just something extra you can add to or you worked programming your scripting skills. Creating a copy those are real easy because there's only two lines. And all I have to do is point to the extra data feel that want to change and save it. And just assign it either 01 if I want to checked or. The unchecked. Is just. The zero. So zero it was unchecked one equals checked. And I can automate that process so one to walk through that again we have that question last week and it is one to show you real quick how to create. Copy one of our scripts and create that functionality. So I know this is a lot of information today. Bought. World stick around if anybody has any questions. We'll stick around see if we can answer so we talked a little bit about what we talked our last webinar walking through the process. Again enable boarding contract enabled service plans. Enabling patching picking a day. That it's a process started so we picked up we talked a little bit about searches groups templates Powell all of our extra data fields tie in a search. Different searches are gonna go to my different groups and that's where I'm gonna control what's going out. Different groups are gonna get the templates assigned whether patching is enabled or patching is disabled are all gonna be tied to searches. So if your member search group template. Really gonna simplify things. So from there we talked about. Enabling daytime patching what it does. At the end of the day that populates a different search gets into a different group and just expands the patch install window to during the day. Custom patching we talked about again I'm gonna assign specific days I want to patch. The automation of LabTech is gonna decide a you pick this day I'm gonna take you out of an invalid group throw you an about a group of mourning you to up and patching. We continued on and talked a little bit about denying patches as opposed to setting them to ignore or install. Windows updates dot approved we're gonna focus on our ignores and installs. For any patches I want to deny Dominic creator group of men deny that specific past and I'm gonna get my agents in there and that's I'm gonna deny patches and leaves of me room to apply. Them elsewhere. Lastly we just talked a little bit about automation so we talked about the scripts that check specs are data fields on the agent. And we talk to real quick and easy way if we don't have one that's checking that box well that's okay we can copy it we can change where it's points. And that's where I leave you today so when a thank you for joining us for patched part two of our pats management series.

  8. Patch Management Webinar Series Part One

    Thu, 5 Feb 2015

    Hello and welcome to today's support webinar. Mining as crisp and economic technical trainer here tech software today is part one of our patch management series. How to set up patching with ignite. Today we're gonna talk about a few things the first thing is the basic enabling of pats management functionality of the group global. Or in other terms. Getting your agents under contract so that is a key part as we only have a few groups that'll now for these contracts to be put in place out of the box it's important you know which one's toes more. Next organist select the appropriate group at the location level and that also includes enabling our importing and picking the right service plants. Then we're gonna move right along to a needling patching for either servers means world workstations. Were also gonna talk about setting the time of days for patching and rebooting and the stickers at the template level a more kind of walk through the relationship vote. What I set. At the location and how that corresponds to how my templates get applied that actually control passing in rebooting. There were gonna briefly talk about the patch approval process. Due to a little more familiar with the patch mean injured and the different classifications of patches that I can use. Lastly talk about how to disable patching for individual agents and this is good for. Enabling patching at an entire location but they're me EB one EG in or couple agents that I just don't want to be a part of this process. You don't need to create a whole new location we do have the ability. It just disable patching for individual agents will walk through that process as well. So that's what today is gonna look like Celeste just go ahead let's jump right into it and talk about. Contract. Level patching. Before we can configure pat settings for a locations we must ensure that the service playing groups were going to use have been enabled for Panchen. A LabTech. Has four work groups where this is Marty turned on and that's located under groups. Service plans and eat there are servers or windows workstations and army needs 24 by seven and 855 plants it's very important that you understand these aren't the only four groups within LabTech that have. Contract enabled by. While we're looking next year on these groups on the info. To check boxes one called MSP contract group the other passing covered under contract and they're gonna look like this. I navigate down to my service plans windows workstations manes 24 by seven it showing on the screen right now. That info default have I have MSP country or group impacting covered under contract I need those boxes checked. To get these agents clear to buy ignite. To enable the patching to Booker so it's very important to know that. Our mean these 24 by seven any by five service plans are the only four groups and that have this enabled by default so one were going through we're setting a pants and we must pick. One of these to you. Warmer selecting our service plans for servers and workstations that'll make more sense as we move through this wanna kind of set the table with that. In order for a location to use ignite patching system oh we need to associate with the appropriate group. And this is all done on my location. I go to that ignite tab and that first section is my services tab and this is where I'm gonna focus on selecting my service planes for servers and workstations. And also worm and enable arm boarding. And that's gonna look like this screen here you can see I'm opening up my mean office location. And navigate to the ignite tab and that first tab services is where I'm gonna set everything in motion. You can see circled in red there I have my server service plane I'm picking 24 by seven my workstation service plain eat by five. And a real important down there don't forget about that and evil on boarding. What enable onboarding does is it sets off a bunch of scripts and that sets up our agents for all of the launch of different thinks. One script with indie here sets up windows updates but one of the most important things there is. It runs an after it completes it marks that agent that onboarding completed successfully in that's what we need. In order to join any of our service planes or we need on boarding to have completed successfully on the regent or it will populated any of those groups. Now a couple different things about laptops and notebooks are covered under workstations at this stage of the configuration. Also you notice over here device is covered by contract. I can tell if the process is working when I have agents. Being total over on this section. So if five have servers and workstation service plans in the process is working correctly eventually I should have numbers populated over here. It will take up to a couple hours for this process to automate. The on boarding script runs at the top of each hour so depending on when you check these boxes how the internal process works it may take a little bit for them are importing. Oh on boarding process to work. And then eventually get into the service plans. We're we can calculate these totals bought the process will work for you in the background while all you have to do was wait. If for any reason these numbers don't start manipulating in a couple hours please open a ticket so we can make sure there's nothing wrong. Internally with the server and everything is functioning accordingly. All right once we've got past that first step that's usually the big hurdle to make sure we know what score one on there. The next is we're just moving right along automatic night tab and word is going over to that branching tat. And here is we are we're gonna actually make the decision. If I'm going to enable patching if I am in my going to enable patching for just workstations workstations and servers. Or am I going to view all so you know enabled. The basic we're gonna focus on the screens you can see we just moved over on the ignite tab at the location from