Purpose

It is safe to change the IP address or the subnet of a LDMS core server but to be on the safe side, it might be good practice to verify connectivity configuration.

Checklist

• If the database management system is installed on another server, make sure of the connectivity between the core and the db server. (IP and ports)
• Make sure there is no connectivity issues between clients and the new core server. (IP and ports)
• If using a Management Gateway, make sure there is no problems of the connectivity with the new core server. (IP and ports)
• Some problems might occur if IP addresses are used in any software distribution.Check software distribution packages and task
• Some problems might occur if IP addresses are used in any agent configuration. Check agent configuration.

Additional informations

Information regarding ports configuration

Ports used by LANDesk Management Suite - Full List

Moving a Core server to another Domain/Forest - Scenario

http://community.landesk.com/support/docs/DOC-29191

Moving a Core server to another Domain/Forest - Checklist

http://community.landesk.com/support/docs/DOC-29190

Purpose

LDMS 9.6 introduced additional logging options. These options help manage the size, quantity, and the logged information. Using these options can be beneficial in troubleshooting a variety of issues.

Steps

• Open Registry Editor (regedit.exe)
• Navigate to and select the LogOptions key
  • 32Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\landesk\managementsuite\LogOptions]
  • 64Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\LogOptions]
• Right click desired REG_DWORD and choose Modify.
  • Set Value data to desired value
    • 0 = Off
    • 1 = On

Log Location

When the additional logging is turned on It will write additional information into the logs at the following locations depending on the type of task being executed.

C:\ldprovisioning

C:\Program Files (x86)\LANDesk\LDClient

C:\Program Files (x86)\LANDesk\LDClient\Data

C:\ProgramData\LANDesk\Log

NOTE: When using the additional logging in WinPE, these logs are written to X:\ProgramData\LANDesk\Log. The ProgramData folder is hidden but can still be accessed using the 'CD' (change directory) command.

Additional Options

Individual log options can be overridden by adding the above REG_DWORD to the specific sub-key. For example, if you want to have vulscan keep 12 backups of a log and always write verbose entries into the log you would:

• Open Registry Editor (regedit.exe)
• Navigate to the LogOptions\vulscan.exe key
  • 32Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\landesk\managementsuite\LogOptions\vulscan.exe]
  • 64Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\LogOptions\vulscan.exe]
• Right click vulscan.exe
  • Select New
  • Select DWORD (32-bit) Value
  • Type the Reg_DWORD logVerbose
  • Right click logVerbose REG_DWORD and choose Modify.
  • Set Value data to 1 (On)
• Repeat for maxBackups and set value to 12

These modifications can be made individually as needed for troubleshooting. However if this is needed on a wider scale, modifying multiple values in multiple registries can be problematic. Below you will find attached Provisioning Templates that will allow you to modify the registries using a scheduled task. By default these templates have the values set to their default value. A copy should be made of the default version so that changes can be reverted easily. These can be further modified to create the logging options for specific sub-keys.

Related Documents

How to enable XTrace Diagnostic logging in LANDesk 9.6 Core and Clients

LDMS 9.6 Policy Task Verbose Logging

Since upgrading to Service Desk 7.7.2, I am unable to administer any user accounts.  If I try to change a role or user type, I am getting the error:

"Column name or number of supplied values does not match table definition"

Would anyone be able to comment on recommended hardware specs for a new SQL server. We're currently at LDMS 8.8 SP3, but will probably upgrade in 2012.

Microsoft licensing requires due diligence on such matters. I'm sure you've gone down that $$ road before. Specifically, we want to confirm processor and core requirements.

Thanks in advance for any feedback.

Regards,

Bill Suggs

Fort Worth, TX

Applied to LANDesk Management Suite 9.5 and newer

Description

Data Protection provides integration to Credant Servers to provide the encryption status of devices in the LANDesk Management Suite console. 

