Symantec ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 - V1.0, REAL-TIME SYSTEM MANAGER 7.0 SP2, ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 MR1 User Manual

Altiris™ Real-Time System
Manager from Symantec User
Guide

Version 7.0 SP2 MR1

Altiris™ Real-Time System Manager from Symantec
User Guide

The softwaredescribed inthis bookis furnishedunder alicense agreementand maybe used
only in accordance with the terms of the agreement.

Documentation version 7.0 SP2 MR1

Legal Notice

Copyright © 2010 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, Altiris, and any Altiris or Symantec trademarks used in the
product are trademarks or registered trademarks of Symantec Corporation or its affiliates
in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.

THE DOCUMENTATIONISPROVIDED "ASIS" AND ALLEXPRESS OR IMPLIEDCONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLYINVALID.SYMANTEC CORPORATIONSHALLNOT BELIABLEFOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The LicensedSoftware andDocumentation aredeemed to be commercial computer software
as definedin FAR 12.212 and subject to restricted rights as defined in FAR Section52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, displayor disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product features
and functionality.The Technical Support group also creates content forour online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. Forexample, theTechnical Supportgroup works with Product Engineering
and SymantecSecurity Response to provide alerting services andvirus definition
updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7

days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our Web site
at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support
information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in caseit isnecessary to replicate
the problem.

When you contact Technical Support, please have the following information
available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If yourSymantec product requires registration or a license key, accessour technical
support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the
following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

customercare_apac@symantec.comAsia-Pacific and Japan

semea@symantec.comEurope, Middle-East, and Africa

supportsolutions@symantec.comNorth America and Latin America

Technical Support ... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... 3

Chapter 1 Introducing Real-Time System Manager ..... ..... ......... ..... 11

About Real-Time System Manager .... ......... ..... ..... ..... ..... ......... ..... .... 11

What's new in Real-Time System Manager ......... ..... ..... ..... ..... ......... .. 12

How Real-Time System Manager works ... ..... ......... ..... ..... ..... ..... .... ... 12

About the Symantec Management Console .... ..... ......... ..... ..... ..... . 13

About out-of-band management ....... ..... ..... ..... ..... ......... ..... ..... . 13

About one-to-one and one-to-many management .... ..... ..... .... ..... .. 13

About Intel AMT . ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... .... 14

About ASF ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... .... 14

About DASH ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... .. 15

About WMI ... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... 15

About managing target computers without the Altiris Agent

installed .... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... .. 15

About the Real-Time view ... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... 16

What you can do with Real-Time System Manager .... ..... ......... ..... ..... . 17

Where to get more information .... ......... ..... ..... ..... ......... ..... ..... ..... ... 19

Chapter 2 Installing Real-Time System Manager ... ......... ..... ..... ..... . 21

System requirements . ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... .... 21

About Real-Time System Manager installation

requirements .. ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... . 21

About client computer software requirements .... ..... ..... ..... ..... .... . 22

About client computer hardware requirements . ..... ..... ..... ..... ....... 22

Installing or upgrading the Real-Time System Manager product . ......... . 22

Uninstalling Real-Time System Manager ... ......... ..... ..... ..... ..... ......... . 23

Chapter 3 Preparing target computers for management .... ..... ..... 25

Preparing target computers for management .... ......... ..... ..... ..... ..... ... 25

Discovering computers ...... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... 26

Installing the Altiris Agent .... .... ..... ..... ..... ..... ......... ..... ..... ..... .. 27

Configuring out-of-band capable computers ..... ..... ..... ......... ..... ... 27

Installing and configuring the SNMP component ..... ..... ......... ..... ..... .. 28

Contents

Chapter 4 Using Real-Time System Manager ........ ..... ..... ..... ..... ....... 31

Running real-time one-to-one tasks . ..... ..... ..... ..... .... ..... ..... ..... ..... .... 31

Accessing the Real-Time view .... ..... .... ..... ..... ..... ..... ......... ..... .... 32

Turning off, turning on, or restarting a computer . ..... ......... ..... .... 33

Starting a remote control session . ..... ..... ......... ..... ..... ..... ..... .... . 34

Booting a computer from another device . ..... ..... ..... ......... ..... ..... 35

Filtering network traffic ..... ..... .... ..... ..... ..... ..... ......... ..... ..... .... 37

Configuring alerts ....... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... 38