the services in the patching ten. So I have to make it through services before it can even get to the patching tap. And you can see here are highlighted in red that I have that checkbox I'm obviously gonna turn patching on for workstations by checking that box what that's gonna do it's gonna release that drop down and that workstation patch day I'm just gonna select what ever date that I want to patch. So we do you have the ability to kind of distinguish between hey I just want to do workstations or just wanted to servers or wanna do both. So both of them they're gonna have the ability to turn them on and then pick of the deal of the week that I want to hatched. And you can see in that server section based on server role and that's gonna open up my role based patching schedule down below but still the process is going to be the same if I'm doing it based on server role on student's gonna pick the page. That I want a patch so it is really. Just as simple as getting everything ready to go in the services tab enabling onboarding picking the right contract enables service plan. And the coming here turned on and pick today and that's what I kind of wanna focus on. The internal process should take care of the rest so and that's what we're looking at we just have to kind of do everything in this specific quarter. And that's what I wanna focus on today in this part one and say this is how we get everything Raun. Successfully with ignite. The next part is setting the timer Dave for patching and rebooting. Now the previous tab we talked about turning it on and taking it day. By deep fault whatever day you pick is gonna go into the corresponding group and assign a template that's gonna control. How were gonna install patches in the data and how we're gonna handle reboots. These templates are going to be stored the navigation tree under admin and then that's where were all of our templates are going to be. We're focusing on all the ones that say windows updates either servers or workstations and then it's gonna have a specific day of the week so would ever day of the week you select on that patching tab when you enable patching. It's gonna get that specific template. On that template if you open it up were only going to be concerned about two things. All the agent tab is getting into the lab tech mode which tells the agents that LabTech is in control and we're gonna go according to the day and time that we assign. And that's scheduled time is gonna be on that schedules tab so. On this next screen you can see as an example were using the windows updates workstation dash Friday. So that's the name of my template whatever. On this agent settings you can see by. I look at agent settings windows update says LabTech mode it's gonna be enabled will LabTech mode means hate. Wearing control we're not letting windows dictate when. And where I'm going to install patches. Lab tech's going to be controlled we're gonna just registry settings in the back in a Morgan it can take control of the schedules were also gonna disable that notification icon. That pops up and says that you need patches to install organ a kind of turn that off and we're gonna control the date and time. Or the day and time is gonna be specified in that second section over here. When I'm looking at my schedules. You can see I'm assigning a patch install window for Friday or that makes sense because this is my windows updates workstations Friday template so the install windows going to be Friday. By default all of our windows update servers are workstation templates. Always start at 3 am run for two or so between three and five that's gonna be my default install window. You need to adjust that for specific days no problem find the template open up and adjusted. One thing I do wanna talk about real quick is this reboot window by deep fault were gonna set up our agents to patch and reboot it I'll with each other. And these two windows work in conjunction with each other. Which means hey I have this set for Friday but I'm only gonna issue the reboot command during this process. So even though the patch re blue window says every day I'm only gonna get that command. When I'm in my install window so only gonna get that on Friday so that that is does cause some confusion it's but I want to assure you I'm only gonna get that reboot coming in. During the install process. It's only doing and so process on Friday according to this template so I'm only an issue a reboot on Friday so don't get confused by that every day. Classification all of our templates to say that. You'll also notice what I do here he is I offset the reboot window by an hour at the end. So my you install window is from three to five so let's say I'm installing and I have everything ready to go but I'm not finished. At 5 o'clock it kind of goes over a little bit what we offset that by an hour just to say hey that's cool on or offset that by an hour to catch any of those I delete patch installs and we can still reboot them were gonna give them an extra hour to finish. And then offered that reboot on at the and now also important is we kind of get the the ability. To limit the window that I can reboot because you can see we're starting at three we have the reboot for three hours so we're going till sixth so. If it doesn't finish with sent within that window I've done that six so I'm not gonna interfere with any my users is that comment. So we kind of limit that window if it takes longer and were ready to reboot reboot after six. That's fine that's the only window life science we're just gonna flag that after reboot pending and we're just not gonna in erupted user because we don't want to a kind of open that window and have that stretch into the early part of the morning where we may have some users coming in in getting re booted as soon as they get there. I get to their station but that's important. That is though the process. For just turning everything on he is we need to get. Our agents into a contract enabled service points are right that's step one. We talked about the service plans that we have 24 by 78 by five for our servers and workstations again we only have four out of the box. So go to ignite I enable on boarding I select one of those service plans I get Smart patching tab and then it is just as easy as turning it on and taking it day. Though automated process will take it from there will put it in a group this can apply the appropriate windows update servers or workstations template. And we're gonna sign. The windows update a mode to lab tech mode and we're gonna get the patch install window signs of that is the actual set up process. On for a giving mine system configured for passing with ignite. So we have that set up so we have our agents in the appropriate group with you quote appropriate templates assigned. So now that they're in their service plans in there are getting their template assigned were gonna briefly talk about the patch approval process. This is all gonna be handled by a plug in you can find the plug and in the control center it's gonna be up at the top and it's going to be a patch mean injure. From there I have the ability to filter through. Different groups that I want to up proved patches ignore patches denied patches. Of those are gonna be the classifications that I have to walk through kind of how to filter out and kind of get to the ones that I want to focus on. Patch manager is gonna look like this it's you can see I get to the past Manger at the top of the control sinner and I want a focus on that last part that's in read over there. What do I want to do that says hey I need to pick other pats group approvals that I wanna set my approvals on. All right cool what grouped by want to choose and you can kinda see in the year that I want to use my windows updates dot approve group that is our recommended group. For a signing patches. Why do we assign that will buy. So if I use this group. Then it's automatically going to inherit. Are pushed down this inheritance down to its subgroups. Where it's automatically and applied all my servers and workstations so a key and use this one group to kind of control all my patches. And then from that point I came limited vice specific OS's. I can go by categories whether I want to focus on critical updates security updates or anything in between. And then I load my display and that's gonna give me just a list of all of the the requirement some kind of looking at will jump into the controls and are just a minute and kind of go through the navigation. All of this system but that's what I wanna do you. I want to get everything set up with ignite get him in the right group get the right template