The information is available in queries, column sets, and reporting.  This document covers the following areas of Data Protection:

·         Server Configuration

·         Scheduled Task Configuration

·         Client Inventory Information

·         Reporting

Data Protection can be accessed from Tools > Security and Compliance > Data Protection. Note: This feature requires the appropriate license.

Server Configuration

On the Data Protection tab select Data protection servers

Multiple Servers can be added using the New data protection server… icon.

Configure the Credant Server properties.

If the server is properly configured green check marks will be shown to indicate successful configuration.

If the configuration is incorrect, or the server cannot be contacted, a red X will be shown to indicate failure.

Configure the Credant Database server properties.

Save the configuration.

Repeat the steps above to configure additional Credant Servers.

Schedule Task Configuration

After configuring the Credant Server(s) a scheduled task should be created to regularly gather the protection status from the Credant Database servers. To schedule this task click on the icon titled Schedule sync task.

Note: Only a single scheduled task is required to gather data from all of the Credant servers that have been configured.

After the scheduled task is created and run the status for each server can be seen on the Data protection servers screen. In the event of a failure the server will be shown with a red exclamation point.

Detailed synchronization information can be found in the DataProtSync.exe.log file.

From the data protection server  screen you can select a configured server and launch the Credant Web Console for that server by selecting the Web Console icon on the toolbar.

Client Inventory Information

Data protection information from the client can be seen in inventory under Security > Data Protection

Some inventory information is gathered from the Credant Database when the scheduled task on the core runs. Additional information is gathered from the client when an inventory scan runs.

Fields Gathered from the Credant Database:

• Protected Date
• Last Sync Time

Fields Gathered from the client inventory scan

• DCID
• Gatekeeper Name
• Installed
• MCID
• Product Name
• Product Version
• Server name
• Service Status

Client information can be updated real-time by right clicking the device in the console and selecting data protection summary.

Reporting

A data protection report is available to show the protection status, version, and server assignment for devices.

The report is titled Data Protection Report

Sample of the Data Protection Report

Summary

Details of Protection Status

Environment:

Windows 2008r2 x64

LANDesk Management Suite 9.0 sp3

Windows Server Update Services 3.0 SP2

(Possibly others, the above list is confirmed)

Problem:

After installation of WSUS, all consoles to core stop working.

Errors:

• Console Initialization Error: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'.
• HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid.
• 0x8007007e

Workaround:

None.

Solution:

Unistall WSUS (reboot not required)

Hello,

We just upgraded to 9.6 service pack 2 and I am testing the FUSE and wanted to know the following;

Is there a way to setup the FUSE site so that the only thing the end-users will see when they log in is the Software Catalog?

Thank you in advance for any input,

-Kristhian

Running LDMS 9.5 SP3, database on SQL Server 2008:

I have slowly been working on improving our database environment and recently discovered the previous LANDesk administrator set the owner of the database to their own user account from Active Directory. I would like to change the owner of the database to our standard LANDesk service account but don't want to risk imploding our LANDesk environment. Does anyone have any experience in having to change database owners after the database has already been created? Is this even possible in the LANDesk environment?

Hello, I'm trying to connect to the db from an Access Db, does anyone has any instructions?

Do I need to do a File Data Source or Machine Data Source?

SQL Server or SQL Server Native Client 11.0 Driver?

What username and password should I use?

I have a default LDMS database using all default settings.

Any help is appreciated.

Thanks.

Ivanti Endpoint Manager 2017.1 Remote Management Console fails to install on a Windows 10 x64 64-bit version 1703 (OS Build 15063.0)

Failed

Installing Data Analytics - view log

Log file \\windows10\c$\ProgramData\LANDesk\ManagementSuite\Install\10.1.10\Log\DataAnalytics_Setup.exe.log reports:

MSI (c) (60:84) [14:41:55:017]: Note: 1: 2205 2: C:\Windows\Downloaded Installations\{D0B6973F-5693-42E1-99CB-13FAEE20AF35}\LANDESK Data Analytics.msi 3: ISAlias

MSI (c) (60:84) [14:41:55:017]: Note: 1: 2228 2: C:\Windows\Downloaded Installations\{D0B6973F-5693-42E1-99CB-13FAEE20AF35}\LANDESK Data Analytics.msi 3: ISAlias 4: SELECT * FROM ISAlias

InstallShield 14:41:55: Setting external UI handler...