Configuring the Intel AMT device settings ..... ..... ..... ......... ..... .... 40

Viewing Intel AMT log ... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... .... 40

Running real-time one-to-many tasks . ..... ..... ..... ..... ......... ..... ..... ..... . 41

Booting multiple computers from another device ....... ..... ..... ..... .. 41

Filtering network traffic on multiple computers ........ ..... ..... ..... ... 42

Resetting a local user password on multiple computers . ......... ..... .. 43

Running or stopping a process on multiple computers . ..... ..... .... ... 44

Running or stopping a service on multiple computers ..... ..... ..... .... 45

Chapter 5 About Real-Time System Manager pages ... ..... ..... ..... .... 47

Configuration node: Intel AMT Configuration mode page ... ..... ......... ... 48

Configuration node: Intel AMT Settings page .. ..... ......... ..... ..... ..... ..... 48

Configuration node: Intel Remote Access Policy page ........ ..... ..... ..... .. 49

Controllers and Ports node ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... .. 49

Event Logs node ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .. 50

Input and Output Devices node .... ..... ..... .... ..... ..... ..... ..... ......... ..... ... 50

Management Operations node: Manage Alerts page .... ......... ..... ..... ..... 51

Management Operations node: Manage Local Users and Groups

page .. ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... 51

Management Operations node: Manage Power State and Redirection

page .. ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... 52

Management Operations node: Manage Printers page . ..... ..... ..... ..... .... 52

Management Operations node: Manage Processes page ..... ..... ..... ........ 52

Management Operations node: Manage Services page .... .... ..... ..... ..... .. 53

Management Operations node: Remote Control page ..... ..... ..... ..... ..... . 53

Mass Storage node ... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... . 54

Memory node ... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ... 54

Networking node ... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ... 55

Operating System node .... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ... 56

Physical System node ... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... . 57

Altiris Agent node . ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... .... 58

Manage Virtual Layers page . ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... 58

Summary page .. .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... .. 59

Network Filters page .... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... .. 59

Contents8

Appendix A Troubleshooting ...... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... .. 61

Troubleshooting connection through the Real-Time view ... ..... .... ..... ... 61

Configuring the firewall to allow WMI connection ....... ..... ..... ..... .. 64

Disabling simple file sharing on Windows XP SP2 ... ..... ..... ......... .. 67

Configuring UserAccess Controlon WindowsVista and Windows

7 .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... ..... . 67

Appendix B Technical Reference . ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... 69

About the ports used by Real-Time System Manager ..... ..... ..... ......... ... 69

About authentication ... ..... ..... ......... ..... ..... ..... ..... ......... ..... ..... ..... .. 71

About changes in default system security .... .... ..... ..... ..... ..... ......... .... 72

About network filtering ports and settings ..... ..... ..... ......... ..... ..... ..... . 72

Modifying the list of open network filtering ports ... ..... ......... ..... ..... ... 73

About power management and redirection .... ..... .... ..... ..... ..... ..... ....... 74

Glossary . ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ......... .... 77

Index ...... ..... ..... ..... ..... ......... ..... ..... ..... ..... .... ..... ..... ..... ..... ......... ..... ..... ..... ..... ........ 79

9Contents

Contents10

Introducing Real-Time
System Manager

This chapter includes the following topics:

■ About Real-Time System Manager

■ What's new in Real-Time System Manager

■ How Real-Time System Manager works

■ What you can do with Real-Time System Manager

■ Where to get more information

About Real-Time System Manager

The AltirisReal-Time SystemManager software lets you manage a single computer

from theSymantec ManagementConsole in real time. Real-Time System Manager

can connect to the target computer using the following protocols:

■ WMI - Microsoft Windows Management Instrumentation

■ ASF - Alert Standards Format 2.0

■ Intel® AMT - Intel® Active Management Technology

■ DASH - Desktop and mobile Architecture for System Hardware

■ SNMP - Simple Network Management Protocol

■ IPMI - Intelligent Platform Management Interface

With Real-Time System Manager, you can view detailed real-time information

about the managed computer andremotely perform various administrative tasks.

1

Chapter

For example, you can restart the computer, reset a password, run a port scan,
terminate a process, and more.

Real-Time System Manager also lets you run some of the management tasks on
a collection of computers, immediately or on a schedule.

See “About one-to-one and one-to-many management” on page 13.