applied then the next step to say I'm actually gonna choose what patches I want to install. Are right and that sets everything in motion. So the last thing that we're gonna talk about is what would apply have. A couple agents at this location maybe it's a server maybe it's the CEOs computer that you know what I need to handle that manually so I'd. Don't want to create my own location. For this I just want the ability to remove one or two regions from this entire process. While we can also do that at the agent level. If we open up to our computer management screen and again we're gonna go to that ignite tab and then we have a patching tab under there. I have the ability to look in the override section. Where I have a checkbox for disable automated patch install what that's gonna do is it's not gonna allow this agent to get into that patching groupware and it signs that template. So instead all we are gonna check this box and we're gonna read it internally. Via searching group assignment today. We've disabled passing on this agent level. So we don't want to throw them in a group that gets that windows update server workstation template. So we're gonna remove it from that group and instead of gonna put in the differ group or actually disabling patching so just checking this box. I can leave the location as it is an all my other agents gonna play nice and they're gonna do exactly what I want them to do but for this agent you know what I just don't want to patch this agent I don't wanna part of that process. And that gives me the ability kinda throw out the just a couple agents without having to build an entire. New location. In order to kind of facilitate. That need it and that's. Basically setting up. Patching which is ninety and so now want to do you what I wanna do is the jump into the control sinner and kind of just walk you through this process. And then we'll answer questions at the and soma to bring up. My control sinner and you can see here's my client and as a demo I created this new location and this is gonna. You know kind of signified he edges created this location. And I need to set it up and I need to know the right process to go through. So fight open up mind to new location I travel to the ignite have you concede nothing's going to be set up. Out of the box I'm not gonna have any services elected I'm not gonna have patching configured obviously we're not going to automatically start patching your regents. You're gonna have to tell us what you want to do you. So in this process we need to know a couple of things. First thing. I need to know that I need to have my agents completely. On boarded in order for me to get assigned to a service plants so the first thing I wanna do is I want to enable on boarding. And that's the first step in this process. Next we talked about 24 by seven and eight I five service plans are the only two groups. For servers and workstations is that put my agents under contract. So if I'm going to actively pants my servers and workstations at this location I need to pick one of those service planes and what that actually does. Is my managed but 24 by seven I'm mean you see by five if I were to go to my service plans. You go to windows servers 24 by seven and go to my info tab. You can see here's my MSP Contra group passing covered under contract this is telling ignite the yes I'm actively wanting. To put these agents under contract which means I'm in control I want to go ahead and I want to enable them for patching. So again these are the only for service plans. That have those boxes checked by default so I must use those. You can also see currently I don't have any servers under contractor workstations under contract because I just opened up the screen I just built this location so it's gonna take a little time for all of these values to populate. But once they do everything will show up all have machines under contract then I key and come over here. And just as simply as deciding yes I want to enable work stay since checked that box. Good day I want to patch want to patch servers yes. I checked that box ticked the day I wanna patch. And the automated process will take it from there. Now also when working with ignite noticed that my save button down here is greed out a need to come up to receive additional information. And then. The internal processes and strips and come means in the background it will get everything ready to go. If I open up my mean. Location here you can see I've enabled that I'm not patching workstations are putting them in a service plan I'm only work him with Maine is 24 by seven. And you can see my process I know a completed successfully because I have servers under contract. From here you can see I've turned it on. And I've selected the appropriate patch dates were not gonna get too far into cost some patching at this level were gonna talk about. That role based patching and parked too. But I just wanna make sure you know the process to get everything up and running that's who were talking about at this level. No advance. We and I select the appropriate day here on Monday when I enable patching workstations. I'm gonna get thrown into a group. And if I go to admin templates are automatically gonna get one of these templates assigned for would ever date I've picked at that location. So here I'm enabling patching for workstations. On Monday. Windows update workstations we have each one for each state of the week I am not automatically get this work station Monday assigned. And you can see here is where I'm automatically gonna have windows update set to LabTech mode which means we you're in control. And I'm gonna have the schedule set for my install window where it's gonna be Monday each day of the week is gonna correspond with the install window. But every brew windows says every day but again I'm only gonna get that command during the install process so I'm only getting get that on Monday. Default settings for all the templates are going to be from three to five. For my install window I'm from three to six form I reboot window. That's gonna be status school for all of our templates whatever day you picked the that are gonna get deck corresponding template assigned if you need to adjust the time. Do it here I need to expand that window for whatever to facilitate my Monday patching I can do that if I want to change the day. We're gonna do that at the location so I'm setting for Monday oh nope I don't want to do that hour and a slight Wednesday. The system will reset itself taken out of the Monday group put him in a Wednesday group. And assign the Wednesday template so that's the automated power of ignite. So I'd got my agents. Under contract I get him in the right group I have the template assigned. Oh let's talk a little bit about the patch manager it's and how I go about approving patches. Open up the Pat's manager pats group approval which group go I want to select. By default we recommend the windows updates approve group but because you can see I have the servers and workstations automatically. Under needs. And it's a little easier to see if I go here you can see my windows updates dot approve group. I have my servers and workstations under there salt I use this group. These two were going to inherit whatever I set here so it does to me that ability to use one group so we don't have to balance all over the place to see what's going on FI focus on just that group. As then it keeps it a little easier to maintain. And here I can select all of the different OS is if I want to limited by the different categories that I can kind of filter through and then. I wanna take a look at all my patches that I happen my system and then whenever I want to view I just load the display. And it's gonna give me the total number of patches up in the top right that I happen my system. So if I'm going through an approving patches you know what I don't care about all the patches. I just want the patches that are currently not set or I haven't meted decision on. I go and I load that display and then I dropped from about 6000 to 2500. And you can CD's are the ones that are currently not set so I need to make a decision on what I want to do with cease. Now at this level we recommend to either approve it or ignore it at this level. So they have a determination what we want to do. So if I want to kinda go in order. Oh let's take a look at security updates let me start there so now I'm down to 356. So far want to further filtered down and look for a group of patches that I want to focus on. I can go to you. Of the severity level go too important and one thing I want to point out here is. There's four different severity levels which is