1. Support
  2. User Guides
  3. Goverlan Administration and Diagnostics

Goverlan Administration and Diagnostics

Getting Started

The Administration & Diagnostics module is a comprehensive Active Directory and device management solution.

Workstation Detection with fastConnect

Using Fastconnect To Query Logged In Workstations

Goverlan can detect the logged-in workstations of your users in real-time. To query the logged-in workstations of a user, double-click on the Logged-in Workstations icon. Once the logged-in workstations are displayed, you can also expand on any one of them and select the type of information needed. A set of features are also available through the context sensitive menu.

Tip:

If you need to work on the selected machine from within the Computers Tab View, select Set focus in Machines View from the right click menu and Goverlan will automatically open the Machines View and set the focus on that machine.

Prerequisites

The detection of logged-in workstations is not a native feature provided by Windows or Active Directory. Goverlan has a proprietary search engine which has been designed to work with the largest number of configurations possible. However, this feature has a set of prerequisites to function properly.

  • Goverlan Agents – Detection is done by querying specific information from proprietary data files generated by the Goverlan Agents. Therefore, you won’t be able to detect logged-in workstations until your machines are equipped with the Goverlan Agents.
  • User Roaming Profiles or the Goverlan Reach Server – Goverlan uses the roaming profile path of user accounts to store and querying proprietary data, if a Goverlan Reach Server is configured, it will automatically begin the logging of live user sessions.
  • DFS / Terminal Services Roaming Profiles – If your users are configured with a roaming profile which points to a DFS share or if your users are configured with a Terminal Services Profile path, you must enable DFS and Terminal Services detection in the Goverlan Settings.

If a users workstation is still not detected, you may need to implement a Goverlan Reach Server. The Goverlan Reach Server will provide a much higher detection rate.

Manually adding a computer to a user

If the automatic detection of logged-in computers cannot be used, you need to manually insert the assigned computer to a user account. To do so, select the Logged-in Workstations icon of a user, right click on the mouse and select Manually insert a computer to user… This feature can also be activated by pressing the [Insert] key from the keyboard.

Manually assign a computer to a user

Enter the computer name or IP address and click on OK. Goverlan automatically checks if the user is indeed logged-into the specified machine. If the user was not found to be logged-in on the specified machine, Goverlan displays a warning message.

Goverlan can remember user assigned computers so that it is automatically inserted the next time you double click on the Logged-in Workstations icon of the user. If you do not want Goverlan to remember the inserted computer object, disable the Remember this computer for this user option.

User Assigned Computers Cache

To view the assigned computer cache, click on the View / modify cache link.

Use the cache manager window to view and update the assigned computer cache. Note: Only one computer can be entered for a user.

NOTE:

The Machine Cache is stored in XML format in a file called GovUMACcache.dat located in the C:\Users\USERNAME\AppData\Roaming\Goverlan Inc directory of your profile.

Custom Actions

Custom Actions are a powerful and flexible option which allow you to extend the existing set of Goverlan features. It allows you to configure a set of reports, modify and execute actions in one package and execute it on one or more users or machines as needed. A custom action object can be configured to perform many highly customized tasks. For instance, you can configure a custom action to modify multiple registry settings, perform file operations or install MSI packages on a machine or a set of machines.

Why are Custom Actions Practical?

YOU CAN EXECUTE THEM ON MULTIPLE OBJECTS

Many features provided by Goverlan can only be executed on a single object at a time. A custom action is practical because it can be configured to perform advanced actions on multiple computers or users at one time.

Let’s use an example: Goverlan provides a Shutdown Computer task. You can execute a Shutdown action by selecting this task from the context sensitive menu of a Computer. However, the Shutdown feature can only be executed on one computer at a time. If you were to open the context sensitive menu of a selection which includes two or more computers, the Shutdown action is no longer available.

If you want to execute a Shutdown of multiple computers, simply create a Custom Action which executes a shutdown and select this custom action from the context sensitive menu for one or more computers which have been selected.

THEY CAN QUERY OR EXECUTE MULTIPLE ACTIONS AT ONCE

Custom Actions can be configured to perform many actions sequentially. You can also apply conditions to the actions. This allows you to create sophisticated action packages and make them readily available in the user interface.

YOU GAIN ACCESS TO THE FULL WMI REPOSITORY

A Custom Action provides access to the properties and methods of every WMI Class available in your local repository.

YOU GAIN ACCESS TO EVERY ACTIVE DIRECTORY ATTRIBUTE SET

A Custom Action provides access to every Active Directory attribute of a user, machine or group. If you often need to query an Active Directory attribute not displayed by the native Goverlan interface, simply configure it as a custom action.

YOU GAIN ACCESS TO REMOTE MACHINE’S REGISTRY VALUES AND FILE SYSTEM

A Custom Action can be configured to query and manage any registry key or value as well as file system objects.

Creating a Custom Action Object

A Custom Action can either be bound to users or computers. A Custom Actions list is available for each user and computer object. Adding a custom action to either a user or a computer makes the custom action object available to all users or computers under the Custom Actions category.

Name & Description

Name – Enter the name you want to assign to the custom action object. The name must be unique across all existing custom actions and cannot contain the following characters:   / : * ? ” < > |

Description – Enter a description for the custom action. The description entered in this field is used when generating custom action reports.

Category – Assign the Custom Action to a category for quicker organizing of actions.

Action Modules

A Custom Action must contain a least one Action Module.

Each action module defines a set of actions which can be used to report information, modify settings or execute tasks. Even though you can mix report, set and execute actions, it is rarely needed. Custom Actions are more commonly configured to either run reports, sets or to execute actions.

For more information about Action Modules, please refer to the Selecting Actions article of the Goverlan Automations feature.

NOTE:

You can also drag and drop any previously configured Action Module template to define your actions.

Report Output Format

If you have configured one or more report actions, use the Display any configured report items in option to specify the desired output format.

  • HTML – Data Sheet

    Generate a report in HTML format. This model generates a data card for each child object contained in the report. For instance, if you select to report information on the local drives, each drive with its information is presented in its own section.

  • HTML – Report

    Generate a report in HTML format. This model presents the information in a table format. The selected information attributes are set as columns and each row contains the information for a object. Since all objects are inserted into a single table, this format is perfect for side by side comparisons of attribute values.

  • Text

    Generates a report in text format and outputs it to a single text file. This format is convenient if you need to send the entire report by email.

  • Open with Microsoft Excel (only available if you have Microsoft Excel installed on your machine).

Once you have configured the custom action, click on the OK button. The new custom action is then accessible under the Custom Actions list of every respective user or computer.

Executing a Custom Action on multiple objects

You can run a custom action on a set of users or machines in both the main views and from the Search Panel result list. Simply select multiple objects from the view using the [CTRL] or [SHIFT] key, right click on the mouse and use the Custom Actions… sub menu.

Sharing Custom Actions

Once all Goverlan Consoles are pointing to the same Database,  you can share your custom action to make them available to other Goverlan users on your network.

External Controls

The External Controls feature allows you to extend Goverlan’s functionality by adding links to external programs within Goverlan’s interface. An External Control is a link to any program or script which accepts a command line argument string containing a machine name, a user name, or both. External Controls can be configured for users or for computers. Once created, the external control is accessible for every object within Goverlan by simply expanding the External Controls node.

Adding an External Control

Goverlan comes with a set of default External Controls such as the Event Viewer and the Microsoft System Information. However, you can add as many controls as you want.

  1. Open the User object view to add a User-bound External Control or the Computer object view to add a Computer-bound External Control.
  2. Expand any object by double-clicking on it.
  3. Right-click on the External Controls node and select Manage External Controls, then press   http://assets.goverlan.com/userguide_img/Goverlan%20Object%20Manager/2015-07-14_11-48-27.png
  4. Configure the external control properties.Let’s assume that you have a PowerShell script cmdlet: get-process which lists processes on a given computer.
    This script accepts a machine account name as input using the argument string:  -computername
  • Enter the display name for this control.
  • Specify the full path of the external program or script without the argument string.
  • If the external program outputs information at the console, check the This is a Console program option. If the external program displays a user interface or has no output, remove this check.
  • Enter the argument string for this control as you would when executing the application on a command line prompt. However, substitute any domain name, username, and machine name with %D, %U and %M, respectively.
    In this example, we enter get-process -computername %M
    Review the Argument String Preview window to confirm that the resulting command line is as desired.
  • Click on OK.

Sharing External Controls

Once all Goverlan Consoles have been pointed to the same Database, you can share your external control to make them available to other Goverlan users on your network.

The Goverlan Command Line Utility

The Goverlan Command Line utility is used to perform remote administration tasks at the command line. The GovCmdLine utility has an extensive set of parameters which allow you to configure virtually every action that a Goverlan Scope Action is capable of doing. In other words, you can perform any task that Goverlan has to offer at the command prompt and in scripts.

Where can I find the utility?

This utility is called GovCmdLine.exe and is located in the installation directory of Goverlan (i.e.: C:\Program Files\Goverlan Reach Console 9). To use it, open a command prompt and navigate to the Goverlan installation directory.

The GovCmdLine utility can be moved to another directory. However, if you do so, the following applies:

  • The utility has a set of external dependencies which are: GovBase.dll, GovBaseUI.dll, GovCmn.dll, GovTalkClt.dll, GovUIExt.dll and GovCmdLine.ini.
    If you want the utility to have the capability to update or install the Goverlan Agents on a target machine, the following agent files must be included as well:
    GovAppLog.dll, GovCPL.CPL, GoverRMS.exe, GovRMHook.dll, GovSrv.exe and psapi.dll.
  • Even if the GovCmdLine is a command line utility, it still requires a valid license registration like Goverlan.

Using GovCmdLine Help System

Before explaining the available command line parameters, it is better to understand the available help options so that you don’t have to refer to this help guide to use GovCmdLine. GovCmdLine includes a full help system which describes the parameters, provides examples, and can even list the available attributes, methods and method arguments of each object.

NOTE:

Whenever you type a command line which results in large text output, you can always append a ‘| MORE’ option at the end to have output in page mode. The output text is not displayed all at once but only one screen-size page at a time. In page mode, press the [ENTER] key to view the next line or the [SPACE] key to view the next page. Example: GovCmdLine /HELP | MORE displays the help documentation in page mode

.

To view a synopsis of all parameters, simply type GovCmdLine without any parameters. After the initial definition of the parameters, a help command section is included:

HELP COMMANDS:
GovCmdLine /HELP                        =>  Displays extended parameter and help definitions.
GovCmdLine /HELP:Alias                  =>  Displays the available attribute aliases.
GovCmdLine /HELP:Show(objectLocator)    =>  Displays the available attributes for an object.
GovCmdLine /HELP:ShowArg(methodLocator) =>  Displays the required arguments for a method.
GovCmdLine /HELP:Examples               =>  Displays examples.

Let’s define some of these help commands.

Using the /HELP:Alias parameter

The command line parameters are used to specify the object attributes to report, set, or to specify the methods to execute. The actual attribute and method names are directly derived from the Scope Action features. For example, the user object has a scope action root attribute named ‘User Principal Name’. If you were to request GovCmdLine to report this attribute for the user MYDOM\MYUSER, you would type the command line:

GovCmdLine -U:MYDOM\MYUSER -R:User Principal Name

NOTE:

The -U and -R flags are explained later.

Some scope action attribute names are quite long and typing their full length name at the command prompt is tedious. For this reason, you can create attribute and method aliases. An alias is a short name for an attribute name (aliases are explained later in this article). You can view the full list of configured aliases by using the /HELP:Alias flag.

Using the /HELP:Show(x) and /HELP:ShowArg(x) parameters

As mentioned earlier, object properties specified in the command line are directly derived from the Goverlan Scope Action feature. Since hundreds of properties and methods are available, it would be quite hard to remember them all. The /HELP:Show(x) and /HELP:ShowArg(x) flags can be used to browse the available properties and methods at the command line.

