SMA (K1000)

Please tell us how you’d like to see the Systems Management Appliance product improved!

How can we improve the SMA (K1000)?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sub-Administrator Level Roles

    Allow for a role that has access only to certain machines and the ability only to create and modify their SW distributions, but have access to shared distributions. An alternative would be allowing more than one organization to share software distributions and other resources

    378 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      39 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    • Read/ Write API Access to all Modules

      I would like the ability to create a user that has write access to just the Asset tables of the K1000.
      This would then give us the opportunity to write a mobile App that would let us scan an asset tag barcode and display the info on the screen and if the details for that asset eg: location, owner etc were not correct they could be altered on the spot without having to write down lists or carry a laptop around.

      175 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        17 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
      • Multi-Factor Authentication

        We need the option to authenticate users again a RADIUS server for Two-Factor authentication.

        91 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          8 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
          under review  ·  Michal SimekMichal Simek responded

          We have seen increased demand for 2FA. If this is something you too would like to see offered, please vote up this suggestion.

        • Granting Permissions

          Current permissions on the adminui side are too simplistic, they give too much control. I have helpdesk staff that need the ability to launch Scripts, manage Computer Inventory, and add/edit things in Assets. We are a smaller IT shop, which is the reason our staff has more than tickets to do.

          I'll use the Assets tab as an example. I need the ability to give some users the ability to Create and Edit in some Assets, but not have the ability to Delete. Some other Assets I don't want them to have anything other than Read. Some other users I…

          77 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
          • Dynamic LDAP lookups to assign users to roles

            Currently, when a user is created (either on import, or when they log in), the role they have at that time is assigned to their account, even if the underlying database (e.g. Active Directory) changes. For example, say you've set up the K1000 so that all members of a particular AD security group are admins of the K1000, and all members of another AD security group are K1000 users. If you change a user's AD security group so that they're not in the admin group any longer, that change won't ever take effect on the K1000 and thus the user…

            68 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
            • Upgrade to Windows 10 via K1000

              What will be the plan for upgrading Windows 7 & 8 computers through K1000? We have Windows Update set to be handled via K1000, so users cannot use Windows Update, nor would we want to manually sign each computer up to have the option to upgrade to Windows 10 when it releases.

              An option to have the K1000 do this for us would be great and save people a lot of time.

              58 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
              • Add Application Whitelisting

                Add Application whitelisting, this is a type of endpoint protection where, by default, all applications are blacklisted and only known good applications are allowed.

                These Known-good applications are kept in a list, KACE seems to have a fairly extensive list of application and signatures which could possibly be leveraged for this purpose.

                Lumention offers this service as part of their suite of endpoint management which competes with KACE. I would like to see this added to KACE;

                47 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

                  This is under consideration but not planned for the next release, Please continue voting if you’d like to see this feature prioritized for a future release.

                • Limit access to report categories and asset types by role or user label

                  I would like to limit access to report categories and asset types by role or user label. For example, we have a vehicle maintenance queue. We have vehicles as assets and we have reports for those vehicles. My vehicle maintenance guy doesn't need be able to see and modify the IT assets or reports, he just needs to see and modify his vehicle assets. Also, he doesn't need to be able to see the IT reports, just reports for his vehicles.

                  29 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    planned  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow the use of label groups for deployment and ACLs

                    Label groups cannot currently be used for anything other than organizing multiple labels. I would like the ability to utilize label groups for deployments and setting ACLs more easily.

                    19 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                    • SSL settings should allow requesting SAN certificates (Subject Alternative Names)

                      In the CSR request process a feature should be added to allow SAN certificates. This would help clients access the K1000 with a variety of internal and external host names without certificate errors.

                      18 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                      • Kace needs to support Secure LDAP for Users running AD and internal CAs.

                        Kace needs to provide better support for secure LDAP connections. The most common Active Directory environment running Secure LDAP is running an internal CA.The K1000 does not support using an internally signed certificate. That means that if we want to use LDAP for authentication we have to use unencrypted LDAP. Unencrypted passwords should be a serious concern to Dell.

                        14 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                        • Automate Software Threat Level Settings

                          Software Threat Level settings are auto set. For example, like AppDeploy, users can submit software ratings and it will be applied to one's software inventory.

                          13 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                          • Label Permissions

                            Allow a way to create a User Group to only have rights to specific Smart Labels. We are a Global Company and I do not want my EMEA Help Desk groups to be able to push MI's, Run Scipts, etc. on machines that are part of certain labels or do not fall under their control. They should have read access to all of the computers but only have the ability to manage their group of machines/labels. We cannot do multiple Org's so having this implemented would solve our issues.

                            13 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                            • Limit MySQL access to specific IP addresses

                              Our Security team has run vulnerability scans against the Kace K1000 and it currentloy shows 130+ vulnerabilities 95% of which are related to MySQL.

                              What is most desired to mitigate the vulnerabilities is a limitation of MySQL access by source IP address, this would mitigate the exposure of the system. We know that MySQL already has a table to do limit access itself, however the KACE GUI doesn't make access to those MySQL built-in components.

                              11 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                              • Free SSL certificates from Let's Encrypt

                                Add the ability to get a free SSL certificates from Let's Encrypt (www.letsencrypt.org) and have it auto-renew with their client.

                                You are able to use their certificates without the client but they expire after 90 days making them hard to manage in the long term.

                                11 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                • Import User Groups on LDAP Import

                                  It would be nice if the LDAP Import would automatically list all groups a user belongs to during import. Currently, a custom LDAP filter has to be setup for each group in order for this to work. That is a lot of extra work when I've got over 2000 AD groups.

                                  10 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Support RSA SecurID logins

                                    Support the use of RSA SecurID for admin logins to the K1000 appliance. The K1000 has access to all servers for management purposes and one-time passwords would provide a higher level of security by preventing a stolen password from being used for logins.

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 9 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                      • 9 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                        • reverse proxy

                                          Supporting a reverse proxy setup or providing guidance on how to set up a reverse proxy for the K1000 would be very beneficial for added security. The setup would be something like this:

                                          K1000 appliance on the internal network behind a firewall
                                          A reverse proxy on the DMZ (e.g. IIS 8 with ARR)

                                          Currently trying to set this up is a huge headache and I'm running into all sorts of issues and problems. It would be better from a security standpoint if the K1000 sat behind a reverse proxy.

                                          A specific use case would be when an organization has an…

                                          8 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base