critical important moderate and low. You can see I don't have the option of critical here because I don't have any critical patches here that are currently not set soul we approve are critical soy don't have. That filter option because we don't have any critical Wii party taking care of so my next. My next level is important and I can search and now I've loaded. All my windows updates approved all the patches that are not set. They're security updates with an important severity one you can see I'm down to 248. From here I can set. Install patched all patches means I'm gonna load and applied this on whatever Ive currently got in my display. And I click apply and then I can process a big group of patches. But that's. Basic functionality. With in my patch manager begin our documentation walks you through. This on but I want to kind of go through the entire process to get you a little more familiar with how to set ago. Then I need to approve patches aren't that's awesome our right. I'm ready to rock and roll by need anymore information I can look at documentation I can read up on it to give me a little more familiar with navigating around here. So the last part but I kinda wanna talk about while were together here. It is. All right I have a location I've set up patching I've approved patches and I come back and I'm like you know like at this location. I have a couple machines that I just don't want part of this process. I don't want to create entire new location and set everything up for one or two regions I just want to disable patching on one Egypt. While that's easy to do you as you can see in my main location I have that set up. I can come in here. Open my computer management screen. I'm looking in my ignite tab and I'm going to patching and here under my overrides I have a couple different options you can see I've excluded the patch review window. But up here. I have disable automated patch install. What that's gonna do it's gonna flagged this machine it's gonna take it out of that windows updates group that's applying that template and slate eight and what that template assigned to this agent. This gives me ability disable patching. Just at the agent level all the other agents at the location are gonna operate fine I just wanna take this agent Adam that groups is in the ability to mean it's some and a green you'll leery of removing agents without having to creed in new location or it just it that way. Also here right here. Enabling this check box while I mentioned how all my servers and workstations give it. Added automatically to those windows updates dot approved dot servers or workstations. While I can remove those from the approval groups by selecting this box here. And if I have daytime patching turned on I can exclude this specific. Agent from passing during the day and then when we came in here you saw this box was checked to exclude the patch review window. Now by default I said when we get him into windows updates group we apply the template and we have that install window and reap a window working in conjunction with each other. And that's going to be the or maybe I want patching to worker well blood I don't want this to reboot for whatever reason I want to. Habit flag for review pending phenomena handled that individually this is a server maybe I just don't want it to reboot. So I have the ability to check that box and it's just going to disable the reboot I'm still gonna patch according to the time and day that I set in the location. I'm just gonna disable recruits from occurring I don't want that part of the automated process you know what let's go ahead and exclude the reboot window let's turn that portion off and then on the name of the reboots individual. And d.s are mine over its. And so you can see. This is theory basic and that's where we kinda wanna start here with this part one. Were gonna have a couple different parts and organ it continued to expand on what we've learned here. But one to start with the general topics of what we need to get our agents up and running while we need to get them under contract so it's important for everyone out there to know. Guess what we only have four groups that which agents under contract by. Serve server service plans a workstation service plans 24 by seven and by fives of those that the only four. Once I have them under contract I have enabled on boarding I got the service planes assigned the and it is going to that patching tab in the ignite window. And just turning it on picking a day by the power of automation and automatically gets thrown into a group. Applies the appropriate template once I have the template assigned a we just need approved patches. If I need to remove an individual agent from that process I can open up that agent. Go to the ignite tab and select the override that I want to apply and the fact is howl. We set out passing with ignite. For part two of our past manages series but I hope you enjoyed this.

  9. How to Prospect Clients with LabTech Support Webinar

    Fri, 23 Jan 2015

    Hello and welcome to our prospective clients webinar my name is Maurice Perkins and I'll be a technical trainer. Before we get started let's make sure everyone is comfortable with the virtual environment. In the navigation window of your webinar meeting you have the ability to ask questions. We will be silencing all communications during this webinar and using the chat window for primary interaction from the audience. We will be reviewing a few of the questions directly related to this topic at the conclusion of the webinar. Thank you for joining the look at start with the women are. Again today we'll be talking about prospective clients. I'll be explaining to you how you can show a prospective client some of the services you can provide to them and what you're in this peak and offer to a prospective client. What are we prospect a client. We do this to show prospective client some of the services we can provide to them. This is before an agreement has been signed but the client is look for someone to take over their IT needs. Prospect in the client will enable you to gather information about the client environment. Data is gathered and stored in the database so that you can run reports to tell your client about specific machines. Maybe you wanna take over the packaging. However you need to show the client they either patching is not being handled or even though patching is being handled you can automate the process. You can give them an overview of their Pat's health utilizing one of our out of the box reports to give to the client. Software. May be the client has potentially bad software installed on their machines however the client has no easy way to track this. You can show them on the computer management screen or in the software list report they list the potential that software that the call harm in their environment. Additionally. You can also provide in a virus services to the client by showing them machines to have a V missing. These are just some of the ways you can utilize LabTech to prospect the client if potentially win a contract agreement. First you would need to create it location for your prospective client. From the night that you would need a mix make sure that your service plans are set to none. This will give you a prospective client an audit plan. There are three to select from however all three groups are identical. This is just in case Europe respecting more than one client at a time. Second. You'll need to install the agent on a few machines at the client. This will allow you to gather the data to present to you prospective client once you've installed the agent allow 2.4 48 hours for data to be gathered. Once data has been gathered you're ready to present information to your client. Once you gather information for your client you and now ready to make it cased you prospective client as to what services you can provide to them. Also keep in mind we have gathered minimal data. Do not forget to inform your client of different services you can provide such as monitoring network devices printers or the ability to run backups. Maybe you wanna run a script to show the client how you can run a disk clean up or defrag at this. Again these are just a few of of the examples how you can prospect the client. As you can see we have gone into the control center. I've set up my prospective client location. And I filled out as much information about the client's possible. Also put in any notes for your technicians that will be useful for them. Especially to know and understand that this is a prospective client and that they should not be doing any kind of auto remediation. Also. Your