InstallShield 14:41:55: Ready to launch program block.

1: You must install the .NET Framework v4.5

InstallShield 14:41:55: Installation aborts, ready to shut down.

InstallShield 14:41:55: Invoking __ResetMsiObject...

MSI (c) (60:84) [14:41:55:029]: Destroying RemoteAPI object.

MSI (c) (60:0C) [14:41:55:030]: Custom Action Manager thread ending.

=== Verbose logging stopped: 08/05/2017  14:41:55 ===

Log file \\windows10\c$\ProgramData\LANDesk\ManagementSuite\Install\10.1.10\Log\LANDesk.Install.LDMS_*.log reports:

2017-05-08 14:41:39 INFO: Executing command DataAnalytics_Install SetupController.ExecuteCurrentCommand

2017-05-08 14:41:39 INFO: Executing: C:\Ivanti2017-1\Resources\DataAnalytics\setup10.exe /S /Verbose"C:\ProgramData\LANDESK\ManagementSuite\Install\10.1.10\Log\DataAnalytics_Setup.exe.log" /v"LDDAMS=YES" Launcher.ExecuteCommandEx

2017-05-08 14:41:57 ERROR: Execution of DataAnalytics_Install completed. Return code: -3, State: Failure SetupController.ExecuteCurrentCommand

RESOLUTION: This is a known issue - defect number 411405. Please see README for 2017.1 https://community.ivanti.com/downloads/Readme/Pages/IEM2017Readme.html#h_known

Data Analytics

411405 Fail to install Data Analytics when installing remote console

Console support for Windows 10 Version 1703 Creator will be add in the next product release (2017.3).

Environment

LANDESK Management Suite 9.0

LANDESK Management Suite 9.5

LANDESK Management Suite 9.6

Problem/Issue/Symptoms

The on line activation process of a LANDESK Management Suite Core server fails.

Causes

The most common causes for this issue are:

1. Lack of http connectivity towards license.landesk.com
2. Missing certificates on the core
3. Missing registry key for the activation URL

Solutions

1) Lack of http connectivity towards license.landesk.com

1.1) Check if your core server is able to communicate with license landesk com, executing a ping license.landesk.com in a command prompt, a public IP address should reply, for instance 204.246.129.106.

1.2 Verify that you can open in a browser the following URL:http://license.landesk.com/authorizationservice/licensing.asmx

1.3) Verify that the proxy options used in your web browser are the same used in your Core Server Activation, if the browser is able to reach the URL just checked.

1.4) Verify that the software and hardware firewalls between your core and the internet allow your core to reach license.landesk.com on the tcp port 80 (http).

1.5) Verify that your %windir%\system32\drivers\etc\hosts file doesn't contain any line referring to license.landesk.com

2) Missing certificates on the core

2.1) In the folder %programfiles(x86)%\LANDesk\Shared Files\keys\. You should find  one file for each of the following extensions: .0, .cer, .crt and .key. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.

2.2) Verify that the registry key CertName in HKLM\Software\Wow6432Node\LANDesk\ManagementSuite\Setup is pointing to the right certificate name. On a 9.6 core remove the Wow6432Node part from the registry path.

2.3) Verify to have a .0 file with the same name as the one just checked in the folder %programfiles(x86)%\LANDesk\Shared Files\cbaroot\certs\. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.

2.4) To troubleshoot a missing or deleted certificate follow this article: How to troubleshoot a missing or deleted core certificate

3) Missing registry key for the activation URL

3.1) Verify the presence of the AuthorizationServiceUrl key in HKLM\Software\Wow6432Node\LANDesk\ManagementSuite. The value of the key (string) must be http://license.landesk.com/authorizationservice/licensing.asmx On a 9.6 core remove the Wow6432Node part from the registry path.