Use the Show(x) flag to display the available properties, child objects and methods of an object.
Use the ShowArg(x) flag to display the required parameters for an object method.

The only argument of the Show and ShowArg flag (that is ‘x’) is the full path of a parent object or method. There are three root objects in Goverlan: User, Computer, Group. These objects are always your starting point.

Typing: GovCmdLine /HELP:Show(User) displays the available properties and methods for the user object.
Typing: GovCmdLine /HELP:Show(Computer) displays the available properties and methods for the computer object.
Typing: GovCmdLine /HELP:Show(Group) displays the available properties and methods for the group object.

The Show flag displays information in four categories: Attribute Sets, Attributes (read only), Attributes (read/write), Methods. Each entry that is displayed can be used in a command line parameter.

To view the available properties of a child object, type the full path of the child object including its parent. For instance, the User root object has a child object called ‘Logged-in Computers’. To view the properties of this type, you would type GovCmdLine /HELP:Show(user.logged-in computers). An object path may include as many child objects as needed.

Figure A  http://assets.goverlan.com/userguide_img/images/cmd%20util%20-%20figure%20A.png

The ShowArg flag is used to view the expected arguments of the specified method. Since a method call requires all arguments to be specified in its defined order, you will find this help flag useful. For example, the computer root object has a method called ‘Set RMC Client Settings’. To view the expected arguments for this method, you would type: GovCmdLine /HELP:ShowArg(Computer.Set RMC Client Settings). The result is displayed in Figure A.

Now that you have a better idea of how to use the help system, let’s look at the actual execution flags.

GovCmdLine Execution Flags

For an execution, the GovCmdLine requires at least two pieces of information: a target and an action.

Defining the target

Use the {-U:|-M:|-G:}AccountName flags to specify a target, where -U: is to target a user, -M: is to target a machine, -G: is to target a group. Then specify the name of the target after the comma.

Examples:

  • GovCmdLine -U:ORION\JDoe                      … targets the user account for John Doe on domain ORION.
  • GovCmdLine -U:\\SOMEMAC\Administrator  … targets the local user account Administrator on machine SOMEMAC.
  • GovCmdLine -M:ORION\SOMEMAC              … targets the computer SOMEMAC on domain ORION.
  • GovCmdLine -M:213.125.41.13                   … targets the computer with IP address 231.125.41.13
  • GovCmdLine -G:ORION\Schema Admins      … targets the group Schema Admins in the domain ORION.
  • GovCmdLine -G:\\SOMEMAC\Administrators … targets the local group Administrators on machine SOMEMAC.

Defining Report Actions

Use the -R:A1,A2,…,Ai flag to define reporting actions. To specify multiple attributes, separate them with a comma. The available attributes depend on the object type of the target (see Using the /HELP:Show). An attribute can also be substituted by its alias if it has been configured.

For example, the Computer root object has an attribute set named ‘Memory Information’ (see Figure A). To report on the memory information of target SOMEMAC, you would type:
GovCmdLine -M:SOMEMAC -R:Memory Information

The Computer object also has a child object: Shares, which has the attribute set: Share Information. To report the memory information and the shares information of target SOMEMAC, you would type:
GovCmdLine -M:SOMEMAC -R:Memory Information,Shares.Share Information

Defining Set Actions

Use the -S:Atr1(val1),Atr2(val2),…,Atri(vali) flag to define set actions. To modify multiple attributes, separate them with a comma. The available write attributes depend on the object type of the target (see Using the /HELP:Show). An attribute can also be substituted by its alias if it has been configured (see Working with Aliases).

For example, the User root object has a writable attribute set named ‘Password’. To change the password of the domain user account ORION\JDoe, you would type:
GovCmdLine -U:ORION\JDoe -S:Password(userNewPassword)

To change the password of the domain user account ORION\JDoe, and set this new password as expired, you would type:
GovCmdLine -U:ORION\JDoe -S:Password(userNewPassword),Password Expired(TRUE)

NOTE:

When entering the value of a boolean value, you can either use the strings {TRUE|FALSE} or {0|1}

To change the password of the local user account JDoe on machine JDMACNAME you would type:
GovCmdLine -U:\\JDMACNAME\JDoe -S:Password(userNewPassword)

Defining Execute Actions

Use the -E:M1(a1,a2,…),M2(a1,a2,…),…,Mi(a1,a2,…) flag to define execute actions. To execute multiple actions, separate them with a comma. The available methods depend on the object type of the target (see Using the /HELP:Show and /HELP:ShowArg). A method name can also be substituted by its alias if it has been configured (see Working with Aliases).

A method may have 0 or more arguments. For instance, the computer object includes the ‘Install / Update Agents’ method. This method doesn’t require any arguments. Therefore, you would call it by typing:
GovCmdLine -M:SOMEMAC -E:Install / Update Agents() or simply GovCmdLine -M:SOMEMAC -E:Install / Update Agents

The computer object also has a method named ‘Add New Local User’ which requires 8 arguments. To create a local user account you would type:
GovCmdLine -M:SOMEMAC -E:Add New Local User(jdoe,John Doe,some user,jdpassword,TRUE,FALSE,TRUE,FALSE)

NOTE:

To view the arguments definition of this method, you would type: /HELP:ShowArg(Computer.Add New Local User).

Defining Actions using a Definition File

The -R, -S and -E flags provide a lot of flexibility and are straight forward to use. However, configuring a command line parameter for sophisticated actions would be tedious. When you need to execute complicated actions (such as selecting WMI objects), it is best to define them in a Scope Action or Custom Action first, then use the definition flag in a parameter.

Use the -F:aDefFile flag to have the utility use a external action definition file, where ‘aDefFile’ is the file name or full path of either a Scope Action definition file (.gsa) or a Custom Action definition file (.gca). If you do not specify a path, the Application Data directory as defined in the Options is used.

Use the Goverlan Management Console to create either a custom action object or a scope action object with the desired actions (for a scope action, insert a dummy target object). Then execute the configured actions using the GovCmdLine utility by using the -F: flag.

NOTE:

Another advantage of using a scope action or custom action definition file is that you can configure conditions as well.

For example, if you have a scope action named ‘Hardware Inventory’ which is configured to report all hardware information of a machine, you would type:
GovCmdLine -M:SOMEMAC -F:Hardware Inventory.gsa

If you have a custom action named ‘Apply Reg Hotfix2332’ which is configured to import a registry file onto a machine, you would type:
GovCmdLine -M:SOMEMAC -F:Apply Reg Hotfix2332.gca

NOTE:

You can copy a custom action definition file or scope action definition file from its default directory to any directory you wish. In which case, the -F: value should have the full path and name of the definition file. To open the default scope action definition directory, right click within the scope action view and select Open Scope Actions Directory. To open the default custom action definition directory, select any custom action, right click on the mouse and select Open Custom Actions Directory from the menu.

Working with Aliases

The attribute and method names specified using the -R, -S and -E flags can be lengthy and tedious to write. The GovCmdLine utility allows you to configure aliases for attributes and method names which can then be used in as parameters. This is done by editing the GovCmdLine.ini file which is located under the same directory as the GovCmdLine.exe program. If the GovCmdLine.ini file doesn’t exist, you can create a new one as long as you respect the format.

The GovCmdLine.ini file has two categories: OPTIONS and ALIASES. We will explain the OPTIONS category later. Here is an example of the ALIASES category:

###########################################
# ALIASES CATEGORY
#
ALIASES:
Lock = Lock Workstation
ActInfo = All User Account Information
mActInfo = All Computer Account Information
AgentsInstall = Goverlan Agents.Install / Update Agents
usrMachine = Logged-in Computers.NT Account Name,Logged-in Computers.Computer Account Information.Location

The aliases category must start with the line ‘ALIASES:’. Every subsequent line is treated as an alias entry, except for comment lines which start with a ‘#’. An alias entry is defined with the format: ALIAS = ACTION_NAMES, where ALIAS is the short name which maps to one or more attributes as defined in ACTION_NAMES.

The ACTION_NAMES part must respect the following rules:

  • You can enter any type of property: Attribute, Attribute Set, Child Object and Methods are all valid as long as the string is identical to the one you type at the command line.
  • Entering multiple values for a single attribute is done with commas separating each value. Note: All attributes must be of the same type. You cannot mix Report attributes with Set or Execute attributes.
  • When specifying a set or execute attribute, you can also enter the arguments. For instance, you can configure the actions: Set user password to ‘welcome’ and expire the password with the alias: usrResetPwd = Password(welcome),Password Expired(1)   You would then type the command line: GovCmdLine -U:DOM\USR -S:usrResetPwd . If you do not specify the arguments in the alias definition, then you must enter them at the command line.

Example

GovCmdLine -U:ORION\JDOE -R:Logged-in Computers.NT Account Name,Logged-in Computers.Computer Account Information.Location
Reports a user’s logged-in machine information (name and location).

If you create the alias: usrMachine = Logged-in Computers.NT Account Name,Logged-in Computers.Computer Account Information.Location, the command line then becomes:
GovCmdLine -U:ORION\JDOE -R:usrMachine

Use the -O:o1=v1,o2=v2,…,oi=vi flag to set miscellaneous options as described below:

OPTION VALUES DESCRIPTION
AUTOINSTALL {0|1} TRUE : Automatically installs the Goverlan Agents if they are required to complete the configured actions and if the remote machine is not equipped with them.

FALSE : Do not automatically install the Goverlan Agents. If they are required to complete the configured actions and the remote machine is not equipped with them, the call fails.

Default value: As configured in the Goverlan Management Console or as configured in the GovCmdLine.ini file.

AUTOUPDATE {0|1} TRUE : Automatically updates the Goverlan Agents if they are required to complete the configured actions and if the remote machine is equipped with a different version.

FALSE : Do not automatically update the Goverlan Agents. If they are required to complete the configured actions and the remote machine is equipped with a different version, the call fails.

Default value: As configured in the Goverlan Management Console or as configured in the GovCmdLine.ini file.

OUTPUT {XML|TEXT|TEXT_UNDECORATED} Specifies the desired output format if one or more report actions have been configured.

XML  > The report is displayed as XML fragments.
TEXT > The report is displayed as text in a friendly format. Each line is formatted as NAME: VALUE

For instance:

Name: John
LastName: Doe
Location: New York

TEXT_UNDECORATED > The report is displayed as text in a raw format. Only the values are displayed. This format may be easier to use in scripts.

For instance:

John
Doe
New York

Default value: TEXT

To specify the options, use the -O:optionName=value format. For instance, the command line:
GovCmdLine -U:ORION\JDOE -R:usrInfo -O:AUTOINSTALL=1,OUTPUT=XML requests the Goverlan Agents to be automatically installed if needed and to report the information in XML.

You can modify the default values for each option in the GovCmdLine.ini file in the OPTION CATEGORY. Enter each option on a single line in the format: ‘OPTION_NAME = OPTION_VALUE’

 

Active Directory Administration

AD Account Administration

Creating Accounts & Groups

You can create an organizational unit, a user, machine or group account from within the Network Browser panel or from within the object view currently opened.

  1. Click on the Add New button in the Controls Bar and select the account type to create. Note: If you are in the Object View, you can only create an object of the view type selected.C:\Users\vcruz\AppData\Local\Temp\SNAGHTMLe0ea55b.PNG
  2. The  New Object Wizard starts to prompt you for the object information. Go through the wizard and enter the necessary information to create the new object.

Moving Objects

You can move any type of Active Directory objects, including entire OUs.

  1. Select one or more objects from the view (to select multiple objects, use theCtrl or Shift keys).
  2. Right-click on the mouse and select the Move… command.
  3. Select the destination container and click on OK.

Renaming Objects

IN THE NETWORK BROWSER VIEW

To rename or change the description of an organizational unit, select it and single click within the field to be edited or press the F2 key. This activates in-place editing of the field. Change the string within the field and press the Enter key or click outside of the edit field to validate the change.