deployment and the faults that this is where you're gonna sit at your client specific. Installer. You have your specific group that it's gonna go into you also have your credentials that'll allow you the ability to download and install the agent. You also have your template for your prospective client. This is where you'll want to add your branding. So that the client knows that the program running in tree in the tray icon. This is your program this is LabTech. If you do not have. Our log in credentials here. What you need to make sure is that on your passwords had you have added a user that does have the ability and the permissions to install. You'll or LabTech Egypt. Also under the ignite tab the most important thing that you wanna know here. Is that you must have your server service plan in workstation service plan set to non. This way machines do not accidentally get put into the incorrect group. An auto remediation start happening more scripts to start running in monitors are naval what you want to do is just set these to none. And then set your audit client. Either to 12 with three depending on how many clients you are auditing at a time. Once you have the agent installed on machine. You'll start to see data populated. Such as you're welcome tab. You'll see basic information about this computer such as network information. And also your anti virus information. You can go to your drives tab and you can explain to your client you have drives that are fragment it. We can auto defrag Mitt these drives we can also come in here we can right click and we can just defrag a drive. Just another example of a service that you can provide to them. Also you have your software tab this is where you can see it list of potential bad software. And you can also show the client how you can right click and uninstall software. That should not be are installed on a machine. You also have your services tan. Here you can sort your services and show critical services that should be running but maybe they are stopped. Now let's say for example at your client location you did not set the audit group. On your deployment package to automatically add these machines to the audit playing group. We have an out of the box audit plan search that will actually add the machines to the prospective clients client audit groups. What you need a notice is that the search. Checks to see is there an audit plan. Yes okay the machine can't be under MSP contract because you weren't allowed to actually. Add a service plan to these machines if you did you wouldn't be able to put them into an audit plants so the machine is not under industry contract and also. On the agent's you do not have the exclude in this. Once these parameters are met these machines it and put into the client audit group. As you can see are all modes or inserts shows that the service audit plan audit client one search has been added. And then the limit to search because you only want machines that work. Under this audit plan to be added to this and you do not want any of the machines added to this audit plan. Also you can see the prospective clients template and that is a priority a five again there will not be any other templates added to this. Except for the default template if there in the all agents group. However I recommend creating your packets it automatically going into this group into your prospective clients group. That weight they only get this one template apply. As you can see as we go through here there are no scripts that are being scheduled. All of your internal monitors are disabled. And you can actually enable any of these as needed if they want to know. Up for example a machine that has fragmentation. You can go ahead you can enable these monitors one by one. Add an auto fix action to show your client or maybe you just wanna raise an alert and have the have an email sent to your prospective client. It's really up to you how you want to present this information to your perspective client. Also there are no remote monitors that are going to be applied on it and run against these machines. Take a look at a few reports. Here you can see we have the Pat's health report and as you can see on our test server are health is that 40%. Now this is where you have run the daily health check script. And you let it run. For two or three days on maybe you scheduled that's script maybe you winning each day for the past three days and you ran this manually to show this to your client. So your pet's health report we'll show you patches that are installed in patches that need to be installed on it'll show you. How what percentage of the patches you have installed this is this is very important as you can present this to your client to say hey you're patching is not done. You need to get patching installed weakened automatically do this for you we can set up maintenance window so that you're not being alerted and that this can be done. In off hours. You also have your software list. Your software lists is gonna show you potentially bad software for example I like to pick on Apple because when I was working at another organization. They didn't allow iTunes to be insults so. You can actually run this report. And if iTunes installed a machine you can see their art I need to start monitoring for. I teams to see if it's install and if it gets installed you can auto mediate that with a script or monitor. Here you can see the anti virus health report this is very important you need to have in a virus or your machines. This is something you could present to your client to say hey these machines don't have anti virus. We need anti virus on there are so that you don't. Have vulnerabilities. In your environment. So let's go over what we talked about today. Today we went over how to set up your location and add machines to a prospective client audit group. We talked about how to create a location specific installer and how to add machines directly to the audit plain group. We talked about the information that would be populated on the machine that will be valuable to present to a client. We talked about the welcome tab. We talked about how that information is populated we talked about how it yourself software tan on and how your services tab will be populated. We also talked about what is actually in the audit playing groups and how there aren't any monitors or scripts that will be auto apply. However you can schedule scripts. And enable monitors to have alert emailed to you or your prospective clients to shield them the values that you can offer. We also talked about asserts that looks for machines that have an audit plan selected. This is in case you created your location specific installer to add the missed seems to all your agents. Bob by the fall instead of the audit plan so typically when you install the agent you should have deployment packages that are set. To send all your agents to the all agent group. However when you have a prospective client you want to create a specific installer to only add them to the audit playing groups. The reason why is because again you are just prospecting this clients you don't want any kind of auto remediation. To automatically happen. So in our audit playing groups we do not pass the wooded I have script scheduled we do not have any monitors enabled. This is so that you can go through in naval monitors are schedule scripts to have this stuff run against these machines. On an as needed basis for that client. That way you can show them reports are anything else that you can do that autumn re media. Close that agreement. Lastly we talked about a few reports that will be helpful armed to show your prospective clients some of the services you can provide to them. We talked about the packs health report and how you know if you have low health low Pat's health. Maybe they are doing their own patching. Maybe they're doing them where they're just staying Italy and manually installing patches. You can show them how. This pet's health report we'll show. Critical patches or any other patches that need to be installed but haven't been installed and how you could do this automatically. We also talked about the software list report that you can sent to them to say hey your users are installing iTunes. We do not allow iTunes to be installed. Therefore we need to set up and monitor or script and go ahead and have iTunes removed from these machines set them to own a blacklist so that. ITunes does not installed again and if it does it can be alt over mediated in removed immediately. I hope this is bit of former informative for you and I would like to thank you for joining us today again I am Maurice Perkins have a great day.

