Managing Individual Machine Properties

The Manage Machine Properties dialog is accessed from within Machine View or Scan View by double-clicking a machine or by right-clicking the desired machine and then selecting Machine properties. The dialog contains several tabs that enable you to define many different properties for an individual machine.

Tab	Description
General	Enables you to define a variety of general information about the machine, including: Description, Location, Customer Name, Criticality, Asset tag: Site-specific information you want to provide for the machine. The Criticality level can be used to sort the grid within Machine View. Patch drive path: Enables you to specify the drive and the path to use on the target machine when patch deployment packages and tools are downloaded during a patch deployment. Do this only if you do not want to use the default location (C:\Windows\ProPatches). For example, if the C: drive on your target machines is low on space, you might specify that the patch deployment packages and tools are instead written to the D: drive. The "ProPatches" name is automatically appended to whatever path you specify. For example, if you specify "D:\ABC," the final destination for the patch deployment packages and tools will be "D:\ABC\ProPatches." Separate subfolders will be created for the patches, the logs, etc. The use of environment variables (such as %windir%) is not supported. Assigned group: The static group that this machine is assigned to within Machine View and Scan View. The group is used for organizational purposes. For example, you might sort, filter and search for a specific assigned group and then perform actions on the machines in that group. Custom 1 - 3: These three fields enable you to write custom notes about properties that are unique to this machine. For example, you might use Custom 1 to specify the machine type (laptop, desktop, server, etc.), Custom 2 to specify the machine location (St. Paul, Dallas, Seattle, etc.), and Custom 3 to specify the department that owns the machine (HR, Accounting, IT, etc.). You can use the fields to filter or sort machines within Machine View and Scan View and when scheduling reports. RDP port: Defines the Remote Desktop Protocol (RDP) port to use when making a remote desktop connection with this machine. Connect to machine by: Specifies the method to use when connecting to your client machine. There are two options: IP address: The console will connect to clients using the IP address of the machines. This is the default setting. Fully qualified domain name (FQDN): You may need this method if Kerberos authentication is used in your environment, and if Service Principal Name (SPN) validation is required for Server Message Block (SMB) endpoint connections. For more detailed information, see IP Address vs FQDN. The setting specified here will be used for scans or agent installations that are initiated from Machine View or Scan View. SSH server connection: Choose whether you will allow SSH server connections to this Linux machine. This option is only configurable on Linux machines. If this is a Windows machine, the ability to modify this option is disabled. The SSH protocol is used when the console initiates a connection with the specified Linux machine. The primary use cases are when a power status scan or a push installation of an agent are initiated from the console to a Linux machine. Security Controls does not currently support the use of SSH server authentication, so unless you are certain that the specified Linux machine is trusted and safe, you should choose to block SSH server connections. For more detailed information, see the SSH Authentication topic. Credential: Specifies the credential used when authenticating Security Controls to the machine. The credential you supply here will override credentials specified in other areas of the program. If you select None you effectively remove the credential currently assigned to the machine. There may be several reasons for providing different credentials to a machine after a scan has been performed. If you have multiple administrators in your organization and each is responsible for a different domain, they will need to set their own credentials before performing an action. Or, your organization's policy may be to separate scan (assessment) duties from deployment duties, in which case different credentials are probably required.
Email	Enables you to specify which reports should be automatically sent and to whom the reports should get sent. The specified reports will be sent whenever the machine is involved in a scan or a deployment. To configure reports: Select a report in the Report list. In the Report recipients list, select the groups and/or individuals you want to email the report to. Repeat Step 1 and Step 2 for each report you want to be automatically sent. When finished, click Save. You can use the Machine owner and Machine admin boxes to define the owner and administrator of this machine. If you need to define a new contact or change the email address for a contact, select Manage > Address Book.
Statistics	Displays a trend chart showing the number of found and missing patches detected in the last several scans. This enables you to quickly determine if the patch security state of a machine is trending up or down.

Tab

Description

General

Enables you to define a variety of general information about the machine, including:

Description, Location, Customer Name, Criticality, Asset tag: Site-specific information you want to provide for the machine. The Criticality level can be used to sort the grid within Machine View.
Patch drive path: Enables you to specify the drive and the path to use on the target machine when patch deployment packages and tools are downloaded during a patch deployment. Do this only if you do not want to use the default location (C:\Windows\ProPatches). For example, if the C: drive on your target machines is low on space, you might specify that the patch deployment packages and tools are instead written to the D: drive. The "ProPatches" name is automatically appended to whatever path you specify. For example, if you specify "D:\ABC," the final destination for the patch deployment packages and tools will be "D:\ABC\ProPatches." Separate subfolders will be created for the patches, the logs, etc.

The use of environment variables (such as %windir%) is not supported.

Assigned group: The static group that this machine is assigned to within Machine View and Scan View. The group is used for organizational purposes. For example, you might sort, filter and search for a specific assigned group and then perform actions on the machines in that group.
Custom 1 - 3: These three fields enable you to write custom notes about properties that are unique to this machine. For example, you might use Custom 1 to specify the machine type (laptop, desktop, server, etc.), Custom 2 to specify the machine location (St. Paul, Dallas, Seattle, etc.), and Custom 3 to specify the department that owns the machine (HR, Accounting, IT, etc.). You can use the fields to filter or sort machines within Machine View and Scan View and when scheduling reports.
RDP port: Defines the Remote Desktop Protocol (RDP) port to use when making a remote desktop connection with this machine.
Connect to machine by: Specifies the method to use when connecting to your client machine. There are two options:

IP address: The console will connect to clients using the IP address of the machines. This is the default setting.
Fully qualified domain name (FQDN): You may need this method if Kerberos authentication is used in your environment, and if Service Principal Name (SPN) validation is required for Server Message Block (SMB) endpoint connections.

For more detailed information, see IP Address vs FQDN.

The setting specified here will be used for scans or agent installations that are initiated from Machine View or Scan View.

SSH server connection: Choose whether you will allow SSH server connections to this Linux machine.

This option is only configurable on Linux machines. If this is a Windows machine, the ability to modify this option is disabled.

The SSH protocol is used when the console initiates a connection with the specified Linux machine. The primary use cases are when a power status scan or a push installation of an agent are initiated from the console to a Linux machine. Security Controls does not currently support the use of SSH server authentication, so unless you are certain that the specified Linux machine is trusted and safe, you should choose to block SSH server connections. For more detailed information, see the SSH Authentication topic.

Credential: Specifies the credential used when authenticating Security Controls to the machine. The credential you supply here will override credentials specified in other areas of the program. If you select None you effectively remove the credential currently assigned to the machine.

There may be several reasons for providing different credentials to a machine after a scan has been performed. If you have multiple administrators in your organization and each is responsible for a different domain, they will need to set their own credentials before performing an action. Or, your organization's policy may be to separate scan (assessment) duties from deployment duties, in which case different credentials are probably required.

Enables you to specify which reports should be automatically sent and to whom the reports should get sent. The specified reports will be sent whenever the machine is involved in a scan or a deployment.

To configure reports:

Select a report in the Report list.
In the Report recipients list, select the groups and/or individuals you want to email the report to.
Repeat Step 1 and Step 2 for each report you want to be automatically sent.
When finished, click Save.

You can use the Machine owner and Machine admin boxes to define the owner and administrator of this machine. If you need to define a new contact or change the email address for a contact, select Manage > Address Book.

Statistics

Displays a trend chart showing the number of found and missing patches detected in the last several scans. This enables you to quickly determine if the patch security state of a machine is trending up or down.