IN THE NETWORK BROWSER VIEW

To rename an account or modify its information, select it and single click within the field to be edited or press the F2 key. This activates in-place editing of the field. Change the string within the field and press the Enter key or click outside of the edit field to validate the change. You can also right click on the mouse and select Rename or Edit from the context sensitive menu.

NOTE:

You can also rename computer accounts – see: System Information.

Deleting Objects

  1. Select one or more objects from the view (to select multiple objects, use the Ctrl or Shift keys).
  2. Right-click on the mouse and select the Delete command.
  3. Click on OK.

Modifying Account Settings

You can modify the settings of user accounts, machine accounts and groups. This can only be done from within the Object View.

USER ACCOUNT SETTINGS

In the Users View, right-click on a user object and select Account Information, or double click on the object, then double click on Account Information.

See: User Properties

COMPUTER ACCOUNT SETTINGS

In the Computers View, right-click on a computer object and select Account Information, or open the System Information window of the computer and click on the view domain account properties link under the Network Settingscategory.

See: Account Information

GROUP ACCOUNT SETTINGS

In the Groups View, double click on a group object to open its account information window.

See: Group Management Overview

Managing Domain Account Policy

Goverlan provides a way to view and modify domain password policies.

To open the Domain Policy window of a domain, click on the account policy button of the Controls Bar. In the Network Browser, you can also right click on a domain item and select View Domain Account Policy.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTMLe1123b9.PNG

The available policy sets are:

 

  1. Account Password Policy(determines settings for passwords such as enforcement and lifetimes)
  2. Account Lockout Policy(determines when and for whom an account will be locked out of the system)

To modify a policy setting, click on its value in the right column. Remember that the changes will apply to all accounts in the domain.

Searching Active Directory

Searching and Selecting Objects

When a remote user has a problem or a remote machine needs attention, you need to work on them as soon as possible. Goverlan has been designed to easily and quickly access and administer any object through its search tools.

Searching for Objects

The Search panel allows you to search Active Directory objects of any type, including containers.

Quick Search

To search for objects using a single search string, select the Search For option, enter the string to search for, modify the scope of the search if necessary, then click on the Search button.

  • Enter an IP address to resolve it to a name.
  • Enter a single string to search for objects whose name (common name, display name or Pre-Win2k name) includes it.
    For instance:
    SearchString   >   Starts with SearchString
    *SearchString  >   Contains or ends with SearchString
    Search*String  >   Starts with Search and contains or ends with String

ADVANCED FORMATS

You can specify an Active Directory attribute to search using the format:  ATTRIBUTE NAME = SearchString

The following attributes are available: First name / Last name / Description /Office / Title / Department / Company / Division / Manager / Telephone number /Telephone – home / Telephone – pager / Telephone – mobile / Fax / Telephone – IP / Email / Address – Street / Address – City / Address – State / Address – Zip /Address – Country / Home directory / Profile path / Employee ID / Employee number / Employee type / DNS Name / Location / Managed by / Operating system / Operating system version

Examples:

  • Description = *Test Object*     > returns all objects whose Description includes ‘Test Object’
  • Operating System = *Vista*    > returns all Vista machines
  • Profile path = *SRV_012*        > returns all user accounts whose profile path points to SRV_012

Search using Templates

You can also pre-configure search templates which can be used at any time. Search templates are more powerful than a simple search as they allow you to specify extended search criteria.

ADD, REMOVE OR MODIFY A SEARCH TEMPLATE

Click the arrow down button  http://assets.goverlan.com/userguide_img/2015-09-14_16-16-41.png  to the right of the Search box and select Manage search templates at the bottom of the list. The Search Template Manager will open, giving you ther ability to manage your templates. The following is an example on how to create a user search template which returns all users in the Legal department.

    • Click on the Add button of the Template section and click on User Template.
    • Enter a template name, for instance ‘Marketing’
    • Click on the Add button of the Criteria section.
    • Select the Department attribute, set the Condition to Is (Exactly) and the value to ‘Marketing’. Click on OK.
    • Click on OK.
TIP:

You can add the same attribute multiple times. For instance, you can configure the criteria to be ‘Department : Starts With : Le’  and ‘Department : Ends With : al’.

Working with Search Results

Once a search is executed, the Objects Found section lists the resulting objects. You can simply select any object from this set and click on the Set Focus button to have Goverlan open the object’s parent container and set the focus on the selected object.

The Objects Found list also allows you to perform miscellaneous administrative tasks using the context sensitive menu. Select one or more objects in the Objects Found list, right click on the mouse and select from the available tasks in the menu.

NOTE:

When selecting multiple objects, selecting objects of the same type will result in a greater set of available tasks.

Managing Multiple Domains or Forests

ACTIVE DIRECTORY FOREST SELECTION MANAGER

Opening the Forest Selection Manager

To open the Forest Selection Manager, open the Controls Bar and select the Active Directory Forest Manager from the menu, or click on the Active Directory Forest Selector button located on the top right corner of the ribbon bar and select Add / Remove Forest.

Configuring an Active Directory Forest

When you start Goverlan, it automatically detects and displays the Active Directory domains available on your network. However, in some cases, active directory information cannot be queried. For instance, if you start Goverlan from a computer which does not belong to an active directory domain. In this case, you need to configure a global catalog server to be used by Goverlan to query Active Directory Information.

  1. Open the Forest Selection Manager.
  2. Click on the Add button.
  3. Enter the name or IP address of a Global Catalog server which belongs to the forest and press the Enter key. Goverlan automatically queries this server and displays the name of the root domain.
    – Make sure you enter a Global Catalog Server. Not all LDAP servers are Global Catalog servers. Even though Goverlan will accept a standard LDAP server, it will not be able to display all Active Directory information. If you are unsure about which LDAP server is a Global Catalog server, ask your Active Directory Administrator.- An Active Directory Forest may have more than one Global Catalog Server. You should choose the one which is closest to you for better performance.
  4. If prompted, enter the credentials to use in order to connect to the global catalog server. You should enter an account which holds sufficient privileges to at least query active directory information.
  5. Close the Forest Selection Manager.

You now need to set the focus to the configured Active Directory Forest. Click on the Active Directory Forest Selector toolbar and select the newly configured forest. You only need to do this once.

Working in a Multi-Forest Environment

Goverlan supports Active Directory multi-forest environments. If your computer is on a network which has more than one Active Directory forest, you need to configure Goverlan so that all forests can be detected and displayed within the interface.

  1. Open the Forest Selection Manager.
  2. Click on the Add button and enter the name or IP address of a Global Catalog server which belongs to the forest to be added and press the Enter key. Goverlan automatically queries this server and displays the name of the root domain.
  3. If prompted, enter the credentials to use in order to connect to the global catalog server. You should enter an account which holds sufficient privileges to at least query active directory information.
  4. Repeat step 2 for each Forest to be added.
  5. Close the Forest Selection Manager.

Once you have configured the forests in the Forest Manager, use the Active Directory Forest Selector menu to switch from one Forest to another. Please note that switching to a new forest will reset all views.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTMLe1771dc.PNG

What is Server-less Binding?

Server-less binding is the act of querying Active Directory without specifying a server. If no server is specified, the registered Active Directory provider of your machine automatically selects a global catalog server from the forest your machine belongs to. This is the default behavior Goverlan adopts.

Once you have configured one or more forests, the Forest Selector toolbar automatically displays the << serverless binding>> entry. Select this entry to resume the original Goverlan behavior.

NOTE:

Server-less binding will not work if your machine doesn’t belong to an active directory domain.

Navigating A&D

The Admin and Diagnostics UI

Getting Around The Administration & Diagnostics Module

Goverlan has a flexible user interface organized into sections and panels which you can easily re-arrange according to your needs. The interface will also adjust to your current feature selection so that only the relevant commands are displayed at any time, allowing for an uncluttered interface.

The Controls Bar

The Controls Bar displays the available actions for the current module. The available tabs and buttons change based on the currently focused view.
You can configure the Controls Bar to automatically minimize itself by clicking on the Show/Hide Controls Bar button or by double-clicking on any tab. See The Control Bar for further details.

The Application button

Access Production Information, General Settings, the Goverlan Agent Manager, Credential Manager, Objects, Updates, and more from this area.

Goverlan Tools

Goverlan offers a set of tools which can be started independently from the main program. Single-click on a sub-feature to start it.

Task Manager – Open the Goverlan Task Manager to monitor and control the running processes and performance counters on a local or remote machine.

Run As – Start a program on a remote machine.

Remote CMD – Open a Remote CMD window on a local or remote machine.

File Manager – Manage/Transfer files to/from the remote machine.

IP Scanner – Scan an IP segment for machines.

WMI Explorer – Explore the WMI backend of a remote machine.

Send Message – Send a popup message to a single or set of machines.

Chat – Open a chat session with a single or set of machines.

Search Panel

The Search panel is the quickest way to access the remote administration features available for a user, machine or group. For more information about the Search panel, see Searching Active Directory.

Console Window

The Console window displays information, warning and error messages as you are working with Goverlan.

The Controls Bar

The Controls Bar displays the available actions for the current contents. The available tabs and buttons change based on the currently focused view.
You can configure the Controls Bar to automatically minimize itself by clicking on the Show/Hide Controls Bar button or by double-clicking on any tab.

Color Styles & Font Size

You can change the color style for the interface by accessing the Color Theme(Light/Dark) options in the Product Information area, accessible via the Application button. To change the font size, hold the CTRL key + mouse scroll.

Refreshing Information

Refreshing Lists

Goverlan displays a large set of information, a list of objects and data on these objects. To increase performance and reduce network load, object lists are cached into memory, queried from a domain controller once, and then extracted from memory.

The cached object lists are:

  • The domain list as well as the Active Directory container hierarchy
  • The user, computer and group lists of opened containers and domains.

You may need to reload an object list in order to see changes which occurred in the list since it was initially loaded. To reload an object list, click on the  button in the Ribbon Bar. Only the currently focused object list is reloaded. For instance, if the Network Browser Panel is displayed, then the domain list and the Active Directory container hierarchy are reloaded. Similarly, if the user list of a container is displayed, only this list is reloaded.

Refreshing Information

The object views display live real-time information about the objects in view. Every time you open a toolset, it is queried over the network and reported in Goverlan.

You can refresh a specific set of information by closing/reopening the tool set. You can also refresh all currently visible information sets in the tree by pressing the F5 key on your keyboard, even though they are live.

Reporting

With Goverlan, you can easily report information on any object: computers, users & groups. You can also report on the contents of each object view. Any report created is automatically saved to a temporary text file and displayed in your default text editor. Depending on the information window you are in, you will find a reporting action with a Report Button    or a Report Information link.

To report on the list of users, machines, or groups for a specific container, open the container for the desired object type, then click on the    button in the Ribbon Bar.

The Network Browser

USING THE NETWORK BROWSER

The Administration & Diagnostics interface allows for easy and quick access to any user, computer or group object from an Active Directory domain on your Internal Network, as well External Devices that are outside of our network. You can also use this feature to administer computers which do not belong to any domain using the Favorites container.

Once you select the Administration & Diagnostics feature the first time, you are presented with three tabs at the bottom of the window, each showing the Network Browser. Each tab represents an object type: Users, Computers and Groups. You can simultaneously administer users, computers and groups from three different parent containers.

Network Browser Panel

All Active Directory domains are accessible from the browser under the Internal Network area. If more than one Active Directory Forest exists in your infrastructure, you can make them accessible from within Goverlan by using the Active Directory Forest Selection feature.

All devices that are connected to your Goverlan Reach Gateway are accessible via the External Devices area. In addition, the Network Browser panel for the Computers tab includes a Favorites Container which allows you to create your own hierarchy of folders of machines. This is useful if you have a workgroup and need to administer it.

  • To browse through the Active Directory structure, simply double click on the parent container to disclose its child containers.  Do this until the desired child domain, organizational unit or container is reached.
  • To open an Active Directory container, select it and either click on the Selection Activator or right click on the mouse and select Open Container from the popup menu. If you double click on a leaf container, that is a container which doesn’t have sub-containers below it, Goverlan automatically opens it.