  10. Best Practices for Templates and Groups Support Webinar

    Tue, 13 Jan 2015

    Welcome this week's webinar and my name is in times in teaching will be your trainer today. For the best practice. On templates in groups. So we're gonna first start talking about Roberts. Let's look at it over. Groups are the vehicle that deliver your services. They manage and maintain a while flat text features inherited by it's automatically doing group members. A purpose. Considering groups or the back. Of your configuration. Improper management of those groups can lead to an efficient. Confusing web containers. However by managing groups and organize and scalable way you reduce complexity. And provide other indirect benefits such as reduce review time and reduced new employee training time. So we talk about groups groups are an easy way to organizing maintained in need to your clients. This is also. A good part or we can stop impulse. When we go to a client. And we gain that clients' confidence and business and we tell them yes we can deliver this SLA agreements adds we said we can't. We are deliberately lean on these groups. And LabTech to produce that. Services is that it says. This is the vehicle to deliver the services to decline so it's important that we understand how groups work. They can. Basically have a whole bunch of things configurations. Manage services monitors. All delivered through groups scheduled scripts. There's no sense and manually having a technician over and over because these are these machines are at a particular group to assign this piece of software. They don't need to manually do that we can go to the group schedule. The scheduled to have. Dough and select script it's automatic and hopefully the software to that group and we know it's gonna be consistent and predictable. Patches can also be viewed at group level. Any customization we may want to make. Now it does belong to multiple groups players. No way that you can avoid this and don't let this computer get you confused. If you take it out and out there what is the one group that all leave it's a part of regardless whether we place on there not. That would be the all agents group. So if I go into LabTech. And I go under groups. We have an all Egypt's group. All the computers that belongs here LabTech system. Apart it is group. That's just the default way we we yeah we set it up through lab tech. So be aware that if there something I wanna deliver to all my agents and LabTech a certain software. I can come up to schedule scripts. I can find that software. Under my script drop down. Fine whatever script the leaders that software. And I can apply here. So one that I want to keep mine is make use of these built in groups. A lot of times when we do love in house training and I see people come to the door in the AD due a lot of behind the scenes that tree to room groups that sometimes even pre two room service plans. And many do a lot of work that has already been done for them in the product they wouldn't know the flow of the product. To just keep in mind goes through here what is already made out forming. It. So say and it has belong in the war of one group you can also see on the computer management screen. The effect the policy tab will show you what groups. This machine is a member up. And you can look at that way. Howell does it know. How does the group know what machines to be part actor well this is all comes together with all searches. So as you can see here. We have the older doing search computer types all computers to see just like are all agents group that's what it is so it means any machine. I don't care if your laptop desktop server whatever you are you're getting industry. Why do we use all are doing searches. Because we don't want to try to drag and drop hundreds of computers are actually thousands of computers that successful. We have to have an automatic way and a method to produce. This consists. So we use and for predictable results. Consistent policy. Remember that groups of rebuild every thirty minutes so this all or join search. On every group will look at this and say okay what do you ask me to put in here and that will rebuild every thirty minutes any machines that have. Not already been pulled in the district fit this criteria. Will be part of his career. You can also right click on the computer from the navigation tree and select edit groups when you do that you're gonna see a list of groups. That this machine as part. And a machete that live in the product. So I just go to any computer. File machine. Right click edit group and now I can see all the groups that this machine is part. Now I could select one. And say add to this group but and a half an hour. What is this all order joined for this particular group does not fit. This computers cracked year that I am selecting. And a half an arched an injected anyway. So keep that in mind if you were to use this. Now a group itself let's go into a group take a look somewhat open up. My test group which article Tampa. We're gonna just take a second and go through group. Obviously we Neiman intuitive so this must does group pertains to any geographical area such as can't. The ought to join search here says computer types and we're only allowing laptop computers to join this. Now we come over here to this massacre check box. This is basically legacy. Before we had priority is associated with templates we are using the master group box to allow one group to override it not. I don't wanna confuse anybody out there and a what I want you to pay attention to every time you create a group. It should always look like this. We call this the blue blocker at the pre how massacre. And that just means keep this group static. There's three different spots. There's clear which is dormant. Which if another group had this checkbox. In the met the same always searched it would remove. The clear one it would take the computers out of the clear one and put it into the check box. But since we follow the best practices that. Earning here today and we leave home. This way grade out. Then you're not gonna have any issues with these boxes stealing computers. Out of groups. So the reason why bring this up and I do and all my classes. So that you understand troubleshooting steps here if I created a new group. And unfortunately and you right clicking create a new group it does not automatically greatest pops up so the first thing you wanna do when you created new groups his name and intuitively. And check this box or degrade out. And that's all you need to know. With the master group talks. We have our templates and template priorities. We're gonna review templates by itself in just a moment. I just keep in mind the priority. In this situation to lower priority number trumps the higher prior. So meaning if I had a one here. One has more presidents. In this number eighty. One tea tree 4567. All of that has more. Authority than what I have it set at. Use the Black Friday analogy here us in the states and crazy about shopping thing. So if there's Black Friday and you spent the night on the curve on Thursday morning and you're the first wanted to lower your number one in line. Your gonna get the big screen TV for each person that walks in that. They may RD Beagle. So keep that helps me remember the priority level account works. Can. And then we have linking. On we're not gonna be using linking very often because you can't link it group to a particular client. Gets what. We have the all clients are. So when I select this you can see that these groups which represented my clients. Are deliberately. Look like clients they have the scene. Com. Basic little tool is if I come on their clients. Okay so I come back here and I click on one. That brings me directly to the client screen. That'll help me when I'm trying to do something with the group pertaining to neckline so there's two ways to get to the group you can hold down the shift key and double click. Now you're at the group for acne. Or you can simply right click and select edit group. And that beauty to the scene format so you can make any edits to groups that you need to. So keep this in mind any time you wanna apply a certain piece of software. Only to this specific client you do it raid here under the all Klein's group. You don't have to create a new group and pop that link that client. You just use what's already in the system forward. Okay moving on. Its merits. Little refresher out there what do you mean it's there's do towards. They allow us to suppress alerts. And were scripts what I mean by that is that say this Tampa group. I got a call from the physical site and they said look my whole. My whole clients Helen now T ones