Copyright Notice
This document contains the confidential information and/or proprietary property of Ivanti, Inc. and its affiliates (referred to collectively as “Ivanti”), and may not be disclosed or copied without prior written consent of Ivanti.
Ivanti retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. Ivanti makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. For the most current product information, please visit www.ivanti.com.
Copyright © 2018, Ivanti. All rights reserved.
Ivanti and its logos are registered trademarks or trademarks of Ivanti, Inc. and its affiliates in the United States and/or other countries. Other brands and names may be claimed as the property of others.
Protected by patents, see https://www.ivanti.com/patents.
Contents
| Welcome to Ivanti Security Controls |
|
| What's New? |
|
| Evaluate the Product |
|
| System Requirements |
|
| Architecture Considerations |
|
| Obtaining the Software |
|
| Installing the Prerequisites |
|
| SQL Server Pre-Installation Notes |
|
| Performing a New Installation |
|
| HTTP Proxy Post-Installation Notes |
|
| SQL Server Post-Installation Notes |
|
| Your Next Steps |
|
| Uninstalling the Product |
|
| Upgrade Requirements |
|
| Upgrade Procedure |
|
| Upgrade Tasks Performed on the Console |
|
| Starting the Program |
|
| Activating the Program |
|
| Editions of the Program |
|
| Version Information |
|
| How Licenses are Tracked |
|
| Navigating the Interface |
|
| Performing a New Agentless Operation |
|
| Using the Navigation Pane |
|
| Charts Page |
|
| Menu Commands |
|
| Editing the Console Description |
|
| Help System |
|
| Show Me How to Get Started! |
|
| How Do I Get Started Scanning and Patching (Windows) |
|
| How Do I Get Started Scanning and Patching (Linux) |
|
| How Do I Automate Scheduled Patching (Windows) |
|
| How Do I Track Deployment Status (Windows) |
|
| How Do I Download Approved Patches (Windows) |
|
| How Do I Scan and Patch ESXi Hypervisors |
|
| How Do I Start Using Application Control |
|
| How Do I Set Up and Monitor Agents |
|
| How Do I Use The Asset Inventory Feature |
|
| How Do I Use The Power Management Feature |
|
| How Do I Use The ITScripts Feature |
|
| How Do I Collect Data For Tech Support |
|
| How Do I Use A Distribution Server |
|
| How Do I Generate Reports |
|
| How Do I View How-to Tutorials |
|
| About Machine Groups |
|
| About the My Test Machines Group |
|
| Creating a New Machine Group |
|
| Organizing machine groups |
|
| Performing Actions On Machine Groups |
|
| Searching Machine Groups |
|
| Working with a Machine Group |
|
| Machine Group Dialog: Top Section |
|
| Machine Group Dialog: Middle Section |
|
| Machine Group Dialog: Bottom Section |
|
| Excluding Certain Machines |
|
| Linking Files to Machine Groups |
|
| Adding Machines by Name |
|
| Adding Domains |
|
| Adding Machines by IP Address |
|
| Adding Organizational Units |
|
| Defining Nested Groups |
|
| Virtual Machine Overview |
|
| Power State and Credential Requirements for VMs |
|
| Notes About Virtual Machines |
|
| Notes About Virtual Machine Templates |
|
| Roadmap of Tasks |
|
| How to Add Virtual Machines |
|
| Adding Virtual Machines Hosted by a Server |
|
| Logging on to a Server |
|
| Adding Offline VMs that Reside on Workstations |
|
| Viewing Servers and Virtual Machines in a Machine Group |
|
| Supplying Credentials for Machines |
|
| Defining Credentials |
|
| Managing Credentials |
|
| Shared Credentials |
|
| Security Implications When Sharing Credentials |
|
| Credential Precedence for Physical Machines and Online VMs |
|