What's new in Real-Time System Manager

In the 7.0 SP2 release of Real-Time System Manager, the following new features
are introduced:

■ Support for Microsoft Windows 7 operating system.

■ Limited support for Intel AMT version 6.

You can manage computers with Intel AMT 6 in the same way as you managed
earlier versions of Intel AMT. The new features that were introduced in Intel
AMT 6 are not currently supported.

In the maintenance release (7.0 SP2 MR1) of Real-Time System Manager, the
following new features are introduced:

■ Support for the Intel AMT 6.0 KVM feature.

Keyboard, Video and Mouse (KVM) capability enables remote control of an
Intel AMTsystem usinga remotekeyboard andmouse andviewing themanaged
system’s screen outputat a remote monitor. You can start a KVM session from
the Real-Time view, using the Remote Control page.

How Real-Time System Manager works

First, you select a computer that you want to manage from the Symantec
Management Console. Then Real-Time System Manager checks for the remote
management technologies that the target computer supports. The supported
technologies areWMI, ASF,DASH, Intel AMT, SNMP, and IPMI. Real-Time System
Manager thenuses these technologies to remotely query the computer forvarious
pieces ofinformation. Real-Time System Manager displays the actual information
that is received from the computer in the Resource Manager's Real-Time view.
From the Real-Time view, you can perform various tasks on the target computer
to whichReal-Time System Manager is connected and immediately see the results.
With Real-Time System Manager, you can manage computers in band, as well as
out of band.

See “About the Symantec Management Console” on page 13.

See “About out-of-band management” on page 13.

Introducing Real-Time System Manager

What's new in Real-Time System Manager

12

About the Symantec Management Console

The Symantec Management Console is the Web browser based administration

console forworking withSymantec ManagementPlatform and solutions, including

Real-Time System Manager. The console lets you perform tasks, schedule events,

run reports, perform configuration, configure security, and more. You can run

the console from the Notification Server computer (locally) or from a remote

computer with a network connection to Notification Server. This means that you

can perform administration tasks from wherever you are.

The console lets you set security that is specific to each console user. You specify

which areas of the console a user has access to and the rights that a user has to

perform specific actions. For example, one user can run reports while another

user can only view reports that have already been run.

You can start the console remotely by typing the following URL into the Internet

Explorer's address bar:http://<Notification_Server_name>/altiris/console

For more information on the console, see the Symantec Management Platform

Help, which can be accessed through the console's Help menu.

About out-of-band management

Remote management of client computers often requires the managed computer

to be turned on with an operating system running. When a computer is turned

on with a running operating system, the computer is considered in-band.

Out-of-band iswhen a client computer is in oneof the following out-of-band states:

■ The computer is plugged in but is not actively running (off, standby,

hibernating).

■ The operating system is not loaded (software or boot failure).

■ The software-based management agent is not available.

Out-of-band management is the ability to manage computers in these states.

Computers with Intel AMT, ASF, DASH, or IPMI capabilities can be managed out

of band.

About one-to-one and one-to-many management

One-to-one managementis performedin realtime during a live connection between

Real-Time System Manager and the target computer that you manage. You can

run management tasks on the target computer and immediately see the results

in the Symantec Management Console, in the Resource Manager's Real-Time

view.

13Introducing Real-Time System Manager

How Real-Time System Manager works

See “About the Real-Time view” on page 16.

One-to-many management is when you create a task, assign it to one or more
computers, and configure it to run at a later time.

About Intel AMT

Intel ActiveManagement Technology (Intel AMT) is a part of Intel vPro technology,
which provides the following technology capabilities:

Lets youremotely inventory,diagnose, and repair computers—even
those that are turned off —reducing costly desk-side visits and
increasing user uptime.

Remote manageability

Lets third-party security software identify more threats before
they reachthe operating system. You can isolate infected systems
more quickly and update computers regardless of their power
state.

Security

Intel AMT is a solution that is based in hardware and firmware and is connected
to the system's auxiliary power plane. Despite the power state or the operating
system state of the client computer, Intel AMT provides IT administrators with
access to alerts, hardware inventory, power management, network filtering, and
agent presence functionality. Intel AMT functionality requires the computer to
be plugged into the power source and connected to the network. Intel AMT
functionality does not require a software agent to be installed on the client
computer.