4) Other complementary tasks

4.1) Run the core server activation as an administrator

4.2) Track the activation process with procmon or wireshark to check if the core is really able to communicate with license.landesk.com

4.3) Delete the content of the %temp%, %tmp% and %windir%\temp folders

4.4) Delete all the .txt and .save files in the %programfiles(x86)%\LANDesk\Authorization Files\ folder\. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.

5) Other resources

5.1) Unable to activate an 8.7 / 8.8 core server online: https://community.landesk.com/docs/DOC-29443

5.2) Manually activating the core server via email: How to Activate the Core Server

5.3) Missing licenses and subscriptions after a major release upgrade: The core server you are connecting to does not appear to have a valid license

For the past few months whenever I apply a security patche for Outlook 2016 to my environment I get users reporting that Outlook is crashing on startup.  I haven't had it reported for the 32 bit version of the patch, only the 64 bit version, and the only thing that ends up fixing it is to uninstall the offending patch (Sept patch was 4011091).

I know there were reports of issues with the Outlook patch back in June and I am wondering if they still haven't fixed it.  I would welcome any comments/suggestions you all may have.

I am using Landesk 9.6 SP3

We have found on a Domain if anyone logs in that is not the local administrator, a local user or does not have Domain Admin privileges, Edge will come up lock up then close.

The temp fix for this until Microsoft comes up with a fix is to edit registry for each user.

Go to HKCU\Software\Microsoft\Internet Explorer\    Add key Spartan  with data RAC_LaunchFlags  Reg_Dword =1

This document outlines the supported platforms for Ivanti Endpoint Manager / LANDESK Management Suite, including supported clients along with server and database requirements for all supported versions.

	Supported: Ivanti has validated the operating system (OS) version with Ivanti Software. Ivanti provides full technical support for the corresponding product components running on the OS.
	Supported with a patch: Ivanti has validated the operating system (OS) version with Ivanti Software. Ivanti provides full technical support for the corresponding product components running on the OS, however an additional patch is required to enable support for the OS.
	Legacy: This involves installing an agent from a previous version of LANDESK on the OS and using it with current code. New features are not available and limited support is available for this method of device management.
*	Future Update: This column or row is informational and subject to change until release.

What is the End of Life for Ivanti Products

Please click here be referred to our main website for the most up-to-date product availability and support information for all LANDESK products.

Supported Ivanti Agent - Client Operating Systems

Operating Systems	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
Mac OS X 10.6.8	5	9	9	9	9	9	9	9	9
Mac OS X 10.7.5	5	5	9	9	9	9	9	9	9
Mac OS X 10.8.5	0	0	0	0	5	9	9	9	9
Mac OS X 10.9.x	0	0	0	0	0	9	9	9	9
Mac OS X 10.10.x	1	0	0	0	0	0	9	9	9
Mac OS X 10.11.x	9	9	1	0	0	0	0	0	9
MacOS 10.12.x	9	9	9	9	0	0	0	0	0
Windows XP Professional x32 SP3	0	0	0	0	0	5	5	5	9
Windows XP Professional x64 SP2	0	0	0	0	0	5	5	5	9
Windows Vista (32-bit) SP2 or higher	5	5	9	9	9	9	9	9	9
Windows Vista (64-bit) SP2 or higher	5	5	9	9	9	9	9	9	9
Windows 7	0	0	0	0	0	0	0	0	0
Windows 8	0	0	0	0	0	0	0	5	9
Windows 8.1	0	0	0	0	0	0	0	0	0
Windows 10	9	9	1 1,3	0	0 1	0	0	0	0