Viewing Objects in a Container

Once you open a container, the Network Browser panel collapses to show the Object View. The Object View contains all of the objects of the selected type within the selected container. To set the Object View’s focus on a new container, click again on the Selection Activator to expand the Network Browser panel allowing you to make a new container selection.

If you open a container and do not see any objects within it, make sure that you have selected the correct parent container and the appropriate object type tab (Users, Computers or Groups). If you still cannot find the object expected, use the Search panel > Set Object Focus feature.

Filtering a Container

Use Container Filters to customize the objects show in a container. Different Container Filters can be created for the same container but for different object types.

Goverlan Settings

To open the Settings window, click the Application button in the upper left hand of the Goverlan UI > General Settings.

Database Settings

Configure the SUREDATA database settings with these options.

Database Type – Specify the database type. SQLITE or SQL Server.

Database Name – The name of the database.

Folder Path (SQLITE) – The path to the SQLITE database file.

SQL Server Name Instance (SQL Server)– The name and SQL Instance for the server.

Authentication (SQL Server) – Choose the authentication type. Windows or SQL authentication.

See  SUREDATA Configuration for more information.

Validate System Name before connecting  – Before connecting to the machine, Goverlan validates the provided System Name against Agent to confirm that you are connecting to the correct machine.

Note: Disable this option if you use DNS CNAME Aliases.

Always test connectivity before connecting to a machine– Goverlan always sends a ping to a remote machine before attempting to connect to it. If the ping is not answered, the remote machine is considered unreachable. This paradigm is implemented to avoid waiting for the configured network timeout which is usually lengthy. The Allow For Network Latency Up To value is the number of milli-seconds Goverlan waits for a ping answer before assuming the remote machine is unreachable.

Note: If your firewall infrastructure doesn’t allow pings, you need to turn this option off.

Resolve IP addresses to NetBIOS names –  Enable to have Goverlan automatically resolve an IP address to a NetBIOS name when appropriate. Disable to prevent Goverlan from resolving IP addresses.

Convert computer names to DNS names –  Enable to have Goverlan automatically convert a computer name to its DNS name. This feature may use reverse name resolution. Disable this option if some machine names are resolved to incorrect DNS names.

Alternate Credentials

Goverlan can automatically prompt you for alternate credentials if you are undertaking an action with a user account which doesn’t hold enough privileges to complete it. To enable this feature, check Automatically prompt for alternate credentials.

You can use the Credential Manager to view, modify, add or delete alternate credentials.

For more information, see the Goverlan Credential Manager.

Goverlan Reach Server

The Goverlan Reach Server(GRS) settings section can be used to view the detection status of your Goverlan Reach Server. This section displays any detected Goverlan Reach Server and method of detection (DNS Zone or GPO).

Remember that a DNS SRV GRS configuration takes precedence over a GPO CGS configuration, so if both exists, you will not see the GPO configured servers, only the DNS configured server.

If neither a DNS nor GPO configuration is detected, Goverlan will allow you to manually enter a GRS configuration. This is allowed in the event you are using Goverlan outside of your primary DNS zone and wish to still connect to a GRS.

Refresh – Detects/Refreshes Goverlan Reach Server Configuration/Status.

Manually add a server – Gives you the ability to add a Goverlan Reach Server manually. Format: MY-GRS-SERVER.mycorp.com:PORT (Default Port is 22100). **Appears when a GRS is not detected.

Delete – Deletes any highlighted Goverlan Reach Server in the list.

Open Server Tester – Opens the Goverlan Reach Server Tester utility.

Reach Gateway Service

These are the Reach settings that will be pushed along with the installation of the Goverlan Client Agent upon installation via the Goverlan Console. These settings are usually handled by your Goverlan Reach Server, but can be configured manually if the Reach Gateway Policy is not configured.

Name of this Organization

Enter the name of your organization in this field (for instance ‘Corp XYZ, Inc.’). This name will be used during On-Demand Support Sessions to brand the package for the remote client. It will also be used as the default Reach container for corporate clients that are connected from outside of your private network.

Public Facing Reach Address

Enter the Public DNS Name (or IP address if no DNS name has been configured) exposed to the public facing side of your network, as well as the port number to be used for communication.

It is strongly encouraged to associate an identity certificate to your Reach public facing address. See: Reach Security.

Private Facing Reach Address

Enter the FQDN or IP address of the local server, as well as the port number to be used for communication. This address will be used by Goverlan Operators within your network to communicate with the Reach Server.

NOTE:

For security reasons, Goverlan Operators can only use Reach Services when connected on the same network as the Private Facing Reach Address.

Reach Client Agents

Configure the behavior to adopt when Goverlan establishes a connection to a remote machine which is not equipped with the Goverlan Agents or is equipped with a different version of the Goverlan Agents. A different behavior can be configured for the Administration & Diagnostic feature and for the Scope Action feature.

Communication Port – Modify the TCP socket port used by Goverlan to communicate with the Goverlan Agents on a remote machine.

For more information, see Installing Goverlan Agents.

Intel vPro Settings

Use these settings if you have Intel vPro workstations on your network.

Some machines use TLS – Enable this setting if you are using TLS in your network but not all are configured to authenticate with TLS.

NOTE: These settings are not necessary if your organization has an Enterprise Certificate Authority system in place.

Trusted Root Certificate Authority – Use this setting to import a certificate to the Windows Certificate Store for use with Intel vPro workstations.

Remote Client Certificate – Import a PEM format certificate with optional password.

HTTP/SOCKS Proxy Settings – If you are behind a proxy and need to connect to Intel vPro workstations, supply the credentials here.

See Configuring Goverlan for Intel vPro for more information

Application Directories

These are the directories used by the Goverlan Application. Make sure that the configured directories are accessible and can be written into by Goverlan.

Application Data – Defines the directory used by Goverlan to store Application Data like Scope Actions.

Output Data – Defines the directory used by Goverlan to store output data files. For instance, this path is used as the default location to store Scope Action report and log files.

Temporary Data – Defines the directory used by Goverlan to store temporary data files.

Active Directory

Forest Manager – If Goverlan failed to detect your active directory forest or doesn’t detect an Active Directory forest that you need to administer, use the Forest Manager. In most cases, you do not need to use the Forest Manager. For more information, see Managing Multiple Domains and Forests.

Don’t look for NT Domains – Enable to prevent Goverlan from listing Windows NT domains. If you do not have Windows NT domains, enabling this option will increase the start time of Goverlan.

Don’t look for Active Directory – Enable to prevent Goverlan from listing Active Directory domains.

Sort Active Directory result sets – When you query the objects contained within an Active Directory container, they are returned in the order they were created. Enable this option to have the result set sorted before it is displayed.

NOTE:

For some network configurations, enabling sorting will result in failed attempts when listing objects in an active directory container. In such cases, disable this option.

Object Query Page Size – If your Active Directory Containers contain large number of objects, increase this value to speed-up opening these containers. This value should be set to about 1/10th of the total number of objects in the largest container of your domain.

Administration & Diagnostic

Enable DFS shares detection – Enable if your users are configured with a roaming profile path which points to a DFS share.

Enable Terminal Services Profile Paths – Enable if your users are configured with a Terminal Services roaming profile path.

Query and display OS information – When using the Computers view, Goverlan sends a small network call to all machines visible in the view to query its status and OS information (see Managing Computers – Overview). To prevent Goverlan from querying information on all visible computer objects, disable this option.

NOTE:

If you disable this option, the status and OS information of remote machines are not displayed.

Live Machine Status  – If enabled, machine dynamic information (Ping status, Logged in username) is reported live, removing the need to press the Refresh List button. If disabled, the F5 button can be used to refresh the live status of the machine.

Automatically update the Wake On LAN cache – Goverlan keeps a cache of all resolved MAC Addresses for an IP (see Power Options). In order to keep a more accurate Wake On LAN cache, Goverlan can automatically execute an IP to MAC address resolution for each computer visible in the Machines view.

To disable automatic Wake On LAN Cache updates, disable this option. Note: This option is automatically disabled if the Query and display OS informationoption is disabled.
To access and manage the Wake On LAN Cache, click on the Wake On LAN Cache Manager link.

Goverlan Object Selector

The Object Selector is used when one or more objects are required. For instance, when modifying the members of a group. It has a selector which contains a Network Browser Panel and an Object View.

Use the Network Browser Panel to navigate through Active Directory, and then click on the Selection Activator to display the objects of this container. The object type (users, machines or groups) to be displayed in the Object View can be selected using the Object Type Selector. You can also search for the object to be inserted using the available search option.

For Active Directory, you can choose to display only the objects of the currently selected container (do not check-off Show sub-tree objects) or the objects of the currently selected container and all of its child containers (check-off Show sub-tree objects).

You can also display all objects in the Active Directory Forest by selecting the Entire Directory root item in the Network Browser Panel.

Exporting and Importing Result Sets

  • To export a previously configured result set, click on the export button and save the result set into a file.
    Note: The export button is only visible once one or more objects are in the result window.
  • To import a previously saved result set, click on the import button and select the result set file.

User Management

User Properties

User Account Information

To view and modify the properties of a user account, double click on its icon or select it and press the [Ctrl]+[Enter] keys.

The Goverlan properties window can be used to view and modify the most common Active Directory attributes for a user object. If you need to view and manage an attribute not available from this window, click on the Native Property Window button to switch to the Users & Computers MMC Snap-in User property window.

To export the information into a file, click on the report button.

Managing User Group Memberships

Select the Groups tab to view and manage the user’s group memberships.

Viewing Effective Group Members

By default, the Groups tab displays the direct memberships of the user. To view the full set of effective memberships of a user, enable the Show Effective Memberships option. Once enabled, every direct and indirect membership of the user is listed, and the Effective Via column displays the inheritance path of the membership.

Modifying Memberships

  • Click on the Groups tab.
  • Use the Add (see Goverlan Object Selector) and Remove buttons to manage the group memberships. You can also use the import | exportbutton to export the group memberships to a file or import the information from a group memberships file.

    Tip:

     You can view the properties of a group by double clicking on it.tatistics tab displays useful information about the current status of a user’s account.

Viewing Account Statistics

The Statistics tab displays useful information about the current status of a user’s account.

Profile Statistics

If the user is configured with a roaming profile, this section displays the profile’s last write time stamp as well as the user profile directory size. This information is useful to troubleshoot user profile related problems. For instance, an unusually large profile size results in longer login and logout times.

Login Statistics

This section displays the Last Logon information as well as the Successful Logon Count and the Bad Logon Count of the user. The Last Logon information is independently kept by every domain controller in a domain. Consequently, querying a single domain controller may not represent the most current data.

To retrieve accurate Last Logon information, click on the Query other DCs button. You are then presented with the list of Domain Controllers available in the user domain. Select the domain controllers to be queried and click on the Query button.

Password Statistics

Use this section to retrieve password age information. The number of days since the last password change is displayed as well as the password expiration status. The password expiration status is based on the domain account password policies. For instance, if the domain account policy dictates that password expires every 30 days, and the user’s password is 25 days old, then the user’s password will expire in 5 days.

To view and modify the domain account policies, click on the View Domain Policy button (see AD Account Administration).

User Login History

The Login History tab displays the logged-in workstation history recorded by Goverlan.  This section displays the event information of the last 25This is the default value. It can be set to any number via a group policy object registered login events for that user.

For the User Login history feature to work, the following requirements apply:

  • The user’s account needs to be configured with a roaming profile.
    If some of your users or none of your users are configured with a roaming profile, you need to create a Goverlan Central Data Repository.
  • Your user’s machines must be equipped with the Goverlan Agents.
    Login History will build up over time as more Goverlan Agents are installed on your client machines (see Installing Goverlan Agents).

Once these requirements are met, an entry is recorded as soon as a user logs in and is updated once the user logs out.