| Credential Precedence for Offline Hosted VMs |
|
| Creating Favorites |
|
| Performing Actions on a Favorite |
|
| Configuration Options Overview |
|
| Display Options |
|
| Notifications and Warnings Options |
|
| Scan Options |
|
| Explanation: Continuous Agentless Scanning |
|
| Explanation: Connecting by IP Address vs FQDN |
|
| Scheduling Options |
|
| Agents Options |
|
| Download Options |
|
| Email Options |
|
| Data Rollup Options |
|
| Scheduled Snapshot Maintenance |
|
| Logging Options |
|
| Internet Proxy Options |
|
| ITScripts Options |
|
| API Options |
|
| Why Use a Distribution Server? |
|
| Determining How Many Distribution Servers to Use |
|
| Configuring Distribution Servers |
|
| Configuring System Account Permissions |
|
| Synchronizing Servers |
|
| Assigning IP Addresses to Servers |
|
| Why You Might Use Multiple Administrators |
|
| How the Program Manages Multiple Admins |
|
| Potential Issues When Using Multiple Admins |
|
| Best Practices When Using Multiple Admins |
|
| How Role-Based Administration Works |
|
| Enabling and Disabling Role-Based Administration |
|
| User Manager |
|
| Deleting a User |
|
| Determining the Currently-Assigned Role |
|
| Best Practices Guides |
|
| Introduction |
|
| Console Software and Hardware Recommendations |
|
| Port Requirements and Firewall Configuration |
|
| Distributed Environment Management |
|
| Configuring Agentless Patch Management |
|
| Best Approach for Applying Patches in an Agentless Environment |
|
| Automating Patch Management in an Agentless Environment |
|
| Agent-based Patch Management |
|
| Agent Rollout Options |
|
| Installing and Supporting Agents on Internet-based Machines |
|
| Agent-Based Product Level and Patch Deployment Process |
|
| Guide to Surviving Patch Tuesday |
|
| Microsoft SQL Server Database Maintenance |
|
| Performing Patching in a Disconnected Environment |
|
| Application Control Best Practices |
|
| What Sets the Program Apart |
|
| Scanning Engine Overview |
|
| Discovering Machines |
|
| Determining Patch Status |
|
| File Version Analysis |
|
| Determining Patch Replacements |
|
| Identifying Explicitly Installed Patches |
|
| Identifying Effectively Installed Patches |
|
| About Patch Groups |
|
| Creating and Editing a Patch Group |
|
| Using a Patch Group |
|
| Patch Scanning Overview |
|
| Scanning Prerequisites |
|
| How to Initiate a Patch Scan |
|
| Scheduling Patch Scans |
|
| Monitoring a Patch Scan |
|
| Monitoring A Scheduled Patch Scan |
|
| Scan History |
|
| Patch Options Menu |
|
| About Patch Scan Templates |
|
| Predefined Patch Scan Templates |
|
| Creating a New Patch Scan Template |
|
| Organizing Patch Scan Templates |
|
| Managing a Patch Scan Template |
|
| Specifying a Default Patch Scan Template |
|
| About Windows Patch View |
|
| Navigating Windows Patch View |
|
| Filtering Windows Patch View by Patch Type |
|
| Filtering Windows Patch View by Product Vendor |
|
| Exporting Patches |
|
| Customizing The Patch View Column Headers |
|
| Understanding the Top Pane |
|
| Searching Patch View |
|
| Filtering Patch View |
|
| Performing Actions On Patches |
|
| Viewing Patch Details |
|
| Viewing Machines Affected By A Selected Patch |
|
| About Third-Party Applications |
|
| How to Scan for Third-Party Applications |
|
| Accessing Patch Scan Results |
|
| Navigating the Scan View Grid |
|
| Customizing The Column Headers |
|
| Scan View Scan Summary |
|
| Machine Group Info is Dynamic |
|
| Searching for Machines |
|
| Filtering Info in the Top Pane |
|
| Performing Actions On Machines |
|
| Viewing Patch Summaries in Scan View |
|