Supported LANDESK Agent - Server Operating Systems

Operating Systems	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
AIX 6.x x64 (PPC)	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9	9
AIX 7.1 x64 (PPC)	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 5 x32	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9	9
CentOS 5 x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9	9
CentOS 6 x32	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 6 x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1
CentOS 7 x64	9	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1
HP-UX 11.31 PA RISC x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
HP-UX 11.31 on Itanium x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9	9
Red Hat Enterprise Linux Advanced Platform 5	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9	9
Red Hat Enterprise Linux 6	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Red Hat Enterprise Linux 7 x64	9	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Solaris 10 (SPARC64/x86_64) with Update 8 or later	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Solaris 11 (Sparcx64/x86_64)	9	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
SuSE Linux Enterprise Server 10 x32/x64	0 1	0 1	0 1	0 1	0 1	0 1	9	9	9
SuSE Linux Enterprise Server 11	0 1	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
SuSE Linux Enterprise Server 12 x64	9	9	9	9	0 1	0 1	0 1	0 1	0 1
Ubuntu 14.04 LTS	9	9	9	9	9	9	9	0 1	9
Ubuntu 16.04 LTS	9	9	9	9	9	9	9	0 1	0 1
Windows Server 2003 Standard/Enterprise	0	0	0	0	0	5	9	9	9
Windows Server 2008 Standard/Enterprise	0	0	0	0	0	0	0	0	9
Windows Server 2012	0	0	0	0	0	0	0	0	0
Windows Server 2016 Standard	9	9	9	9	9	0	0	0	0

Supported LANDESK Agent - Embedded Operating Systems

Operating Systems	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
Windows Embedded Standard/Enterprise 2009	0	0	0	0	0	5	5	5	9
Windows Embedded Standard/Enterprise 7	0	0	0	0	0	0	0	0	0
Windows Embedded POSReady 2009	0	0	0	0	0	5	5	5	9
Windows Embedded POSReady 7	0	0	0	0	0	0	0	0	0
HP ThinPro	0	0	0	0	9	9	9	9	9
Windows Embedded 8.1	9	9	0	0	0	0	0	0	9
Windows 10 Embedded	9	9	9	9	9	9	0	0	0

Supported LANDESK Mobile Operating Systems

Operating Systems	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
Android	0	0	0	0	0	0	0	0	0
iOS	0	0	0	0	0	0	0	0	0
Blackberry OS1	0	0	0	0	9	9	9	9	9
Windows Mobile 6 or Higher1	0	0	0	0	9	9	9	9	9
Google Chromebook2	9	9	9	9	0	0	0	0	0

Supported LANDESK Console Operating Systems

Operating Systems	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
Windows XP SP3 (SP2 for x64)	0	0 1	0 1	9	9	9	9	9	9
Windows Server 2008 R2 Standard/Enterprise	0	0	0	0	0	0	0	0	9
Windows Server 2012 R2	0	0	0	0	0	0	0	0	0
Windows Server 2016 Standard	9	9	9	9	9	9	0	0	0
Windows 7	0	0	0	0	0	0	0	0	9
Windows 8	0	0	0	0	0	0	9	9	9
Windows 8.1 Update 1	0	0	0	0	0	0	0	0	0
Windows 10	9	9	1	0	0	0	0	0	0

Supported LANDESK Core Server Operating Systems

Operating Systems	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
Windows Server 2008 R2 Standard/Enterprise	5 1	5 1	5 1	5 1	5 1	5 1	9	9	9
Windows Server 2012 R2 Standard	0	0	0	0	0	0	0	0	9
Windows Server 2016 x64	9	9	9	9	9	9	0	0	0

Supported LANDESK Core Server Database

SQL Versions	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
MS SQL Server 2008	0	0	0	0	0	0	5	5	9
MS SQL Server 2008 R2	0	0	0	0	0	0	5	5	9
MS SQL Server 2012	0	0	0	0	0	0	0	0	0
MS SQL Server 2014	9	0	0	0	0	0	0	0	0
MS SQL Server 2016	9	0	0	0	0	0	0	0	0
Oracle Database 11g Release 2 (11.2.0.2)	5 1	5 1	5 1	5 1	9	9	9	9	9