 

 

 

Group Management

Managing Groups

In this section, you will learn how to administer group objects using the Goverlan Management Console. The Groups tab view allows you to query information and administer all groups.

Selecting a Group

To select a group object in Goverlan, do one of the following:

  1. Select the Administration & Diagnostic feature.
  2. Select the Groups tab as the object type.
  3. Select the parent domain or Active Directory container of the object and open it.

    or

  4. Use the Search Panel to find a group account (only available for Active Directory groups) and click on the Set Focus button.

Group Tabs View

The Groups tab view displays the list of groups which belong to the opened container. The parent container path is displayed at the top of the view in the Selection Activator bar (see General Navigation Information). To select a different container, click on the Selection Activator or select Administration >> Select Object Container from the main menu.

Tip:

If the Group container opened has a large number of objects and you do not need to view them all, you can apply an Active Directory Container Filter.

Tip:

To have Active Directory return the list of group objects sorted by name, enable the Sort Active Directory result sets in the Network Settings > Active Directory category of Goverlan Options.

Modifying Group Information

You can rename a group account or modify other editable group fields directly from this view. Select a group entry and single click within the field to be edited or press the F2 key. This activates in-place editing of the field. Change the value within the field and press the Enter key or click outside of the edit field to validate the change. You can also activate in-place editing of a field using the right click menu.

To create, delete or move domain groups, see Domain Account Administration.

Administering a Group

Double click on any of the group objects to open the Group Properties window. You can also right click on the mouse and access commands using the context sensitive menu.

Exporting the Group List

You can export the list of groups at any time by clicking on the   button of the ribbon bar. The list of group accounts contained within the focused container is exported to a text file.

Group Properties

To view and modify the properties of a group, double-click on its icon or select it and press the [Ctrl]+[Enter] keys.

The Goverlan properties window can be used to view/modify the most common Active Directory attributes for a group object as well as to manage group memberships. If you need to view/manage an attribute not available from this window, click on the Native Property Window button to switch to the Users & Computers MMC Snap-in Group property window.

To export the information to a file, click on the   button.

Group Members

Use the Members tab to view and manage the members of the group object. You can use the Add and Remove buttons to manage the group members. You can also use the import | export button to export the group members into a file, or import the information from a group members file.

To view extended information about any of the displayed members, double click on their respective icon.

Viewing Effective Group Members

By default, the Members tab displays the direct members of the group. However, if one or more members are groups themselves, other objects are members of this group by inheritance.

To view the full set of effective members of a group, enable the Show Effective Members option. Once enabled, every direct and indirect member of the group is listed, and the Effective Via column displays the inheritance path of the member.

Direct Members Only Show Effective Members

Computer Management

Managing Computers

In this section, you will learn how to administer and troubleshoot computer objects using the Goverlan Management Console. The Computers tab view allows you to query information, administer and troubleshoot all remote computers.

Selecting a Computer

  1. Select the Administration & Diagnostic feature.
  2. Select the Computers tab as the object type.
  3. Select the parent domain, Active Directory container of the object or the Favorites container and open it.
  4. Browse through the list of computer objects to find the desired computer.
    or
  5. Use the Search Panel to find a computer account (only available for Active Directory computer accounts) and click on the Set Focus button.

Computers Tab View

The Computers tab view displays the list of computers which belong to the opened container. The parent container path is displayed at the top of the view in the Selection Activator bar (see The Network Browser). To select a different container, click on the Selection Activator or select Administration >> Select Object Container from the main menu.

Tip:

 If the Computer container opened has a large number of objects and you do not need to view them all, you can apply an Active Directory Container Filter.

Tip:

To have Active Directory return the list of computer objects sorted by name, enable the Sort Active Directory result sets in the Network Settings > Active Directory category of Goverlan Settings.

Machine Type Icons

The machines tab view displays different icons depending on the operating system version and the machine type. Machine information is gathered and displayed only for visible machines within the current view. To refresh the status icon of a machine, click on the Refresh Machines button from the toolbar (see The Controls Bar.)

In order to gather operating system information, Goverlan places a network call to all of the machines currently visible in the view. Each network call doesn’t require a lot of network bandwidth. However, if you wish to disable this feature, you can do so in the Administration & Diagnostic > Computers View category under Goverlan Options.

Modifying Computer Information

You can modify computer fields (which can be edited) directly from this view. Select a computer entry and single click within the field to be edited or press the F2 key. This activates in-place editing of the field. Change the value within the field and press the Enter key or click outside of the edit field to validate the change.

To create, delete or move domain computer accounts, see Domain Account Administration.

Administering a Computer

 

 

 

 

Double click on any of the computer objects to disclose the set of available administration features. Double click on a computer action to execute it or to display a set of available sub-actions. You can also access additional administration features by using the context-sensitive menu. For instance, you can directly access multiple shares on a remote computer by using the Open menu.

NOTE:

You can select multiple objects simultaneous by using the [CTRL] and [SHIFT] keys. The context sensitive menu reflects the current selection. Make sure that when selecting multiple objects in the view, you only select objects of the same type. If you select objects of different types, you will not be able to use the context sensitive menu.

Extending the Remote Administration Feature Set

Goverlan offers a large set of features to administer machines remotely. However, you can extend this feature set either by compiling a set of custom actions into a package or by adding your own scripts or external programs.

External Controls

Below each computer object is an External Controls node. This node allows you to create shortcuts to external applications and scripts which accept a machine name or username as input parameters. Once configured, double click on it and Goverlan automatically sets the external tool’s focus to the currently selected object.

See: External Controls

Custom Actions

Below each computer object is a Custom Actions node. This node allows you to create sophisticated packages for reporting, modifying and executing actions. If you need to regularly query a specific set of data about a computer or to execute a series of tasks on it, simply create a Custom Action.

See: Custom Actions

Exporting the Computer List

You can export the list of computers at any time by clicking on the button of the Ribbon Bar. The list of computer accounts contained within the focused container is exported to a text file.

System Information

The System Information feature provides a wealth of OS and hardware information on a remote machine. It is also a portal to many powerful remote administration tasks such as modifying network settings, or joining a domain. To open the System Information window of a computer, select the computer object in either the Users view or the Computers view, expand it and double click on System Information.

System Overview

The System Overview is the first window displayed once you open the System Information feature.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTMLf070f4a.PNG

It displays an overview of the Operating System and computer hardware. Its contents are divided into multiple categories.

General Information

The top section of the Overview window displays extended Operating System information, computer make, model and serial number, BIOS information, and status information.

A Goverlan Agents area is available where Goverlan Agents information and controls are displayed. Use this area to manage the Goverlan Agents on the target machine.

To export all information contained in the Overview Window, click on the Export Information link.

Hardware Information

This section displays a summary of common hardware devices on the target machine. It includes summary information about the CPU, Memory, Video Adapters and Local Drives.

To view detailed information about these hardware devices and other hardware devices, click on the Detail Information link. The Hardware Information window can be used to view motherboard, board devices, bus devices, memory slots, system slots, CPU, connectors, video and drive information.

To open the Device Manager feature for this machine, click on the Device Manager link.

Network Settings

An overview of the target computer’s network settings including the account’s password age (A computer account’s password age is a useful piece of information) are displayed in this section.

For each workstation or server that is a member of a domain, there is a discrete communication channel with a domain controller known as the secure channel. The secure channel’s password is stored along with the computer account on all domain controllers. The default computer account password change period is every 30 days.

If a computer has been decommissioned, that computer will not change its password and its password age will increase. To create a list of computer accounts which are no longer used, you can create a query for computers with an exceptionally old password age, such as 60 days, or query all computer accounts with an expired password.

To view and modify the computer’s IP settings, to rename the computer’s name, or to have the computer join or un-join a domain or workgroup, click on the Modify Network Settings link.

If the computer belongs to a domain, you can view and modify the computer’s account settings by clicking on the view domain account properties link.

Login Events and Remote Control Session History Information

This section displays the logged-in user history recorded by Goverlan. It will show the last 5 user names who logged-into the computer. Note: In order for logged-in user history to be recorded, the Goverlan service must be installed and running on the audited machine.

Click on the View full event log to view the complete log.

The last 5 events of the Remote Control Session History log is also displayed in this section. The session history log contains audit information on the last remote control sessions initiated on the target machine.

Click on the View full event log to view the complete log.

Detailed Hardware Information

Click on the Detail Information link of the Hardware Information section to open the Detailed Hardware Information window.

This window displays a graph of available hardware information in sections. As you move your mouse cursor over the graphs, the available sections will be highlighted. Click on a section to view its hardware information.

Once a section has been selected, its hardware objects are displayed in the list on the left. Click on any of the items to view its properties on the right.

The available hardware sections are:

  • Video Information – Information about the video adapters, monitors and display settings of the focused machine.
  • Drive Information – Information about the local hard drives of the focused machine.
  • System Slots – Displays the detected expansion slots on the motherboard.
  • Connectors – Displays the detected connectors on the motherboard.
  • CPU – Displays detailed information about the installed CPU on the motherboard.
  • Memory – Displays the detected memory arrays, slots and installed memory on the motherboard.
  • Bus Devices – Displays the detected devices which are connected to the bus of the motherboard.

Modifying Network Settings

Click on the Modify Network Settings link of the Network Settings section to open the Network Settings window.

The Network Settings window displays the available network adapter connections configured on the client machine. From this window, you can disable/enable a network connection using the item’s context sensitive menu.

Renaming a Computer

You can rename a computer remotely using Goverlan. Doing so will require a reboot of the client machines.

  1. Click on the Rename computer link.
  2. Specify the new computer name and primary DNS Suffix.
  3. Check the Reboot computer now if you wish to have the computer rebooted after the rename operation.Warning: If you select not to reboot the computer, it may become unreachable after the renaming operation.
  4. Click on OK.

    You can also remotely change the domain or workgroup membership of a computer. This operation requires a reboot as well.

Join or Unjoin a Domain

  1. Click on the Join or Unjoin Domain link.
  2. Select if you want to join a domain or workgroup.
  3. Enter the name of the domain or workgroup.
    For a domain, you can click on the browse button to select a destination active directory container. If no container is selected, the default container is used.
  4. Check the Reboot computer now if you wish to have the computer rebooted after the join operation.
    Warning: If you select not to reboot the computer, it may become unreachable after the renaming operation.
  5. Click on OK.

Managing IP Settings

You can view and manage the IP settings of a network connection by double clicking on it in the Network Connection list.
The network connection property window is very similar to the native Windows Network Connection Properties window. It includes:

  • An Adapter tab which displays the network adapter hardware information.
  • An IP Settings tab which can be used to view and manage the IP and DNS settings of this connection.
  • A WINS tab which can be used to view the WINS settings (if any).
  • A DHCP tab which can be used to view the DHCP Leasing information (if any).

    The IP Settings tab can be used to change the IP and DNS settings of a network connection, even if it is currently being used by Goverlan to communicate with the target machine. If you change the IP settings of the connection currently used by Goverlan in order to connect to the remote machine, the machine will be temporarily unavailable.  Goverlan will wait and attempt to re-establish connectivity at regular intervals.

CHANGING IP / DNS SETTINGS

Since changing IP settings remotely is a delicate operation, the following considerations apply:

  • Change all IP and DNS settings at once before applying the changes.
  • If you need to change the primary IP address of a machine, make sure that you have connected to it using the machine DNS / NetBIOS name and NOT its IP address.
    If you have connected to the target machine via its IP address and subsequently change the IP address, Goverlan will not be able to reconnect to it.
  • Changing IP settings may involve DNS updates and synchronizations. After an IP setting change, the Goverlan Agents automatically force a DNS update for the machine. Additionally, Goverlan automatically clears the local DNS resolution cache in order to detect the most recent DNS resolution. However, in large environments, it might still take a while before the machine is reachable again via its DNS name.