| Performing Actions On Patches |
|
| Viewing Patch Details |
|
| Viewing Machines Affected By A Selected Patch |
|
| Downloading Patches and Product Levels |
|
| How to Download Different Language Versions of a Patch |
|
| Patch Downloads Are Background Tasks |
|
| Manually Acquiring Patches from the Vendor (Sideloading) |
|
| Patch Deployment Overview |
|
| Patch Deployment Prerequisites |
|
| Patch Deployment Security |
|
| Testing Deployment |
|
| Deploying One or More Patches to a Machine |
|
| Deploying All Missing Patches to a Machine |
|
| Deploying Patches to Multiple Machines |
|
| Deploying Third-Party Applications |
|
| Deploying Patches to Virtual Machines |
|
| Deploying Product Levels |
|
| Deploy to All Domain Members |
|
| Scheduling & Configuring a Deployment |
|
| Automatically Deploying Patches |
|
| Monitoring the Deployment |
|
| Viewing Deployment Results |
|
| Canceling a Deployment |
|
| Deployment History |
|
| About Deployment Templates |
|
| Creating a Deployment Template |
|
| Organizing Patch Deployment Templates |
|
| Deployment Template: General Tab |
|
| Deployment Template: Pre-Deploy Reboot Tab |
|
| Deployment Template: Post-Deploy Reboot Tab |
|
| Deployment Template: Email Tab |
|
| Deployment Template: Custom Actions Tab |
|
| Deployment Template: Distribution Servers Tab |
|
| Deployment Template: Hosted VMs/Templates Tab |
|
| Deployment Template: Used By Tab |
|
| Managing a Deployment Template |
|
| About Deployment Tracker |
|
| About the Deployment Tracker Dialog |
|
| Canceling a Task |
|
| How to Uninstall Patches |
|
| Overview of the Custom XML Process |
|
| Creating a New Custom XML File |
|
| Creating a Custom Product |
|
| Creating a Custom Bulletin |
|
| Creating a Custom Patch |
|
| Scan Information Tab |
|
| Deployment Information Tab |
|
| Saving and Validating Your Changes |
|
| Changing a Custom XML File |
|
| Specifying Which Custom XML Files To Use |
|
| Viewing Custom Patches and Products |
|
| Introducing the Virtual Inventory Feature |
|
| vCenter Server and ESXi Hypervisor Requirements |
|
| Adding, Editing, or Removing vCenter Servers and ESXi Hypervisors |
|
| Customizing The Column Headers |
|
| Viewing Information About a vCenter Server |
|
| vCenter Server Top Pane Summary |
|
| Searching the List of Hypervisors |
|
| Performing Actions On Hypervisors |
|
| Viewing a Summary of the Hypervisor's VMs |
|
| Performing Actions On Virtual Machines |
|
| Viewing Bulletin Status |
|
| Deploying Bulletins to Managed Hypervisors |
|
| Using the ESXi Hypervisors List |
|
| Viewing a Summary of the ESXi Hypervisor's VMs |
|
| Performing Actions On Virtual Machines |
|
| Viewing Bulletin Summaries on ESXi Hypervisors |
|
| Deploying Bulletins to Unmanaged ESXi Hypervisors |
|
| How to Initiate a Scan of an ESXi Hypervisor |
|
| Initiating a Deployment to an ESXi Hypervisor |
|
| Configuring an ESXi Bulletin Deployment |
|
| Viewing ESXi Deployment Results |
|
| Overview of Linux Patch Management |
|
| Creating and Editing a Linux Patch Group |
|
| Creating and Editing a Linux Patch Scan Configuration |
|
| Creating and Editing a Linux Patch Deployment Configuration |
|
| Organizing Linux Configurations and Groups |
|
| How to Patch Disconnected Linux Machines |
|
| SSH Authentication |
|
| Importing CVEs |
|
| Application Control Overview |
|
| Executable Control |
|
| Privilege Management |
|
| Browser Control |
|
| Rule Sets Overview |
|
| Configuration Settings |
|
| Configuration Settings Executable Control |
|
| Configuration Settings Privilege Management |
|
| Advanced Settings |
|
| Events |