are going to be. A shuttle for a period time and I just on the makes you aware well if this group obviously is part of that client and I could do this on the client to. I could come down here and set I mean it's. Let's just say it's gonna be on Friday so I'll select Friday which is already built force. And then they know what it's actually Dylan I can click edit. Okay. So from 8 AM for sixty minutes. It's gonna suppress everything Booth alerts and scripts. Rate now I want you to be careful some people will on the highlight this and highly boot scripts and alerts like this and say save. This will cancel out the maintenance. That's why we have the everything. Okay so you cannot highlight both of these in expect this to work you can alt you can select alerts. You can select script individually or if you want on both to be suppressed everything that's what it's therefore it's C. It. The other parts permissions. Permissions for each group. Only live within that. So if I come here to Tampa and I select the LT ad men and I say you can do all this stuff. If I open up another group any other group and I select LT admin and I checked other boxes. And I hit save. That's only gonna apply that change to that specific group. Think about it wouldn't be scalable product would be scalable we could put different permissions at each different group if need be. Saying you have to do that I'm just saying you can't so this is another way we deliver our services to our client I can come in here and say that it can't the group. I made it very clear to this individual. That I will never let anyone. Let's see. And Al registry editor. I will never allow registry editors and but it makes any changes to the registry so make sure all his machines are put into this group with ought to join. And then I'm going to make sure the LT at humans do not. Have the privilege to edit the registry and I it's. Now Malcolm Mac in and open that up. A logo back here and you can see how it see this setting if I were to try to open up the registry on machines. That a part of this can't the group it would say sorry you you cannot do that the group permissions on the house I'll. Okay. So the other thing we want to talk about is the only joint searches these things are very powerful. We're gonna concentrate just on groups today the let me give you a scenario if I wanted to fines. Any machines that had a bios version version six point whenever. Across the fouls and agents. Act created custom search. Which I would do under searches here. Once I created and saved it that search would be available on their searches. And then what I can do it second opened up a group create a new group whatever works for me. I could find the search it I just create it. Select it and hit run now. Way to half an hour dizzy refresh. And then it's gonna look for any machines. That have that biased version. It's gonna be thrown into a group. I can go over to the schedule scripts that I can find the script that's a flash that buyouts for me and upgrade it. Whatever that would be I hit save and look at that. Just showing you how powerful the older doing searches can be. I can literally find fifty machines within 2000 they have a certain Botsford. And assigned software to flash upgraded. I can do that wants a comfortable on their thirty minutes flat. Now here. I wanna try to explain something the limit to search first of all anything that has this checkbox you're gonna be able to tell. Despite eyeballing groups here because when you look at your group's. You can see how he all ages doesn't have one. Any other one has this little by knocking their icons. Mean that when when you open it up it's using them to search. Because he always entered is not filtered the only just you're says hey all computer types any computers can come in here. But my tip the group says specifically. Laptop computers. So now let me explain how you can use this for your benefit. Let's say. That I have this set first. To all computers. So it's there with mean computer types. I'm an it do all computers. Now I have all computers checked the limit to is really not gonna matter at this point because it's gonna take all the machines regardless so the reason attack. So I don't have a check I hit run now what's gonna happen. Look out all my machines LabTech so you guys all it is cry tears and dolphin in the Tampa Tuesday it would the only difference. Now I'm gonna explain how limits you. Could work if I go and I select like I had before it this check box. Before I do that I just come down here in new computer types laptop computers and check. It Ron now all right we have now. What is it gonna do it's go to Peru and every machine out of that group that does not fit. Laptop. Some areas. So it's gonna say desktops servers you're out here I'm only looking for laptops. It can be very beneficial and lot of people notices in the product so what I mean by that is. If I go in and I had it backed all computer types. Some amiga back here. I region we had all computers. And it. Like come in so it pooled in all the computers. Into this. And then you know what there's an animal figures by using assessment theaters and I had all the machines in here. But going forward a legal and forward. Ly one. Laptop computers to join it's just for whatever. So I did have desktops servers laptops all of them in here. But from today going forward I only want new laptops two desktops so if I come in here and I do this. Is negated before. Oh only computers that are mapped out and I do not check this box. And a half an hour what do you think's gonna it's not gonna reject. Anything that was and it prior. Because I don't have the limits you to it's gonna keep all the old desktop sensors. In any laptops and prior and now it ski and only looking for new that talks to join. This can be beneficial in situations where. You have a again you have a group it has a bunch of machines. And you want to make sure because the old or older machines need this third party product that your delivery. Charts. At some third party software. And then going forward you're saying you know what I only wanna delivered as software it to laptop machines not gonna go forward with a desktop answers at this like this. And at that so there there's a good way for me to explain. How that work. Okay so then it's huge is basically says you're gonna only poet exactly what's here. And then if I uncheck the limit to it's only good of all where and when it sees here but if there's anything else that's already in this group. It's gonna allow the stack. So you use that it's a bit of a shortcut for a lot of people that are looking to gain that leverage. Schedule scripts just like we talked about. Is where I schedule scripts so here I have set his master. I'm gonna say. Any machines I put in this camp or group I wanna set as a master computer. What does that mean. Reviewed again that means as opposed to checking in every five minutes you're gonna check in every thirty sects. Ike internal my internal monitors here. Absolutely we are return on our internal monitors and set dealer templates I can look at any remote monitors that are being applied. Esther. I can also view my patches. Now we always. Install it's set ignore and so on our patches to patch manager but we can always come down here to the group level C its its place. Under info would be in the Yorkshire data fields and are status gauges. As cubism visual about what's going on within this group. I missing patches failed patches and so. Now let's turn our attention to templates. That's a templates apply agent configuration settings including those for windows updates. Agent brandy remote access policies. Eighty policies just to name a few things that templates can view it. They are assigned to agents doing agent deployment. Or by LabTech update configuration can keep in mind priorities applied on the group determined resolving configurations. That's the priority number that we just explain. So LabTech and does allow you to stander lies that heater a group of agents based on criteria that five. So temperature used to apply rules and behaviors agent's been longing to the group adds a very clear. And created definition of what templates do. They can set inventory schedules. Branding. Cashing. Patch install on reboot when there's. We talked about the priorities are used to set the order of how groups are applied to agents. A list lives so one will take presidents before night. Make sure you understand that gonna go back and take a look at rate now. So if I go into a group any group. And the way LA to explain means is by using only transcript because if I said to you guys out there. You want to make sure. That all the machines and join