LANDESK Management Suite and Cloud Services Appliance Compatibility

Cloud Services Appliance Version	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
Cloud Services Appliance 4.2	5	9	9	9	9	9	9	9	9
Cloud Services Appliance 4.3	0	0	0	0	0	0	0	0	0
Cloud Services Appliance 4.4	9	9	9	9	9	0	0	0	0
Future Update*	9	9	9	9	9	0	0	0	0

LANDESK Management Suite and Asset Lifecycle Manager Compatibility

Asset Lifecycle Manager Version	9.6	9.6 SP1	9.6 SP2	9.6 SP3	2016	2016.3	2017	2017.3	Future Update*
ALM 5.06	0	0	0	0	0	0	0	0	9
ALM 6.01	0	0	0	0	0	0	0	0	9
ALM 6.02	0	0	0	0	0	0	0	0	9
ALM 6.1	9	0	0	0	0	0	0	0	0

LANDESK Management Suite and Service Desk Compatibility

Please refer to the following document for the most current information for details on compatibility and integration.

• Service Desk and LDMS Integration Compatibility Matrix

Asset Lifecycle Manager and Service Desk Compatibility

Service Desk Version	ALM 5.01	ALM 5.06	ALM 6.01
Service Desk 7.6 / 7.6.1	0	0	0
Service Desk 7.7.x	0	0	0
Next Version*	5	0	0

Generally available updates

Updates are available from the Console in the Patch and Compliance tool under LANDESK or Ivanti updates.  Please check your LANDESK or Ivanti Updates in the Patch Management tool for generally available Service Updates.

More information about fixes, known issues and changes contained in the patch can be found in the corresponding readme.

Ivanti® Endpoint Manager 2017.3

Endpoint Manager and Endpoint Security for Endpoint Manager (EPM) released 10/05/2017.   Ivanti Endpoint Manager and Ivanti Endpoint Security for Endpoint Manager are the new names for the product previously known as LANDESK Management Suite. Future product sustainment and patches for EPM 2017 will require EPM 2017.3 be installed first.

You can access the download links and related information about the release in the Downloads section: Product Downloads

Ivanti® Endpoint Manager 2017.1

Endpoint Manager and Endpoint Security for Endpoint Manager (EPM) released 05/03/2017.   Ivanti Endpoint Manager and Ivanti Endpoint Security for Endpoint Manager are the new names for the product previously known as LANDESK Management Suite. Future product sustainment and patches for EPM 2017 will require EPM 2017 be installed first.

You can access the download links and related information about the release in the Downloads section: Product Downloads

For information about Service Updates, please see EPM 2017 Sustaining Patch Information

LANDESK® Management Suite 2016.3

Management & Security Suite 2016.3 released 10/20/2016. LDMS 2016.3 is the latest revision of the LDMS 2016 product. This release contains both fixes and features similar to some of the SPs released previously. Future product sustainment and patches for LDMS 2016 will require LDMS 2016.3 be installed first.

You can access the download links and related information about the release in the Downloads section: Product Downloads

For information about Service Updates, please see LDMS 2016 Sustaining Patch Information

LANDESK® Management Suite 2016

Management & Security Suite 2016 released 2/5/2016. This release is superseded by LDMS 2016.3. You can access information about the release in the Downloads section: Product Downloads

For information about Service Updates, please see LDMS 2016 Sustaining Patch Information

LANDESK® Management Suite 9.6

The latest Service Pack for LANDESK Management Suite 9.6 is Service Pack 3, released August 2nd, 2016. Service Pack 3 requires Service Pack 2 to be installed already. You can access the download links and related information about the Service Pack in the Downloads section: Product Downloads

To download Service Pack 2 or 3, you must be logged into the LANDESK Community and be a customer with current maintenance or a LANDESK partner.