Troubleshooting IP Settings Changes

If Goverlan waits to reconnect for an unreasonable time, you can press on the Escape key to abort it. What is failing at this stage is not that the IP settings weren’t applied, but that Goverlan couldn’t reconnect with the target machine.

  • If the IP address is known, ping the machine by its IP address
    If the ping failed, it may be that the IP settings specified were incorrect and the machine is no longer reachable.
  • Ping the machine by its DNS name
    Check that the IP DNS resolution is pointing to the correct IP address. If it still points to the old IP address, DNS synchronization and replication may not have happened yet, or, the remote machine failed to update the DNS with its new information. If the machine is pingable via its DNS name, simply refresh the object list in Goverlan and try to connect to the remote machine again.

Machine Account Properties

If the computer belongs to a domain, the view domain account properties link is displayed in the Network Settings section. The computer account property window allows you to view and configure the account’s information and group memberships.

If you need to view or modify an account property which is not displayed in the Goverlan property window, click on the Native Property Window button to open the MMC Users & Computer Snap-in account property window.

Logged-In User Information

Double-click on the Logged-in Users icon to display the users currently logged into the audited machine. Both the console user and user logged-in remotely via RDP are displayed by this feature.

  • To view a user’s account information, double click on the User icon to open the User Account Information window.
  • To log off the user, you can right click on the Logged-in Users icon and select Logoff the interactive user.
  • To reset a RDP user session, right-click on the user object and select Reset Session.

    Tip:

    To quickly access the user object in the Users View, you can use the logged-in user’s context sensitive menu and select Set focus in Users view (see figure above).

Windows Updates

The Windows Updates feature allows you to remotely query and manage the previously installed and available Windows updates on a remote machine.

Modifying Update Settings

Use the Update Settings section to apply the desired settings on the remote machine.

Querying Available Updates

  • Select the Available Updates tab.
  • Click on Reload to query the available updates which have already been detected or Click on Check For New Updates to have the remote machine connect to the internet and check for new updates. Note: Either method may take a while to complete. While processing, you can use Goverlan for other tasks.

Once the available updates are returned, you can export the data to a file by clicking on the Export Data link at the bottom of the list view.

The Available Updates list view includes a lot of information, most of which is not displayed by default. To show or hide information columns, right-click on the list view header and check or un-check the columns to display.

Downloading and Installing Updates

To download and install updates, select one or more entries from the list and click on:

  • Download Update to only download the selected updates. If the selected updates have already been downloaded, this button is disabled.
  • Install Selected to install the selected updates. If one or more updates have not been downloaded yet, this action downloads them first, then installs them.

NOTE:

Either method may take a while to complete. While processing, you can keep on using Goverlan for other tasks.

Troubleshooting Updates Installation

If you selected to install one or more updates and the operation failed:

  • Some updates require user input and cannot be installed remotely. The Available Updates view includes a Requires User Inputs column that you can use to exclude such updates.
  • Click on the View Windows Update Log link and explore its contents for additional error information.

Querying the Update History

  • Select the Update History tab

Once the update history is returned, you can export the data to a file by clicking on the Export Data link at the bottom of the list view.

Local Users and Groups

Use this feature to query and manage the local account database of a computer. Select the computer object in either the Users or Machines view, expand the computer icon and double click on Local Users and Groups.

To display detailed information about a particular user or group account, select it and click on the Properties button, or simply double click on an entry. You do not need to access the account properties window in order to modify the account name or description. Select an item and single click on the field to be modified (or press the F2 key) to activate in-place editing of this field.

  • To add a new account or to delete an existing one, click on the Add orRemove button.
  • To modify group memberships, open the Properties window of the group and use the Members tab.

Local and Mapped Drives

Double-click on the Drive Information icon to display and manage the local drive and drive mapping information of a computer.

Use the Task Panel on the left to execute a task. The available drive map tasks depend on the current selection. You can also use the context sensitive menu by right-clicking on an item in the drive maps list view.

Opening a drive

To open the drive map share, simply double click on it, or select the item and click on Open in the Task Panel. You can also right click on the mouse and select Open from the context sensitive menu. The Task Panel also includes an Open command for two special shares on the remote machine, the Open Root Share command which opens the system drive root share (i.e.: C$) and the Open Admin Share command which opens the administrative share: ADMIN$.

NOTE:

You can only open local drives if these have been shared.

Modifying a user’s network mappings

With Goverlan you can remotely manage all your users’ network drive mappings. You can modify existing drive maps, remove a drive map or even add a new network drive map remotely.

Adding a network drive map to a remote user

Click on Map network drive in the Task Panel to start the Add drive map Wizard. You can also activate the Add Connection window by pressing the [Insert] key of the keyboard.

  1. Select the drive letter to be connected.  The Drive selection box will reflect the current configuration of the user’s mapping. If you select a drive which is already mapped, it will be replaced with the new mapping.
  2. Enter the server name and share name to be mapped to in the Path field. If needed, enter the DOMAINNAME\Account and password in the respective fields. Check-off Reconnect at log-on if appropriate. Then click on Add Connection.

Removing a network drive map from a remote user

 

Select the drive map from the list and click on Disconnect network drive in the Task Panel, or, right click on the mouse and select Disconnect network drive from the context sensitive menu.

Setting a network drive map as Persistent or Non-Persistent

 

From the Task Panel, select the drive map from the list and click on Reconnect at logon or Do not reconnect at logon. Otherwise, from the context sensitive menu, right click on the mouse and select Reconnect at logon or Do not reconnect at logon.

User Selection Control

If you open the Drive Information window for a Terminal Services Server machine and more than one user session is currently active, you can use the User Selection Control to switch from one user session to another. Modifications to drive mappings only apply to the currently focused user.

Reporting Drive Information

To export the drive information to a text file, click on Report Information in the Task Panel.

Printers

Double-click on the Printers icon to display and manage the user and local printers on the audited machine. Goverlan can manage locally attached printers, local printer queues to TCP Network printers, single user printer connections and per-machine user printer connections.

Default printerUse the Task Panel on the left to execute a task. The available printer tasks depend on the current selection. You can also use the context sensitive menu by right-clicking on an item in the printer list view.

The user’s default printer is marked with the  http://assets.goverlan.com/userguide_img/printer%20default%20printer.png  icon. To change the default printer, select another printer queue and click on the Set as Default Printer link in the Task Panel, or, right-click on the mouse and select ‘Set as Default Printer’ from the context sensitive menu.

Printer Properties

  • To view the properties of a printer, select it and click on Properties in the Task Panel, or, right-click on the mouse and select Properties from the context sensitive menu.
  • To open a printer queue, double click on it, or, select it and click on See what’s printing in the Task Panel, or, right-click on the mouse and selectSee what’s printing from the context sensitive menu.

Adding / Removing Printers

Adding a Local Printer

  • Click on the Add a printer link in the Task Panel.
  • Select Local Printer Queue from the Add Wizard.
  • Follow the Add Printer Wizard to complete your operation.

Adding a TCP Network Printer

To add a network attached printer to a machine:

  • Click on the Add a printer link in the Task Panel.
  • Select Local Printer Queue from the Add Wizard.
  • Follow the Add Printer Wizard to complete your operation.

Adding a User Printer Connection

  • Click on the Add a printer link in the Task Panel.
  • Select User Printer Queue from the Add Wizard.
  • Enter the UNC path of the printer queue.
  • Remove the check in the All Users check box.
  • Click on Add Connection.

Adding an All User (Per-Machine) Printer Connection

An All User Printer queue is persistent to the machine itself and applies to all users logging into the machine.

  • Click on the Add a printer link in the Task Panel.
  • Select User Printer Queue from the Add Wizard.
  • Enter the UNC path of the printer queue.
  • Enable the check in the All Users check box.
  • Click on Add Connection.

Removing a Printer

  • Select  the printer object from the view.
  • Click on the Delete this printer link in the Task Panel.

Sharing / Un-sharing a local printer

To share or un-share a local printer queue, select it and click on the Share or Unshare in the Task Panel, or, right-click on the mouse and select Share or Unshare from the context sensitive menu.

Reporting the printer information

To export the printer information to a text file, click on Report Information in the Task Panel.

Services

Use this feature to query and manage the service and device drivers on a remote computer. To open the Services window of a computer, select the computer object in either the Users view or the Machines view, expand the computer icon and double click on Services. The Services window has two tabs, one for software services and another for device drivers.

Viewing Information

Goverlan can display a lot of information for each item such as Product and Company name, Binary Path or File Version. By default, not all information is displayed. To enable or disable information columns, right-click on the column header to enable or disable the columns to display. You can also sort or group by any column. Grouping information is very practical. Click on the header of a grouped column to display the Group Focus menu and quickly set the focus to a group entry.

You can export all information provided by this feature to a text file using the report button located at the top right corner of the window.

To view detailed information about a service or driver, double-click on it to open its properties window.

Controlling Services

Using Goverlan, you can Start, Stop, Pause, Resume and Remove services and drivers. To do so, select the item of interest and click on the desired action button. Note: Windows services cannot be removed.

To modify the start up mode or the service user account used by the service, open the item’s properties window and modify the appropriate setting.

Device Manager

The Device Manager allows you to view and manage the hardware devices installed on a machine. It is very similar to the native Windows Device Manager but it is used to manage remote machines.

To access this feature, double click on the Device Manager icon below a machine or right-click on a machine and select Device Manager.

Using the Goverlan Device Manager you will be able to:

  • View the currently installed devices including their status.
  • Export devices information into a text file.
  • Disable / Enable a device.
  • Uninstall a device.
  • Scan for hardware changes.

Viewing Devices Information

The Device Manager allows you to view the devices either in a list view or a tree view (default). To switch from one view to the other, use the selection box located at the top right corner of the main view. The advantage of the flat list view is that you can sort or group by any column you desire by clicking on its header allowing for greater flexibility than the tree view format.

  • To export the view contents into a text file, click on the Report Informationlink in the Task Panel.
  • To view the properties of a particular device, select it and view its properties in the Task Panel.
  • To include hidden devices, click Show hidden devices. Hidden devices include non-Plug and Play devices.

    To manage a device, select it and:

Managing Devices

  • To enable or disable it, click on the respective link in the Task Panel.
  • To un-install the hardware device, click on the Uninstall link in the Task Panel.
  • To scan for hardware changes (which detects newly inserted plug and play devices), select the root category to scan and click on Scan for Hardware Change.
    NOTE:

    If you select the root tree item (the computer object), all categories will be scanned for hardware changes.

Shared Folders

Use this feature to query and manage the shared resources, opened sessions and opened files of a computer. To open the Shared Resources window of a computer, select the computer object in either the Users view or the Machines view, expand the computer icon and double click on Shared Resources.

The Shared Resources manager can be used to view the configured shared resources, as well as the opened sessions and opened files of a computer. Opened sessions and opened files can be disconnected and shared resources can be created or modified. Select the appropriate information tab and appropriate action accordingly.

  • To create a new share, click on the New Share button, enter the new share name, path and description. Then click on OK.
  • To remove an existing share, select it from the list and click on the Stop Sharing button.
  • To view the properties or to modify the settings of an existing share, select it from the list and click on the Properties button.

Environment Variables

 

Use this feature to query and manage the user and system environment variables on a remote computer. To open the Environment Variables window, select the computer object in either the Users view or the Machines view. Expand the computer icon and double click on Environment Variables.

Using this window, you can modify, delete or create new system or user environment variables. The user variables apply to the currently logged-in console user on the remote machine.

User Selection Control

To switch between any user session or system variable set, use the Variable Sets section of the Task Panel.

Chat and Push Messages

 

Stay connected with your users through Goverlan Chat and Push Notifications.

Discussion Invitations

The operator can establish a discussion topic to define the issues that will be discussed. By default the signature is the operators AD display name.

