/build/static/layout/Breadcrumb_cap_w.png

Blogs

File Sharing & Nick the Ninja Wallpaper

Did you know you can share files through our communities? Just login, join a community (K1000, K2000, MDM, etc) and share what you've got with others.

Our amazing marketing team has come up with some Ninja desktop wallpaper you can download and enjoy - just visit the K1000 Community downloads page and grab what size you want.

Be the first to comment

KACE Cloud MDM - iOS Enrollment

Here is a brief updated video that covers the iOS enrollment process (includes 12.2): iOS Enrollment

Be the first to comment

ITNinja Announcement: 4/3/2019 Update

Hello Ninjas!  This month we have released another change to the moderation tools.  

Moderators can now "Feature" certain types of content (Blog Posts / Questions / Links).  Featured posts will show up on the home page and on any community page when tagged for that community.  Our moderation page has changed a bit as well which should make moderating new users a bit easier.  

Lastly, there was a bug for uploading profile pictures - this has been fixed. As always, reach out with any questions or concerns!


Be the first to comment

Import your KACE Devices to ServiceNow - See our Integration in Action!

Check out our short video that walks you though the steps of our KACE/ServiceNow integration, showing how we can help you import your Inventory information into ServiceNow to create not only basic CI records but also information that is useful to your service desk such as installed software and linked user information.


Now you can have the best of both worlds, Worldclass Unified Endpoint Management and Worldclass Service Management!!


ServiceNow/ KACE integration appliance

For more Information click here or download a demo appliance here


Other Indigo Mountain Products and Services

BarKode for KACE - Enabling effective Asset Management Best Practice

For more information about BarKode click here or download a demo appliance here


DASHboard for KACE - Your Metrics, Your Way, Your DASHboard

For more information about DASHboard  click here


KACE Benchmark Survey

For the SMA version click here, for the SD Version click here


Be the first to comment

KACE SMA | Bitlocker

03/29/2019 added some modifications. Thanks to Andrew Lubchansky for helping me creating this.


Hi all,

 

It’s a long time since I have posted a blog here. Today I want to share with you my KITLOCKER (KACE & Bitlocker ;) ) stuff. In this article you can download several individual KACE-packages. You can download all of them here:  DOWNLOAD

If you need assistance in importing these files to your KACE SMA feel free to contact your local partner, your local sales rep or have a look to this KB article: https://support.quest.com/kace-systems-management-appliance/kb/116949/how-to-import-and-export-resources

 

First: These scripts are Win10 only and tested with x64 1809 Pro and Ent. Also, you need to have an TPM Module in your devices which needs to be activated and the OS needs to be the owner (default in Win10)! You can double check this in your KACE SMA device inventory:

bitlocker_00.png

 

My scenario is that Win10 devices should use Bitlocker with Aes256 bit to secure the hard disk. The disk should be automatically unlocked by TPM during boot (no password needed). If something went wrong or the hardware has changed there should be a recovery key which can be entered. This key should be stored in KACE SMA and not in AD. Also, there should be no GPO involved.

 

The Bitlocker information in your device inventory should look like this if there is currently nothing set up on your device:

bitlocker_01.png

 

To start we should first create a smart label which groups all devices where a TPM module is ready for the use with Bitlocker and no encryption technology is used. You can download the ready to use KACE-package here: DOWNLOAD

 

TPM Based Bitlocker Ready

bitlocker_02.png


Of course, you could add a filter like “OS Name” contains “Windows 10” (or any other filter which matches your environment) to make sure that only your clients will get Bitlocker enabled.

 

KACE SMA will now put all the devices where we can enable Bitlocker into this Label. There is a simple PowerShell command which will enable Bitlocker and start the encryption. Also it will add a recovery password as a key protector which will be needed in case of hardware changes. You can run this by a daily schedule and all devices which already have Bitlocker enabled will not be affected if you use the “TPM Based Bitlocker Ready” smart label which I have shown above. You can download a ready to use KACE-Script here: DOWNLOAD

 

[TW] Bitlocker enable TPM  & Password

Enable-BitLocker -MountPoint $env:SystemDrive -EncryptionMethod Aes256 -TpmProtector -SkipHardwareTest
sleep -Seconds 15
Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector

This will start the encryption process of the C: drive. The user can’t abort it and it will also survive reboots.

bitlocker_03.png

 

You can also check the actual state in your KACE SMA device inventory:


 

If the encryption has been completed by the device, it will automatically fall out of the “TPM Based Bitlocker Ready” smart label. Now we have a secured hard disk which will be automatically unlocked during the bootup by the TPM module. Now we need a custom inventory to store all the key protector information’s in our SMA device inventory. This can be done with a simple custom inventory rule. You can download the ready to use KACE-package here: DOWNLOAD

 

Inventory: Bitlocker Recovery

Get-BitLockerVolume).KeyProtector


Good to know is that devices which need the recovery key will display a screen where users can see the ID of the numerical password. If they call your helpdesk team and don’t know which computer it is they can give you the ID and you can search for it in your KACE SMA device inventory or build a report for that.


 bitlocker_08.png

 

If you want to be sure that clients will always have a recovery password as a key protector you can additionally create a smart label. This will check the right key protectors after every inventory of the device. This could be used for running a script which will then add a recovery password as a key protector. This could be useful if admins change configurations local on the endpoints. The smart label can be downloaded here: DOWNLOAD


Bitlocker missing Protector


All clients which fall into this label can then run the following KACE script on a daily schedule. You can download the script here: DOWNLOAD


[TW] Bitlocker add protector

Add-BitLockerKeyProtector -MountPoint $env:SystemDrive -RecoveryPasswordProtector


This is the basic setup you can use to manage your hard disk encryption for your endpoints. You can think about creating notification which will alert you if a device has Bitlocker missing or a wrong configuration. I hope that this article helps you, creating your own KITLOCKER strategy. If there is anything unclear feel free to use the comment section.

 

Kind Regards

Timo

 

View comments (1)
Showing 1 - 5 of 3263 results

Talk About Software

Share