|
| Message Settings |
|
| Rule Collections |
|
| Group |
|
| User |
|
| Device |
|
| Scripted |
|
| Process |
|
| Rule Set Executable Control |
|
| Allowed Items |
|
| Denied Items |
|
| Rule Set Privilege Management |
|
| Rule Set Browser Control |
|
| Manage Configuration |
|
| Comparison Tool |
|
| Search Configuration |
|
| Event Viewer |
|
| Agentless vs. Agent-based Solutions |
|
| When Should I Use Each Solution? |
|
| What Exactly is an Agent? |
|
| How the Agent Process Works |
|
| Creating a New Agent Policy |
|
| Configuring General Settings |
|
| Agent Reboot Options |
|
| Creating and Configuring a Patch Task |
|
| Enabling Application Control |
|
| Creating and Configuring an Asset Task |
|
| Creating and Configuring a Power Task |
|
| Preparing to Use Agents |
|
| Installing Agents from the Console |
|
| Manually Installing Agents |
|
| Installing Agents from the Cloud |
|
| Configuring Proxy Server Settings for Agents |
|
| Creating and Using a Manual Installation Script |
|
| Troubleshooting Installation Errors |
|
| Managing Your Agents |
|
| Monitoring Agent Actions |
|
| Determining Which Machines Have Agents |
|
| Ongoing Maintenance Tasks |
|
| Using an Agent on a Machine |
|
| Uninstalling an Agent |
|
| About Product Level Groups |
|
| Creating and Editing a Product Level Group |
|
| Using a Product Level Group |
|
| Copy, Delete or Rename a Product Level Group |
|
| About the Agent Client Program |
|
| About Machine View |
|
| Accessing Machine View |
|
| Navigating Machine View |
|
| Customizing the Column Headers |
|
| Typical Uses of Machine View |
|
| Machine View Top Pane Summary |
|
| Understanding Patch Count Data |
|
| Machine Group Information is Dynamic |
|
| Searching for Machines |
|
| Filtering Info in the Top Pane |
|
| Performing Actions On Machines |
|
| Viewing Patch and Asset Summaries |
|
| Performing Actions on Patches |
|
| Viewing Patch Information |
|
| Viewing Machines Affected By A Selected Patch |
|
| What is Event History? |
|
| Searching for Event Entries |
|
| Using the Event History Smart Filter |
|
| Accessing Machine Properties |
|
| Managing Individual Machine Properties |
|
| Managing Multiple Machine Properties |
|
| About the Operations Monitor |
|
| About the Scheduled Console Tasks Manager |
|
| About the Scheduled Remote Tasks Manager |
|
| Manually Installing and Uninstalling the Scheduler |
|
| Security Controls Cloud Synchronization Overview |
|
| Requirements and Usage Notes |
|
| How to Enable Security Controls Cloud Sync |
|
| Security Controls Cloud Sync Options |
|
| Email Overview |
|
| Populating the Address Book |
|
| Automatically Sending Email Reports |
|
| Manually Sending Email Reports |
|
| Using Disconnected Mode |
|
| Managing Data Files and Missing Patches |
|
| Overview of Reports |
|
| Reports Dialog |
|
| Advanced Filtering |
|
| Exporting |
|
| How to Schedule a Report |
|
| Introduction to Database Views |
|
| Overview of Database Views |
|
| Entity Relationships |
|
| Agent View |
|
| Architecture View |
|
| Assessed Machine State View |
|
| CVE View |
|
| DeployState View |
|
| DetectedPatchState View |
|
| InstallState View |
|
| LinuxCompletionCode View |
|
| LinuxDetectedPatchState View |
|
| LinuxErrorStep View |
|
| LinuxInstallState View |
|
| LinuxNotification View |
|
| LinuxPatch View |
|
| LinuxPatchAppliesTo View |
|
| LinuxPatchDeployment View |
|
| LinuxPatchType View |
|
| LinuxPlatform View |
|
| Machine View |
|
| OperatingSystemFamily View |
|
| Patch View |
|
| PatchAppliesTo View |
|
| PatchCountsByScanMachine View |
|
| PatchDeployment View |