For information about Component Patches and updates, please see LDMS 9.6 Sustaining Patch Information

LANDesk® Management Suite 9.5

The latest Service Pack for Management Suite 9.5 is Service Pack 3, released October 6, 2014.  You can access the download links and related information about the service pack in the product downloads section:

To download Service Pack 3, you must contact Support and be a customer with current maintenance or a be partner.

For information about Component Patches and updates please see LDMS 9.5 Sustaining Patch Information

Have you added "*.landesk.com" to the Trusted Sites in Internet Explorer?

Without this action, installing service packs and/or patches may result in unexpected failures.
For detailed steps on performing this action see this article.

Note: Older builds not listed have been deprecated. Please refer to this article for information about currently supported builds: Supported Platforms and Compatibility Matrix for LANDESK Management Suite

Overview

This document goes over basics of user management in Ivanti Endpoint Manager. This is not an exhaustive guide on all facets of user management.

General

Before getting into specifics, there are some general details about EPM's user management process.

Groups

When you install the Core, we create 2 local groups on the Core server:

• Landesk Management Suite
  • This group provides no special rights. Users who are not intended to be Landesk Administrators should be placed here.
  • The LandeskComPlus user is placed in this group during install.
• Landesk Administrators
  • This group provides users in it with Landesk Administrator rights.
  • The user that installs EPM is placed in this group.

In order for a user to use any functions of EPM, they need to be a member of one of those 2 groups. This is not just for the Windows console, but also to access the web console, or the Analyst space of workspaces, etc. Anything that integrates with EPM.

While you can add individual users to these groups, you can also add other groups, and EPM will resolve the members of those groups.

Any users that are part of Landesk Management Suite will also need to have a Role configured before they can login.

Allow vs Deny

While other user management solutions, like Active Directory, will Deny before Allow (ie. if a user gains Allow from one group and Deny from other, they will get Deny), EPM is the opposite. EPM will provide the greatest available rights based on a user's combination of rights. It's often helpful to think of rights in EPM in the manner of a Venn Diagram, where each role is part of the diagram, and a user's "Effective Rights" are the entirety of the diagram.

As an example, let's examine the following situation:

• Group A is part of Landesk Administrators, and gains the Landesk Administrator role
• Group B is part of Landesk Management Suite, and is given no default rights.
• User "Tim" is part of both Group A and Group B.

In the situation above, Tim will be a full Landesk Administrator, as he will be given all rights from Group A AND Group B, despite Group B being denied any rights.

This also applies to Scopes.

Users vs Groups

EPM generally treats users and groups the same, in terms of actually configuring rights. All references to users in this document can also be considered to apply to groups, unless noted otherwise.

Active Directory/LDAP

You can use your AD users and groups in User Management. Doing so first requires adding an Active Directory source to User Management (Administration > User Management). Click the "Add" button (green circle with a white plus) and select "New Active Directory Source". Provide your domain and a user with Read access to the domain's objects.

You can also add AD sources by going to Configure > Manage Active Directory sources. Any sources added there will be available to User Management.

Adding Users

A user needs to be added to EPM before they can log in to the Console or access other functions. This can be done a few ways:

• Explicitly
  • To add a user explicitly, head to Administration > User Management. Click the green circle with the white plus, and then select "New user or group". The resulting window will have tabs, one for each user source. Select the appropriate source, then navigate to the user you want.
• Group Membership
  • If a user is a member of a group that's been explicitly added, then they will be as well through inheritance. While they won't show up in User Management until they log in, they will be allowed to.
  • If a user is a member of a group that has not been explicitly added, they will not be able to login.

Once a user is added, you need to give it a role and a scope:

1. Right click the newly added user and select Properties.
2. On the left hand pane, select Roles and check any roles appropriate. Then do the same for Scopes.

A user should login to the console at least once before attempting to use other EPM functions outside of the console, such as Workspaces or HTML Remote Control. This is because we won't create an entry for the user until they do login, even if their group membership allows them to access EPM. Without that user entry being created, they essentially don't exist as far as those functions are concerned, and are therefore unauthorized.

