SMA (K1000)

Please tell us how you’d like to see the Systems Management Appliance product improved!

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Disable "Updated Patches Available" and "New Dell Updates Available"

    Disable the "Updated Patches Available" and "New Dell Updates Available" report that KSMA sends automatically.

    It should be great to set it as an option (enable\disable, sender\recipient address, etc) in the "Patch and Feature Update Download Settings" or "Dell Update Download Settings".

    Thank you
    Marco

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Admin Portal Not Accessible Externally

    Stop the enforcement of the Admin Portal being available for external use.

    To clarify - In order for Agents to check in to the appliance, the appliance must be externally facing. This causes a massive security risk as when the appliance is externally facing, the Admin portal is also external.

    While default passwords can be changed and security can be increased as much as possible, the ability to have agents check in externally, without an admin portal being accessible is a necessity with regards to security.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. root

    It would be nice to be able to use p7b certificates on Kace SMA appliance so we don't have to make an exception rule on the firewall's decryption to allow traffic. Unless we install the cert on the appliance, traffic to the appliance won't decrypt at the firewall which seems to prevent updates from downloading to the appliance. For security reasons, we'd prefer to implement the decryption cert rather than make an exception rule to allow the traffic. Appreciate if this feature could be considered in future releases.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Splunk TA/App for SMA

    After being promised splunk connectivity during our sales process, we found that the data exported through syslog is very limited. I have Spoken with Joshua Herrera and Stacy Pickering regarding this and was politely told that nothing can be done to increase syslog verbosity or install a Splunk UF on our tenant. This sounds like the only option is for Kace to produce a Splunk TA/App that would allow secure API based connectivity and near real-time log collection via the Kace API.
    For the sake of maintaining us as your customer, I implore you to please author a Splunk TA/APP…

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Require ability to whitelist MFA

    Currently we have MFA turned on for the SMA. Users are prompted to perform MFA when they login each day. We ask that we have the ability to define an IP exclusion or whitelist where users located on the internal network would be exempt from MFA. Currently, OKTA & Microsoft & Citrix provide whitelist capabilities. We would expect the same feature from KACE

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support Additional LSA Protection

    The LSA, which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies.

    LSA can be configured to run as a protected process, to make attacks such as pass-the-hash more difficult. For more information on running enabling additional LSA protection:
    https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection

    KACE looks to implement an LSA plug-in (KaceCredentialProvider.dll), which would need to support running LSA in this way.

    Support case SR4837981 confirmed this isn't something Quest currently supports.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow accounts in the Active Directory Protected Users group to login

    When we upgraded Active Directory to a newer version, we were able to use the Protected Users built in group to enhance the security of our privileged accounts. Unfortunately, members of this AD group are denied login to the Kace admin console. Our only recourse is to remove our privileged user account from that Protected User group and lower the security in other applications.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide support for Microsoft Authenticator

    We have enabled MFA for the user and admin portals. Users are told to complete MFA with Google Authenticator. However we are a Microsoft customer and all of our users utilize Microsoft Authenticator to complete MFA requests. Please allow the ability for users to complete MFA requests using the Microsoft Authenticator app.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ubuntu Encryption Reporting

    Drive Encryption reports no data available on Ubuntu systems. Reporting needs to be added similar to how Kace reports BitLocker and/or FileVault.

    50 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Disable server-status page

    Currently if you go to the SMA site page /server-status (kbox.domain.com/server-status) it will tell you that access is denied due to a lack of permissions. There should be an option to completely disable this page from visibility. This is most important to customers like us who host the appliance externally. Attackers could scan our domain and see that there is an Apache server active at the address and could plan a more focused attack against it.

    We only host our appliance externally so that workers with endpoints at home and abroad are able to still be managed by the SMA.…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Automate changing local admin passwords on large Organizations

    We are required by Policy to change local admin passwords quarterly and upon staff departure. This results in over 600 manual password changes.

    Does Quest have a way to automate this, or could a Tool/KBin be created so we can input a password and apply it to our servers?

    d

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to disable weak TLS Ciphers

    KACE currently does not support disabling weak ciphers that are part of TLS 1.2. You can go to this site https://www.ssllabs.com/ssltest/ and enter the DNS name for your appliance and find many weak ciphers in use by KACE. This caused our company to have a medium security risk finding that we can't fix. As a government contractor this can become critical to the point of switching to another product if this can't be resolved. I manage other products that let us easily choose which ciphers we want to enable/disable.

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow more granularity between helpdesk queues with regards to roles and permissions

    I have a "Helpdesk" queue and a "Compliance" queue. I need a user to have admin role in his own queue, however I not be able to have the same rights in the "Helpdesk" queue. I need him only to be able to view his tickets in helpdesk queue and to be able transfer them to the Compliance queue when needed.

    We have a few users who need different roles based on the queue they are using while still using the same user ID. Currently as it stands some of the users have access to more function then they should…

    4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Please add support for Duo 2FA

    Please add support for Duo 2FA

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Drive encryption compliance reporting at system level when ORGs are enabled.

    When ORGs are enabled, we need to be able to report drive encryption compliance at the system level for all devices within all ORGs.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Retrieve Windows defender signature version from server/workstations

    add the ability to retrieve windows defender signature version. The inventory already gathers the version information but not the signature version.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow other roles to add and/or manage credentials

    Currently, the 'Credentials' section of Settings is only "editable" for users in the Administrator role. It would be much more flexible to allow users in other roles to edit (or at least add new) credentials.

    If someone is given rights to add new scripts, we would commonly want to also give them rights to use custom credentials for that script.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. User settable 2FA Settings, Fine-grained 2FA Settings

    The current 2FA implementation is extremely lacking. I only seem to be able to find the prompt to scan a 2FA code after first toggling it on, and then from the administrator panel when lookup up users. Virtually every other 2FA I've configured gives an option in user settings to manage their 2FA codes. Without letting users do that you are asking for lockout issues if a user has to get a new phone, this should not be hidden in the User administration area, unless admins want to hide that from users.

    Furthermore, we should have more fine-grained settings to…

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add option for "Max Concurrent Devices to Receive Patches"

    Currently we are using the K1000 to do all of our Windows patching. We have ran into the problem where we have some users who are on our VPN and never receive patches. Our bandwidth for our VPN is rather limited, so adding something in to say "only 2 people can receive patches at a time" for a specific schedule would be fantastic as it would reduce bandwidth consumption and allow us to patch our remote users consistently.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Import custom trusted root CA

    Being able to import your own trusted CA would be a nice feature going forward. This would allow decrypting all egress network traffic from K1000 to internet without issues.

    At the moment patch downloading fails due to SSL errors when you forward the traffic through SSL decryption proxy. Other issues also occur in the normal functionality.

    Without this feature it is not possible to decrypt the CDN traffic of KACE. When it comes to decrypting network packets, CDN traffic has the highest priority. This feature would also allow enterprises to fully deploy their Layer 7 inspection features and would that…

    24 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base