|
| PatchScan View |
|
| PatchType View |
|
| Product View |
|
| ScanType View |
|
| SourceType View |
|
| VendorSeverity View |
|
| Sample Query: CVE Vulnerability Report |
|
| Sample Query: Patch Status Detail |
|
| Sample Query: Missing Patches by Agent Policy |
|
| Why Use Multiple Consoles? |
|
| What is a Data Rollup Configuration? |
|
| Implementing a Data Rollup Configuration |
|
| Watching For Data Rollup Activity |
|
| What is an Unattended Console Configuration? |
|
| Implementing an Unattended Console Configuration |
|
| What is a Disconnected Console Configuration? |
|
| Configuring the Central Console in a Disconnected Configuration |
|
| Configuring the Remote Consoles in a Disconnected Configuration |
|
| Multiple Console Configuration with Agents |
|
| ITScripts Overview |
|
| ITScripts Requirements |
|
| Managing ITScripts |
|
| Creating an ITScripts Template |
|
| How to Execute a Script |
|
| Scheduling Scripts |
|
| Run Console ITScripts Dialog |
|
| Monitoring an ITScript |
|
| Monitoring a Scheduled Script |
|
| ITScripts Results View |
|
| Performing Actions on Script Results |
|
| Searching for Script Results |
|
| Using The Script Result Smart Filter |
|
| Opening a PowerShell Prompt |
|
| Creating a Custom Script |
|
| Variables and Functions |
|
| Target Type |
|
| Specifying ComputerName and Credential Parameters |
|
| Unsupported PowerShell Commands |
|
| Output |
|
| Pre-Execution and Post-Execution Functions |
|
| Script Metadata |
|
| Signing Scripts |
|
| Importing User Scripts |
|
| Understanding RDP |
|
| RDP Requirements |
|
| How to Initiate a Remote Desktop Connection |
|
| Database Maintenance |
|
| Assigning Aliases to the Console |
|
| IAVA Reporter Overview |
|
| Creating an IAVA Report |
|
| Performing an IAVA Patch Scan |
|
| Introduction to the Migration Tool |
|
| Requirements for Using the Migration Tool |
|
| Commonly Asked Questions |
|
| Before You Begin |
|
| Creating Your Backup Files |
|
| Restoring Your Console on a New Machine |
|
| Post-Migration Tasks |
|
| Overview of REST API |
|
| Overview of PowerShell API |
|
| PowerShell API Requirements |
|
| Areas That Can be Accessed by the API |
|
| Viewing and Tracking API-Driven Actions |
|
| How to Get Started |
|
| How to Find Help for PowerShell Commands |
|
| Tips and Tricks |
|
| Use Examples |
|
| Frequently Asked Questions |
|
| What is the Issue? |
|
| Overview of the Solution |
|
| Requirements and Exceptions |
|
| How to Issue a New Certificate Using Your Own CA |
|
| Let the New Certificate Percolate Through the System |
|
| Commit the New Sub-Authority Certificate |
|
| Testing for and Verifying the New Certificate |
|
| Reporting Errors |
|
| Obtaining Support |
|
| Asset Inventory Overview |
|
| Asset Scan Requirements |
|
| Asset Scans are Performed as Background Tasks |
|
| Creating a New Asset Scan Template |
|
| How to Initiate an Asset Scan |
|
| Scheduling Asset Scans |
|
| Monitoring an Asset Scan |
|
| Monitoring a Scheduled Asset Scan |
|
| Viewing Asset Scan Results |
|
| Power Management Overview |
|
| Power Management Requirements |
|
| Creating and Editing a Power State Template |
|
| How to Initiate Power Management Tasks |
|
| Scheduling Power Tasks |
|
| Sleep and Hibernation Implementation Notes |
|
| Wake-on-LAN Implementation Notes |
|
| Shutdown Implementation Notes |
|
| Restart Implementation Notes |
|
| Monitoring a Power Task |
|
| Monitoring a Scheduled Power Task |
|
| Initiating and Monitoring a Power Status Scan |
|
| Viewing Power Status Scan Results |
|
| Using Patch Deployments to Perform Power Tasks |
|