Scopes

In EPM, you can create and assign Scopes. Scopes encompass a set of computers based on user defined criteria. A user can only see machine in their Scope, no matter what rights they have.

Creating Scopes

There are a few ways to create a scope:

• From a Device Group
• From a Query
  • If using queries to create scopes, you should try to keep this to a minimum, or to not use very taxing queries, to avoid causing excessive strain on the database.
  • More about writing queries can be found here
• From an LDAP Container

Roles

Roles are a collection of rights that allows a user to do certain things, but only to machines within their Scope.

Auditing Roles

One thing to note is that Auditing rights are special. Even a Landesk Administrator can't see or configure auditing by default. Anyone who needs to configure auditing needs to be assigned the Auditing Configuration right, and anyone who needs to see auditing events needs the Auditor role. This is regardless of other permissions.

Rights Documentation

This document has more information on specific rights: Explanation of Role Based Administration (RBA) rights

Additional Information

Sometimes after making changes to user rights, they don't take immediate affect. In this case, you can run the files below in the order specified. These needs to be explicitly run "As Administrator", and manually force the user rights to resolve. These are located in the %LDMS_HOME% directory

• CreateLandeskRights.exe
• ResolveDBCustomGroups.exe
• ResolveUserGroups.exe

Hi All,

Where can I download the Ivanti License Optimizer?

• Release Information
  • What's New?
  • How to obtain Ivanti Endpoint Manager 2017.3
    • Hashes:
    • Readme:
  • Installation / Upgrades
  • Licensing
  • Considerations Before Upgrading
  • Useful Documents

Release Information

Ivanti Endpoint Manager 2017.3 was released on October 5th, 2017.  It is a full release with various problem fixes and enhancements.

What's New?

About the New Patch Engine in Ivanti Endpoint Manager 2017.3

About new features and changes in Software Distribution in EPM 2017.3

About new features/changes in Endpoint Security in 2017.3

Whats new for Mac in Endpoint Manager 2017.3

CPE (Configure Profile Editor) for IOS, MacOS and TvOS

New Alerting Features in 2017.3

New Power Management Features in 2017.3

2017.3 Linux Agent 

2017.3+ Linux Agent Conf Files

About Workspaces and Ivanti EPM 2017.3

How to obtain Ivanti Endpoint Manager 2017.3

Hashes:

SHA1: b70f8ca542c1298721e59633aaa027afcfe51ab2

SHA256: 938c889272e7462460da49b03afaf3487a860b4fcf8f54cd17ae4a44bedf4dbf

Readme:

Installation / Upgrades

How to install Ivanti Endpoint Manager 2017.3

Licensing

Customers who are already licensed for older versions of Ivanti Endpoint Manager or LANDesk Management Suite are entitled to a license for version 2017.3.  Your current activation credentials will activate the new version.  Please contact support if you encounter any activation or licensing issues.

Customers who are not yet licensed, please contact your account/sales/partner contact to purchase the product.

Considerations Before Upgrading

LANDESK Smart Card Driver not included in Agent by default as of EPM 2017.3

Supported Platforms and Compatibility Matrix for LANDESK Management Suite

Ivanti Endpoint Manager 2017 Architecture - Overview

Prerequisites to Check Before Installing, Updating, or Patching the LANDESK Core Server

Useful Documents

About Windows PE versions used in Ivanti Endpoint Manager

Setting up Alerting in EPM 2017.3

Mobile Device Management

Linux and Unix Agent

Endpoint Manager 2017.X (formerly LDMS)  Sustaining and Patch Information

Features and Compatibility EOL Matrix for Management and Security Suite

Download the Latest Service Pack for Ivanti / LANDESK Software Products

Best Known Methods for installing Microsoft SQL Server 2012 for LDMS

Hello,

does LDMS Support IPv6 Clients actually? We'v installed LDMS Version 10.1.0.168. and try to manage our Direct Access Clients.

Thanks.

Mike