Goverlan Remote Control Chat Options

Chat Controls

Goverlan Remote Control Chat Options

Goverlan Chat has the following controls:

  • Invite More People – Use this option to invite other Goverlan Operators or even other users. Invitiations are done by computer name.
  • Members – Use the members list to remove users from the chat session.
  • Use [Enter] to send a message / [Ctrl + Enter] for a line feed – Choose how you wish to send messages.
  • Send sound notifciation – Send a sound notification to alert the chat memebers.
  • Take over the remote machine – Initiate a remote control session to the target users workstation
  • Open the Task Manager – Open the Goverlan Advanced Task Manager focused on the target users workstation.

Message Templates

Create and save message templates for commonly used responses.

Sending one way push notifications

Use push notifications to send text alerts to your users.

Popup Message Options Window

The Popup Message window will allow you to add or remove recipients of the message.

Message Templates

Create and save message templates for commonly used messages.

Task Manager

The Goverlan Task Manager has been completely overhauled in Goverlan v9, providing additional functionality not found in the native Windows Task Manager.

Starting the Task Manager

While in a remote control session

Go to the Tools tab in the Command Bar and click the Task Manager button.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTML14ddfae0.PNG

From the favorites menu

Right click any computer in your Favorites list and select Task Manager.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTML14df59b4.PNG

 

Connecting to other machines through the Task Manager

Once the Task Manager is opened, you can set the focus to another machine by selecting Controls > Connect To… or Controls > Connect to Local Machine.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTML14ebd4e5.PNG

The Goverlan Task Manager is hosted by its own process(GovTools.exe), so closing Goverlan doesn’t close any opened Task Manager session.

Task Manager View Modes

The Task Manager can display its information in 3 view modes:

  1. Normal View Mode
  2. Minimized View Mode
    C:\Users\vcruz\AppData\Local\Temp\SNAGHTML1508a481.PNG

    • The Task Manager inserts an icon in the Windows notification area. This icon is always visible
    • This icon reflects the current CPU usage of the focused machine. To view more performance counters, place the mouse cursor over it and a tooltip appears which displays the CPU, Memory, Disk and Network usage counters.
      C:\Users\vcruz\AppData\Local\Temp\SNAGHTML1509dfa1.PNG
      • Single click on this icon to trigger the Summary View Mode (see below)

      • Double click on this icon to trigger the Normal View Mode (see above)
      • Right-click on this icon to open the context sensitive menu.
  3. Summary View Mode
    The Summary View Mode only displays the primary performance counters of the focused machine. This view mode is designed for monitoring. To start the Summary View Mode, single click on the Task Manager Icon in the Windows notification area. To close the Summary View Mode, click on the Close button or single click again on the notification area icon.

Task Manager Options

Use the Controls > Options menu to control the behavior of the Goverlan Task Manager.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTML153650c4.PNG

Always On Top Enable to keep the Task Manager window on top of all other windows.
Hide When Minimized If enabled, minimizing the Task Manager removes its entry from the Windows Taskbar. Once hidden, you can restore the Task Manager by double-clicking on its icon in the Windows Notification area.
Replace Windows Task Manager Enable this option if you want the Goverlan Task Manager to be your default task manager. Once enabled, starting the default task manager on your machine will open the Goverlan Task Manager (versus the Windows Task Manager).

Note: You can start the standard Windows Task Manager from the Goverlan Task Manager by selecting View > Show Windows Task Manager from the menu.

Show Windows Task Manager Select this option to display the native Windows Task Manager. This is useful if you have configured the Goverlan Task Manager to be the default task manager on your machine and you wish to use the Windows Task Manager temporarily.
Refresh All Data Requests the Task Manager to re-query all data from the client machine. Use this option if the information displayed by the task manager seems de-synchronized or if the connection with the client machine is lost.
Update Speed Use this menu to configure the update frequency of the Task Manager.

 

To export the information displayed by the Task Manager to a text file, click on the report button located at the top-right corner of the window.

C:\Users\vcruz\AppData\Local\Temp\SNAGHTML2049796d.PNG

Working with UAC

On Windows Vista or later, the Goverlan Task Manager automatically detects if UAC is active and allows you to restart the process with elevated privileges. In such an environment, the Controls > Run Elevated menu entry is accessible. If you execute an action which requires elevated privileges, Goverlan automatically prompts you to switch to elevated mode.

This option is disabled if UAC is not detected.

Users Tab

The Users tab displays all apps that are running on the machine that are organized by Username.

  • To view detailed information about any application that the user is running, expand the user’s processes, right click the application and select Properties. You can also double-click it.
  • To terminate an application right click it > End Process. You can also click on the End Task button after highlighting it.
  • To modify the priority of the application, right click it, select the Set Priority submenu and click on the desired property.
  • To start a new process, click on the New Task… button. The New Task button starts the Run As feature.

Processes Tab

This tab displays extended information, including performance counters on all running processes on the system and their network usage, per process. Just like the Users tab, all the right click menu options are available per process.

Show process parent relationships

Processes can either be displayed as a flat list or in a parent relationship tree format. You can switch between the two modes by Enabling / Disabling the Show process parent relationships option.

Each process, except for the root processes, have a parent process (the process which spawned them). Each process can also spawn new processes which become their child processes. The parent relationship view mode shows the processes in a parent/child tree format, highlighting how a process was created. For instance, the list of running processes, as displayed above, can also be viewed in the parent to child tree as follows:

This view format is very useful to recognize processes initiated by the console user (the processes parent is always Explorer.exe) versus processes started by the system such as services. You can also collapse entire branches to emphasize certain processes.

Viewing detailed process information

C:\Users\vcruz\AppData\Local\Temp\SNAGHTML241f62ee.PNG

The Processes tab can display a lot of information about each process. Most information is hidden by default in order to avoid cluttering the interface.

  • To display extended information for all processes, right-click on the columns header and Check / Uncheck the columns to be displayed.
  • To display extended information for a process, double-click on it to view its properties.

Top 5 Tab

Use this tab to determine the most resource-consuming processes on the target machine. The Top 5 tab displays the five most active processes for CPU usage, Disk IO, Memory usage and Network usage:

The CPU and Disk IO sections can display either instantaneous values (i.e., the processes which are currently consuming the most resources) or the All-Time Values which correspond to the processes which have consumed the most resources since the system started.

Performance Tab

The performance tab displays real-time CPU, Memory usage, and Disk Activity information. The refresh update speed can be controlled selecting the Update Speed menu. Performance counter information is also always displayed in the Task Manager bottom status bar.

Detailed Process Monitoring

Placing the mouse over any portion the graphs timeline will show which processes were the cause of the spike, the percentage of use, its process ID, the user account that is running the process and the time at which the spike occurred. All graphs in the Performance tab have this ability.

Keep Graph History For

Each graph keeps historical data and the duration at which this data is kept can be set via this menu. This is useful for monitoring a process over time to determine the stability of each process on any given machine. A timeline at the bottom of the graph displays the time frame currently being displayed. You can also right-click within the graph and enable the Scale to Fit option to view the full set of recorded information. To reset the history of the performance counters, click on the Reset Counters button.

Networking Tab

The Networking tab displays real-time network usage performance information. The information presented in this view represents the statistics for each network interface available on the computer and is divided into the Receive and Send graphs.

Startup Programs

Use this tab to view the currently configured startup program on the computer. A startup program is a process which automatically starts when a user logs in. For instance, Microsoft Messenger is often configured to automatically start upon logging in. However, having too many programs configured to start automatically may result in a lengthy and slow login process.

Understanding Startup Information

The Startup Programs tab lists all currently configured startup programs. The list displays default information for each program such as the process name and description, however, more information is available. To modify the information displayed in the list, right-click on a column header and enable/disable the appropriate categories.

A program can be configured to automatically start in multiple ways. The Type information column displays some generic description of where the configuration has been found. This value can be:

  • Registry – [All Users | User Side]
    The startup information was found in the registry under one of the Windows. Run keys.
  • Windows Startup Group [All Users | User Side]
    The startup information was found in the user profile under a Startup folder.

To see the exact location where the startup information was found, enable the Found In column (again, right click within a column header and select the desired column). The Found In column shows the exact registry path or folder path where the configuration settings were found.

Removing Startup Programs

To stop a program from automatically starting, select it from the list and click on the Remove button. Note: This operation cannot be undone and it does not terminate the currently running processes. It only removes the startup configuration settings for the program.

If you wish to terminate the process initiated under the startup configuration, select the item and click on the Go to Process button before removing the startup program item. If the process is still running, the focus is automatically set on it in the Processes tab. You can then terminate the process.

Disabling Startup Programs

Disabling a startup program prevents it from running the next time the user logs in. However, the entry is remembered and can be re-enabled at any time.

  • To disable a startup program, select it from the list and click on the Disable button. A disabled startup program is indicated with a red cross.
  • To re-enable a startup program, select it from the list and click on the Enable button.

Remote CMD

The Goverlan Remote Console feature provides a command prompt access to any remote machine. The console can be started as the administrator or as the remote user.

Connecting to a Remote Machine

To start the Remote Console feature:

  • Double-click on its icon under a machine object. The console window automatically sets the focus onto the remote machine.
    The console session is initially started as either the remote user or as yourself, depending on the default configured (See: Defining the Default Starting Authentication below).
  • Click on the Remote Console icon in the Goverlan Tools area. The console window automatically sets the focus onto the local machine.

Once a remote console session is started, the content header always displays the currently focused machine name and the user identification of the session.

To change the machine focus to the local machine, use the Connect to local machine links in the Task Panel.

To change the machine focus to another remote machine:

  1. Click on Connect To…
  2. Enter the target machine name or IP address.
  3. Specify if you wish to start the console session as yourself or as the remote user.
    If you specify Run as remote User and the target machine is a Terminal Services server or Citrix server, you can click on the user link to select the user session you wish to connect to.
  4. Click on OK.

PowerShell Command Prompt

Goverlan Remote Console has the ability to enter a PowerShell Command Prompt.

Type the command powershell at the Goverlan Remote Console prompt to start the PowerShell command prompt mode.

The Goverlan Remote Console will display the PowerShell version. PowerShell cmdlets can be run in this screen remotely without the need to enable Remote WinRM or changing the PowerShell Execution Policy.

Defining the Default Starting Authentication

When opening a Remote Console session on a target machine, the session is initially started as the remote user or as yourself based on the defined default.
To change the default authentication:

  1. Click on the Connect To… link in the Task Panel.
  2. Click on Run as me or Run as Remote User to define which mode should be the default.
  3. Click on the Set as default button.
  4. Click on Cancel.

    NOTE:

    If you open the Remote Console feature via the Users view, the session is automatically focused on the currently focused user.

Sending Commands

The Remote Console tool has a Send Command section which has been pre-populated with commonly used prompt commands. To send a command to the console, simply click on it. The full command line, including any configured parameters, is then sent and executed onto the remote control session.

The list of command shortcuts can be configured according to your preference. Click on the Modify List link in the Task Panel to open the Console Commands manager, then add, remove or modify any shortcut.

Power Options

 

The Power Options Dashboard is an at-a-glance screen that provides a complete status of the workstation

Opening the Power Options Dashboard

Opening the Power Options Dashboard while in a remote control session

Go to the Tools tab in the Controls Bar and click the Power Options drop down button.

Power Options Dashboard features

Power Status

Goverlan Remote Control Power Controls

The power status monitor shows the current power state and up time of the computer. These states include:

  • Powered On
  • Soft Power Off
  • Powered Off
  • Standby

Ping Status

Goverlan Remote Control Power Controls

The Ping status monitor displays the IP address and the ping return times

Agent Status

Goverlan Remote Control Power Controls

The Agent Status monitor shows the current state of the Goverlan Agent

Intel vPro AMT Status

Goverlan Remote Control Power Controls

The AMT Status monitor shows the availabilty of the AMT chip. See Configuring Goverlan for vPro for more infomration.

Logged In User

Goverlan Remote Control Power Controls

The Currently logged in user will displayed here. If multiple users are logged in, the console user will be displayed as well as the number of active logon sessions.

Screen Status

Goverlan Remote Control Power Controls

The current status of the console will be displayed such as Lock Screen or User screen.

