All Devices button
Would like the ability to either:
Remove the All Devices check-box entirely from the Scripting and Distribution section.
Make the All Devices check-box only available to specific "Roles" or specific Labels.
The issue we have is that our Organization is a large multi-national company with around 40x offices all over the world.
We chose to setup our Dell Kace K1000 (k1100) appliance wth a single ORG as it gives us a global view of all our corporate assets, along with a global view across multiple service desk queues within each office.
We want ALL of our Admins to be able to run scripts against the computers within their own offices .......
But NOT to allow them to accidentally run a script or a managed install to ALL Devices - company-wide.
The worst-case scenario is that a site admin in one of our smaller offices, accidentally deploys Microsoft Office 2013 Professional all all 3,000 devices within our entire organization.
Ryan Turcotte commented
The chance of someone accidentally clicking the "All Devices" button on a command like "Restart" is low, but unnecessarily high given it could just be removed with a policy or role, if that was implemented.
I'm sure the checkbox is useful in smaller organizations but as others have stated when you reach a certain number of devices, you shiver at the thought of the backlash that would come with a few errant clicks.
AdminChris Blake (Admin, Quest KACE) commented
"All devices" can currently be hidden from Patching, but would be good if it can be optionally hidden in any location it is exposed.
Has this been included in any new releases? It would be really beneficial.
Has this been included in any of the new releases?
I agree. This feature should be optional for sure. It would bring much peace of mind when running scripts.
This is the one thing stopping us from giving our tier 1's the ability to deploy from KACE.
I think it should be an option to remove all devices from the run now section. The run now section already has a individual role permission. You could grant tier 1's access to just that, only allowing them to deploy scripts but not write them. It would also be nice to only have select scripts show in the run now section, instead of all scripts.
With these changes the Run Now section could become the tier 1 deployment section.
Matt T commented
This would be very useful. It makes sense from a access control point to restrict some technicians/admins from managing scripts, but instead just running them. But having that run on all devices button so easily mistakenly picked scares me. I think having the ability to at the minimum remove it, but if possible be controlled by roles, that would fix the issue.
Darrell F commented
My sentiments exactly Jim W. If there can't be an role-based accommodation within the user portal, then there should be a role-based accommodation within the 'Run Now' section.
Jim W commented
This has become imperative! I was able to have remote agents use the user console for installations but with the latest version that functionality is GONE! I cannot give our Tier 1 access to the scripting area as long as they could accidentally check all devices and create serious issues in our company should they do that with the wrong script.
I agree with this comment one hundred percent, I have a list of Servers we do not want touched. We have it in the K1000 for informational purposes only. At the moment the label restrictions is for Device inventory and Resources, how ever if someone makes a mistake and selects a update to all devices. That will override our selection. Why even have a selection there if it is not authoritative. This concerns me greatly to where I might reduce the footprint of the K1000.