Dell’s KACE FAQ
What is KACE?
KACE K1000 Management Appliance (or KBOX for short) by Dell/KACE® (now Quest) is a hardware and software inventory management tool employed campus-wide at UMass Boston, primarily to automate and expedite the process of software updates.
More information on this appliance can be found from the KACE website.
Why is IT using KACE?
KACE provides numerous benefits such as an automated and expedited process of software updates, license management, software management/distribution, inventory management, remote support, and better security.
- Inventory – Automatically collect system information about desktop and notebook computers (not user data).
- Software Distribution – Remotely install software on included machines, with or without the owner’s interaction.
- OS and Software Patching – push patches for computer operating systems, such as Windows 7 & 8; Mac OS X 10.7 and above, and major applications such as Mozilla Firefox, the Adobe Flash Plugin, and Java.
- Reporting – Consolidate, analyze, and sort any information gathered on included machines, as well as any manually tracked information.
- Scripting – Push scripts to any included machines, regardless of OS, and view ‘immediate’ results.
What benefits will I see as an end user?
Users will experience faster technical support from IT, more efficient and automated patch management via KACE, better remote IT support, and fewer OS support-related issues.
IT technical support will be able to diagnose your computer issues and fix the problem more quickly and easily based on the data collected from the computer via a web-based console.
What type of data does the KACE client collect from my computer?
The KACE agent collects information that is accessible through Windows’ Windows Management Instrumentation (WMI) or Mac’s System Profiler. The following is a partial list of information collected from university-owned computers with the KACE Agent installed.
- Computer hardware inventory
- Make, model, serial/service tag number
- Physical specifications such as CPU, RAM memory, hard disk size
- Network configuration such as Ethernet MAC address, IP address
- Computer software inventory
- Operating system version and patch level
- Installed programs and versions as listed in ‘Add/Remove Programs’
- Software license compliance (i.e. metering for per-seat and concurrent-use license agreements)
- Computer security inventory
- Last logged on user
- Security patches applied/missing
- Change management information (i.e. dates/times when hardware/software changes were reported by the KACE client).
Who will see the data and where is it stored?
The data will be seen by the authorized IT KACE administers and reports with aggregated data will be periodically present to IT senior management for review and actions.
The data is stored on a secure database within the Dell KACE K1000 appliance on university premises and only authorized personnel will be able access the asset database.
Can KACE or the KACE administrator see the name of my files or the contents?
- No, KACE and its administrators cannot see your files.
Does my computer have KACE agent Installed?
- PC: If your computer has KACE installed, you will find a Dell/KACE label on the DVD drive panel
- Mac: If your computer has KACE installed, you will find a Dell/KACE label on the back of the monitor.
- Linux: IT is not currently supporting this operating system.
The KBOX client is NOT licensed for use on personally-owned computers. IT currently installs KACE on both laptop and desktop computers used by faculty and staff.
Under what circumstances could my computer lose its KACE connection?
- The KACE connection will always be on when the computer is in use by an user (i.e. with user keyboard interaction and mouse movement)
- The KACE connection stays on when the screen saver has been turned on
- The KACE connection will be disconnected when the computer is in sleep mode.
Will I notice the KACE agent running on my machine?
No, the agent does not use much CPU resources and runs in the background. Users will not notice any performance issues as the agent scan runs in the background and the scan is not intrusive to the end user. You will only notice KACE when it asks your permission to make changes to your computer.
What happens when the KACE administrator pushes out software to my computer?
If the KACE administrator pushes out software to your computer, you will see a KACE dialog box similar to the one shown below (with the UMass Boston logo) appearing at the lower right hand corner of your screen. Depending on the nature of the software, users may be given the option to delay (snooze) the installation. However, users will certainly be given the option when s/he would like to reboot the computer (if needed).
What happen when KACE pushes out security or application patches to my computer?
The KACE agent will periodically notify you when critical operating system or application updates / patches are needed and alert you before downloading and installing those updates
When KACE pushes out security patching to your computer and rebooting is required to complete the process, users will have the option to snooze the reboot up to 30 times. After that, a KACE system dialog box (similar to the one below) will immediately appear. Do not hit the OK button (this is the only button in the box) until you are ready to reboot. This box will stay on for 1440 minutes (1 day) and your computer will be rebooted in 1 day automatically. These setting are to accommodate the extreme scenario that a user may leave the computer on unattended (but with KACE connection) for as long as 60 consecutive days. Therefore, DO NOT leave your computer on unattended or over 60 consecutive days, with the computer in the "Do Not Sleep" mode. If so, this computer will be rebooted automatically if KACE has applied patches on it.
Below are this dialog box set parameters:
- Time-out interval: 1440 minutes (1 day)
- Number of re-prompts: 30
- Re-prompt interval: 1440 minutes (1 day)
Will KACE scan any storage connected to the computer (flash drives or hard disks)?
The K1000 will report in Computer Inventory the presence of all drives attached to a computer, but only during the scheduled inventory scan. (Default is every 2 hours.)
Which type of operating systems are supported by KACE?
- Windows (32 or 64 bits)
- Mac OSX 10.5 – 10.9
- Linux (currently not support by IT)
Can I still apply patches myself?
Yes. The KACE client does not prevent you from applying patches yourself. However, if you do not apply these updates prior to receiving a KACE Alert, KACE will download and install the update for you.
Will KACE security patches upgrade my applications to new versions?
No. Security updates and application upgrades are separate processes. For example, KACE may apply a security update to your Microsoft Internet Explorer (IE) browser to take you from version 10.0 to 10.1 – or upgrade Adobe Acrobat Professional from version 220.127.116.11 to 18.104.22.168; but it will not automatically upgrade you from major versions – IE 10 to IE 11 or Acrobat 8.x to 10.x. NOTE: In cases where a major application upgrade is needed – e.g. to address major security issues or to support institutional application compatibility – a separate campus upgrade notification will be sent.
What If I have mission-critical applications which are sensitive to patch updates?
The KACE Management system provides a great deal of flexibility and does not force us to use a ‘one-size-fits-all’ approach. If you have mission-critical applications (for the institution, department, or yourself) which you believe will not respond well to an automatic update process, please contact the IT Desktop Team through IT Service Desk and open a support request. The Desktop Team will work with you to either a) address the application sensitivity, or b) provide a ‘smart label’ which will include your computer in a patch exception group.
(Last updated July 2014)