February 2018 Update includes Supervised mode for iOS

Please check out What's New in KACE Cloud MDM (Mobile Device Manager).  This release provides administrators with the ability to carry out Supervised Mode commands on iOS devices, such as enabling and disabling lost mode, device location, and the ability to check for OS updates.  Also,  KACE Cloud MDM is introducing a new set of icons that can be found throughout the navigation and device management screens, and enhanced filtering for company-owned devices.
Be the first to comment

ITNinja Update 2/28/18

Hello Ninjas!

We are going to be scheduling a release that will hopefully clear up a few minor issues that have been occurring this week on the site. I appreciate those of you that have provided feedback. As always if you are encountering an issue don't hesitate to reach out through our contact us page.

Have a great day!
Be the first to comment

Local Admin Password control!

Guys -

I use LAPS, deployed using KACE and a GPO to set it up.

LAPS is from Microsoft - Local Administrator Password Solution - works awesome!  Shame more people don't know about it!

Will cycle passwords too based on a schedule defined in you no longer need to manage anything!  All passwords are random so no two machine have same local admin password.

Passwords are stored in the AD computer object - with a GUI to retrieve them when needed. 
Check it out!
Be the first to comment

Meet the new PACE Suite 4.5, application packaging and virtualization tool

We have just released our new PACE Suite 4.5 and we can't wait to tell you all about it! Read the full announcement. Meanwhile, here are the highlights of our new release:

  • New "Add Driver" Wizard and Drivers tab. You can now add and manage Device Drivers.
  • “Add Custom Action” Wizard. Our smart Wizard guides PACE Suite users through the creation of custom actions, dramatically speeding up the whole process and helping to ensure the custom action will work.
  • Completely redesigned Custom Actions tab. The redesigned tab provides a wide variety of information and makes it easier to manage custom and standard actions.

Your feedback or feature suggestions are most welcome!

Be the first to comment

Creating Complex Boolean LDAP Filters

I'm writing this post because I haven't seen this discussed in ITNinja and it's therapeutic for me to write about the trauma I just experienced getting this filter to execute correctly.

To say our AD is convoluted would be a mild understatement.  As such, it's very difficult to keep unwanted objects like service accounts out of our Kace user population.  Recently we added a new Kace Organization so our legal department could have a service desk.  Their user population is a small subset of the company, so I wanted to restrict which objects LDAP pulls in without forcing my service desk to manually maintain the user list.

The criteria included managers in two specific departments in two geographies, managers in a third department in one geography, all members of the legal department, and one individual who could not otherwise be filtered.

I used a series of nested Ors and Ands to make this work.

Here's how it works conceptually

If this is true (samaccountName={USERID of the individual}) 
or if this is true ( and both the following are true (samaccountname=KBOX_USER)(memberOf=CN=Dept_Legal,CN=Groups,OU=Legal,DC=our_co,DC=com)) {Anyone in the Legal Dept Security Group}
or If this is true ( and both the following are true (samaccountName=KBOX_USER)(memberOf=CN=Dept_Marketing,CN=Groups,OU=Marketing,DC=our_co,DC=com)
    (and any of the following is also true (description=*Manager*)(description=*VP*)(description=*Director*)))

Here's the actual syntax minus the specifics for our domain.

And = &
Or = |


The actual filter is a bit more complex than this, but this shows all the variations that I used.  

If you have line breaks in the code or haven't nested your parenthetical statements correctly, your filter will fail.  For this reason, I use an advanced text editor (Notepad++, in my case) to help me ensure that all my parentheses are matched up.

I also recommend using ADUC or Windows Directory Service tools like DSQuery OU and DSQuery Group to ensure that you are copying the DN's correctly.


NOTE (Updated 2/21/2018):

I had to open a ticket with Quest.  While my filter pulled in all the users I need, they could not authenticate.  As stated above, my filter was more complex than what is shown here, so you might be able to get this to work with a simpler filter, but the short version is that Kace's implementation of LDAP will import the users but won't work for actually signing in (at least at my level of complexity).  I ended up creating a security group to pull in only the users I need, which is unfortunate because that solution is static; the solution above is dynamic.
Be the first to comment
Showing 11 - 15 of 3171 results