Power Controls

The Power Control buttons will change depending on the current status of the computer.

Power Button

 

The power button has three states. Power Off, Power On (AMT) or Wake on Lan. For more infomration about Power On (AMT) see Intel vPro Power Options.

Restart Menu

The Restart Menu contains several options for restarting a system. The standard Restart button will display options for letting the user abort the restart or scheduling the restart for later. A custom message can also be displayed during the countdown timer.

Restart to Safe Mode – Goverlan can restart a system into Safe Mode then re-establish the connection when safe mode is up.

Restart to BIOS (AMT) or Restart to ISO (AMT) – Reboot any Intel vPro enabled workstation to BIOS or ISO Image. See Configuring Goverlan for vPro for more information.

Logoff User Menu

The Logoff User control will allow you to log off any user logged in to the system This includes RDP based sessions and Citrix Xenapp Sessions. See Managing Windows Auto Login for more information.

Control Windows Auto Admin Logon setting. Applying this setting will make Windows automatically log in to the specified account.

Script Packages

Script packaging is a powerful feature which allows you to easily dispatch the execution of local scripts onto a single machine or a group of machines and receive a consolidated report of console outputs. The Script Packages feature is accessible from any computer by expanding it and using the Script Packages node, or, via the context sensitive menu.

This feature can be used to run the following script types:

  • Batch (.bat)
  • VB Script (.vbs)
  • Powershell (.ps1)
NOTE:

Goverlan can push PowerShell scripts without having to enable the Remote WinRM, however the machine must have the set-execution policy for scripting as RemoteSigned.

Defining Script Packages

Before you can execute a script package on a remote machine, you must define it. To do so, right-click on the Script Packages node of any computer and select Manage Scripts to open the Goverlan Object Manager.

  • To share (or unshare) a script object with other Goverlan users on your network, select it and click on the  Deploy WIndows Batch and VB Scripts remotely  button. See Team Sharing for more information.

Script Package Properties

  1. Enter the script object’s name and description.
  2. Run Path – Specify the full path of the script package for this object. The script can be located on your machine or in a network share.
  3. Transfer Methods – Select The run path is accessible from the remote machines if the path specified points to a network share, or, Transfer the program to the following directory then run from local path to have Goverlan first transfer the script package onto a temporary location on the target machines and then run it from there.If you select to transfer the script first, you can modify the destination folder on the target machines. Note: The destination path may contain environment variables but they will be resolved using the System Variable set (not the User Variable Set).If the script package has external dependencies, enable the Transfer the entire parent directory option. The dependencies must be located at the root of the parent folder.Enable Delete file(s) after execution if you wish to clean up the transferred files once the script is completed.
  4. Execution – Select the credentials to use to execute the script package. Note: If the script is run directly from a network share, you cannot select Run As Local System since this account doesn’t have network access.Enable Hide execution window to prevent the user interface from being displayed on the target machine during execution.
  5. Output – Configure the execution time out value and decide if you want Goverlan to kill the script process if a time out occurs.If the script package has reporting or error console output, enable the Record console output to option and configure an output text file path. The console output of the script for all machines will be compiled into that output file. Goverlan automatically opens it at the end of the execution.
  6. Click on Ok.

    Once you have configured your script packages, you can easily dispatch their execution on a single machine or a selection of multiple machines.

Running Script Packages

  • To run the script packages on a single machine, expand the Script Packages node under the desired machine and double click on the script package to execute.
  • To run the script package on multiple machines, use the [CTRL] or [SHIFT] key to select two or more machines in the main view or in the Search result list, right-click on the mouse, expand the Script Package sub-menu and select the script package to execute.

Run As

Goverlan has a powerful Run As feature which can be used to start a local process on your machine or to start a process on a remote machine using a specified set of user credentials. This is useful when you need to give temporary, extended access to a remote user or to troubleshoot a server using the Local System account. You can also use the Run As feature as a standard Run… on your local workstation.

NOTE:

The Run As feature only executes the process as defined by its path. It doesn’t transfer the process to a client machine before executing it. If you need to have the process transferred prior to running it, use the Batch & Script feature.

The Run As window has a Basic and an Advanced view mode. The Basic view is very similar to the standard Windows Run feature. To modify the destination machine or the set of credentials to use for the process, you must activate the Advanced view mode.

Setting the process name

Enter the process name to execute in the Open field. You must specify the full local path and name of the process to start. If appropriate, enter the argument string for the process.

If the process is located in a directory which belongs to the system variable PATH of the destination machine, you do not need to re-enter the its path. If you specify a local path and name, the process must be located on the destination machine. Goverlan accepts environment variables in the path.

You can also enter a UNC path for the process if its located on a shared resource. However, make sure that the credentials used to start the process have access to the shared resources.

The Open field accepts a URL or directory path. The web page or directory is opened as a result of the execution.+

Examples:

  • C:\LocalScripts\MyLocalScript.pl
  • cmd.exe
  • %ProgramFiles%SomeSoftsoft.exe “-input:C:\DataMy\file.csv”
  • http://www.goverlan.com
  • C:\Program Files

If you need to start multiple processes sequentially, enable the Stay Opened option. If the Stay Opened option is un-checked, the Run As window closes once the process has started. If checked, the Run As window stays opened.

Setting the destination machine

The destination machine section allows you to specify the machine name in which to execute the process. This section is pre-set with the name of the computer currently in focus. If the destination machine hosts more than one user session, you can select which user session to target using the User Session link.

Setting the Credentials (C)

 

Select the credentials to use for the new process. The new process can run under any of the following credentials:

a. Under the credentials of the interactive user of the destination machine – This is the same as if the remote user started the process.

b. Under the credentials of the Local System Account of the destination machine – These credentials are generally used by Services and don’t have the privilege to access networked resources. However, they do have full access to the local machine’s resources. Therefore, they should be used with care.

c. Under the specified account – This option allows you to specify both domain and local accounts. For local accounts, enter the remote machine’s name under the Domain Name field.

Warning:

Using the Run As feature to initiate a process on a remote machine with highly privileged credentials should be executed with care because it may provide the remote user with a means to access restricted resources.

Process Completion Options

If the process is designed to execute some tasks and terminate, you can ask Goverlan to wait for the completion of the process. To do so, enable the Wait for the Process to Complete option. Enter the number of seconds to wait for the process to complete and in the event the process fails to complete within the configured time line, specify whether Goverlan should forcefully terminate the process.

Check the Hide execution window to prevent any user interface to be displayed during the execution of the process.

If the process writes output information to the console, you can configure Goverlan to display them back to you once the process is complete. SelectShow Console Output to view the process’s console output. Goverlan even accepts standard DOS commands such as IPCONFIG or NET USE and will return its output.

Example

Run commands remotely on any Windows based system

 

 

IP Scanner

The IP Scanner allows you to specify a network segment and scan for IP information. The tool is mainly used as a way to select a set of computers but it can also be used to explore the available machines for an IP segment.

To scan, enter the IP address to start from and the IP address to end at in theFrom and To fields. As you change the IP segment, the total number of IP addresses to scan is displayed underneath the To field. To specify the criteria to apply, in order to list an IP address in the Results window, check one or more of the following criteria:

  • IP is Alive – The IP address must answer a ping to be accepted.
  • IP Resolves to a Name – The IP address must resolve to a DNS or NetBIOS name to be accepted.
  • IP Resolves to a MAC Address – The IP address must resolve to a MAC address to be accepted.

An IP address must pass all checked conditions for the IP address to be listed in the Results window. Click on Scan to initiate the scan with the configured criteria.

IP Addresses can be in the following formats

  • CIDR – 192.168.1.0/24 or fe00/128
  • IP Range – From 192.168.1.50 To 192.168.1.200

IPV6 is supported.

NOTE:

During a scan, you can click on the Stop Scan button at any time to abort the process.

Once the scan is complete, you can export its results by clicking on the Report button located at the top right corner of the IP Scanner window.

Managing Installed Software

Programs

Using the Programs feature, you can view and report on installed software packages on a remote machine. You can also remotely install, repair or un-install MSI and executable packages.

All information and management tasks available from this feature can also be executed on a group of machines via a Scope Action.

Add New Program

The Add New Program option allows you to remotely and silently install a MSI and executable package on a remote computer. Before you can install a software product, you must create an Software Package for it. Once a Software Package has been configured, simply select it from the Add New Program link to start its installation on the client machine.


Managing Installation Packages

Click on the Add New Program link in the Task Panel and select Manage to open the Goverlan Objects Manager. From there, you can create, modify or remove Installation Packages.

Viewing Information

The Programs list view can be configured to sort or group by any column. To sort by a column, click on it. To group by a column, right click on it and select Show in Groups… from the menu. Once you have activated the Show in Group option, clicking on another column will group by this new selection. Otherwise, click on the column currently grouped to set the focus on a particular sub-category:

  • To display detailed information about a particular application, select it and click on the Properties link in the Task Panel, or, simply double click on it.
  • To export the information to a text file, click on the Report Information link in the Task Panel.

Repair Program

To repair a software product, select it from the application list and click on theRepair link. The Repair action re-installs the MSI package on the remote machine replacing any missing or corrupt files, links and registry keys in the process.

NOTE:

The Repair action is only available if the software product has a valid version number and a registered product code. If any of these two pieces of information is missing, this option is disabled.

Remove Program

To un-install a software product, select it from the application list and click on the Remove button. The Remove action silently un-installs the package on the remote machine, removing any files, links and registry keys owned by the software product.

NOTE:

The Remove action is only available if the software product has a valid version number and a registered product code or a Quiet Un-install String property. If any of these properties are missing, this option is disabled.

Software Packages

Using Goverlan, you can install, repair, upgrade or un-install MSI and executable software packages on a remote machine.

Creating an Install Package

  1. Click on the  http://assets.goverlan.com/userguide_img/Goverlan%20Object%20Manager/2015-07-14_11-48-27.png button.
  2. Select if you want to create an installation package for an MSI or an executable.
  3. Enter the new installation package’s display name and description.
  4. Enter the full path of the installation package.

If this is an MSI Package, configure the following options:

Run Install Package from Source Path – Choose this option if the installation package is located in a shared network folder accessible from the client machine. If you select this option, Goverlan will not transfer the MSI package locally on the client machine and will directly run the installation from its source location. If the MSI package being configured has external dependencies, you must select this option and the external dependencies must be located within the source folder.

Transfer Package to Client then Run Locally – Choose this option to have Goverlan first transfer the MSI package onto the client machine, then run its installation from the local copy. Note: Only the specified MSI package is transferred. Therefore, it cannot have any external dependencies.

Leave a copy of the MSI package – In order for the Repair MSI feature to work, you need to leave a copy of the MSI package on the remote machine. If you do not leave a copy of the MSI package, the repair feature will not work.

NOTE:

This option has no effect if you have selected Run Instal Package from Source Path.

Destination folder – The default location for where to leave MSI packages is %windir%Downloaded Installations. However, you can configure any path you wish.

NOTE:

You can include system environment variables in the path.

All Users – Select TRUE to have the MSI Package available by all users on the remote computer or FALSE to have the MSI package available only to the currently logged-in user.

Command Options – Optional command line parameter to transfer to Windows Installer during the installation of the MSI package. These options are MSI specific.

If this is an EXE Package, configure the following options:

Argument String for Unattended Install – In order for Goverlan to install an executable package onto a client machine silently, you must configure the executable’s argument string to trigger an unattended/silent installation. Failing to set these parameters will result in an installation wizard being displayed on the client machine.

Most installation executables support silent installations, however, the argument string to use depends on the vendor. Click on the Show Examples of Silent Argument String to view commonly used parameters.

  1. Click on the Ok button to save your changes.

Sharing / Un-sharing an Install Package

Once you have configured a software package, you can choose to share it with other Goverlan users on your network. To learn how to  share or un-share an installation package, see Configuring Team Collaboration.

Was this article helpful?

Related Articles