your LabTech environment always have the standard Brandi the always check in that this certain server they always do this that you know. So if that's true. You want to apply the consistent changes across the board. All legions group because remember I said doesn't matter like they're not on your computer and deletes. And you wanna go in and selected default template that would applies to the allegiance group like he fall out of the box. And look at the priority of ten. So you just said. Which is told me Anton that you know. Ten is not an area for you said one would take precedence and that's correct. Because what we do is we fit everything into this that we want to be consistent across the board. And that way if I choose on the tee up a group. Attic different template. To make a modification. Today machines that belong to that group and I put an. Each supersedes and that means if you're and his group you're gonna pay attention when I set the template but if you're not and is grouped. You're probably gonna go ahead and just get what's delivered but at the fall template which is in the oil leaked. So let's take a quick look with in the templates. The first thing we see is server address. Okay you can have up to five different addresses separated by just like some. Now why would I have to fully qualified domain name and an IP address. That would vehicles I don't wanna. Have DNS bring all my age install. So to fully qualified domain names down because the announced they're heading use the IP address. Okay what's the next I team may be that's a secondary line at 91 went out which is my first two weeks. Now I have my backup files. He rules raid server and it still checks and that. And editorial use schedule. This is the concept sane when you send the event logs do whatever it says here's schedule. And if it says not set it still doing something so let me show you one it's easier to recognize I say I have it set for desktop. A bit of information. Every day success TA in repeats every four hours. So at tech is basically a database. In the only way that that database is updated periodically. It's through this schedule. Or if you Mattingly San. A command it. But this is what feeds lap this is a very important concept or product. So you can see update configuration hardware. Disk processor. Software all this information is sent. Needs intervals if these generals do not work for you. She guessed that you can create your new one name it whatever you want set whatever schedule you'll. Folders in cash. This is something that we went through in other. Webinars basically this is for cashing he tie this into your location information. And you can have all year. Patches cashed that say your server down its cache locally added location. And then delivered via with and the location opposed to each machine now. Eighty I want everyone I have my little art guy that's the room we use so I'm gonna load that that's what everybody's gonna see across the board. Our access modes basically tell us how to behave when we go to access a computer. So when I go to access this computer. Registry it's gonna allow me to a raid away I could say. Asked that allow which means it'll ask at the end user have a box for ninety seconds they can access your registry. Ninety seconds go by he doesn't answer I saved and allow allow me to do. I could say ask the user for registry and then say the nine. So in a more tight knit type of environment its status does prohibit compliant consumer financial institutes in institutions. Again I'm delivery in my services from like group the template as part of the group. And I tell that person no worry. Any time I wanna access your registry for any information file explorer I'm gonna say yes and I'm gonna ask them if it's okay. If they're not there are unwilling to answer me I'm not do it. And that's how we need a lot of these. Standards need to take place saudis access messages tie in the us so like AD access message and I say okay. When I restore restart or log off your computer. I'm gonna send this message cannot read you your computer pretty please with sugar on top. And of course there's and now and then they ask well let's like and in reviews and our service tickets the rest of this you can take your time going through. Just won the gets a little familiar with that now the flow is what I want you don't. So I'm at the default template. And I told it to do generic disk that the other thing because that's what I filled out and has very low priority. I'm gonna go in the mightier. And I created a new template called class locked down and I gave it slightly more important. Number eight he is lowered and and so it's has more authority. Now if I click on the list. And I were to change anything here. It would over right what is being done it all agents group default. He would over write so if for some reason let's just say brain. There I have the little ignite fire head guy it's his concentrate on the very simple if I were to select this. I hit OK and you see that this has an. So any machines any laptop computers that are part of this group. And automatically get that little icon in the tray. Oppose. To this. Because it has a ten. And we normally give on the art ran. And I she wears some partners will use this just isn't that a fire they say you know what I do like tree other. Groups or I go to my managed 24 by seven group. And I'll go in the template get a slightly lower priority than the all agents I'll trough the default template. And I'll put a different icon and I always tell my technicians. If you ever see this red dot in the tray icon take as long as you need to make sure there are a close partners or a plus clients and we wanna make your regular higher standard. K they bought the maximum they ball or whatever your service on highest service agreement atlas. That's a very easy way to understand how templates and priorities work. So templates are tied to groups. Manually using update config command. There's only two ways that updates the templates are going to get pushed back down. Tutor group so I want everyone to be comfortable and everyone on machines. Now the other the wait is gonna happen automatically if I hit. Edit the seams can all on this group remember I told you I go schedule. Even if it says not set. This first one update configurations sent everyday at 2 o'clock and not repeat. This means if you're using the not set schedule which is actually a schedule it's in the product. Everything is sent at 2 o'clock. So if I made a change to my template and I told to use this different brandy if onset on the schedule and I don't do anything manual. It's not gonna take to change until 2 AM that that. So. That's said. There's another way to push updates to templates. Down to the computers and that is to do a right click. Commands updated so if I go out here. I find that complete it's a it's Tampa I can right click. Commands. Inventory. Up they can take or Reese and everything is also Europe but pay attention to the deacons. Yup they could say has now sent. Commands to every machine that's in that group and says hey someone made a change the template you need to grab it program now. I would feel more comfortable best practices always when you make a change your template right click on the group commands inventory update music. Now you know your machines again and automatically. You're not dependent on any schedule time. If you forget like we said it only happens to a and you may be two in the afternoon on what's going wrong optics are now it's working it's waits it. You gotta remember to do that manual. Up to. And that's what they're illustrating here. You can. Have this happen at the entire client level location. Group right click just on a computer do it to make sure they're comfortable. With that. Or before I ask you guys for any questions at the end that's a little review see what's on and here. Blanks are used to separate your clients to more manageable areas. Guessed it. That would be groups. These eight in the configuration or use to apply rules and behaviors agents. Templates. End tablets dubbed blank tab allows controls to be set around how critical functions are utilized to access the workstations servers and laptops. This type of functionality can be utilized in environments that required additional layer of security such as health care or financial institutions. That was our. Axis buttons. What type of group can remove members from other groups. And we said the master. The world we gotta remember that all groups in that tech today should be great now we have that issue. Thank you.

News Feed

Failed to load the news items.
Click here to retry.
Still not working?
Click here to report it.