Altiris Out of Band Management Component, Altiris Real-Time Console
Infrastructure, and Altiris Real-Time System Manager software support Intel
AMT 2.0 and later.

About ASF

ASF (Alert Standard Format) is an industry standards-based technology that lets
IT administrators manage computers regardless of the operating system state.
ASF performs completely out of band and only relies on the operating system to
configure the solution.

ASF provides alerting and power management functionality as long as the
computer is plugged in with Ethernet connection. ASF functionality is
accomplished through hardware on the network card or system board, a software
agent on the client computer, and management software on the server.

Altiris Out of Band Management Component, Altiris Real-Time Console
Infrastructure, and Altiris Real-Time System Manager software support ASF 2.0.

Introducing Real-Time System Manager

How Real-Time System Manager works

14

About DASH

DASH (Desktop and Mobile Architecture for System Hardware) is a Web

services-based managementtechnology that enables IT professionals to remotely

manage desktop and mobile computers from anywhere in the world. The

technology lets administrators securely turn the power on/off, query system

inventory, andpush firmware updates among other things, regardless of the state

of the remote computer.

Altiris Out of Band Management Component, Altiris Real-Time Console

Infrastructure, andAltiris Real-TimeSystem Manager software support Broadcom

and Intel implementations of DASH.

About WMI

Windows Management Instrumentation (WMI) is the Microsoft implementation

of Web-based Enterprise Management (WBEM), which is an industry initiative to

develop a standard technology for accessing management information in an

enterprise environment.WMI usesthe CommonInformation Model(CIM) industry

standard torepresent systems,applications, networks, devices, and other managed

components. CIM is developed and maintained by the Distributed Management

Task Force (DMTF).

WMI lets applications obtain management data from remote computers.

About managing target computers without the Altiris Agent installed

To use the full set of features that Altiris solutions offer, we recommend that you

install the Altiris Agent on the computers in your environment. However,

Real-Time System Manager lets you manage the computers that do not have the

Altiris Agent installed. If you choose not to install the Altiris Agent on the

computers, you cannot:

■ Perform one-to-many management tasks on a collection of computers.

Computers that do not have the Altiris Agent installed do not register
themselves withNotification Server and are not visiblein the computer filters.

See “Running real-time one-to-many tasks” on page 41.
See “About one-to-one and one-to-many management” on page 13.

With agentless computers you can:

■ Perform one-to-one management tasks on a single computer in real time

through the Real-Time view.
Agentless computersdo not appear in the computer filters—you musttype the

IP orthe hostnameof the computer that you want to manage intothe Symantec
Management Console.

15Introducing Real-Time System Manager

How Real-Time System Manager works

See “Running real-time one-to-one tasks” on page 31.
See “About one-to-one and one-to-many management” on page 13.

About the Real-Time view

Real-Time System Manager adds its own Real-Time System Manager tree to the
Real-Time view of the Resource Manager. The Resource Manager is a page in the

Symantec Management Console that displays information about an individual
computer.

For more information, see topics about Resource Manager in the Symantec
Management Platform Help.

See “Accessing the Real-Time view” on page 32.

From theReal-TimeSystem Manager tree, you can view live inventory information
about the target computer and perform management tasks in real time.

The Real-Time System Manager tree has various nodes that let you manage the
target computer.

Table 1-1

Real-Time System Manager nodes in the Real-Time view

DescriptionNode

This nodeis visibleonly ifReal-Time System Manager detects
that the target computer is configured to use Intel AMT.

From this node you can view and change setup and
configuration settings of the target computer's Intel AMT
device.

Configuration

This node lets you view controller and port information.Controllers and Ports

This node lets you view event logs.Event Logs

This node contains input and output device items.Input and Output Devices

From this node, you can turn on, turn off, or restart the
computer, manage printers, users, processes, and services.

Management Operations

This node contains mass storage items.Mass Storage

This node lets you view memory information.Memory

This node contains networking items.Networking

This node contains operating system information.Operating System

This node contains firmware and hardware information.Physical System

Introducing Real-Time System Manager

How Real-Time System Manager works

16

Table 1-1

Real-Time System Manager nodes in the Real-Time view (continued)

DescriptionNode

This node contains software information.Software

This page displays the target computer's summary.Summary

Depending on the computer you connect to, you can experience the following

behavior of the Real-Time view:

■ If an item is disabled, then the corresponding WMI class is not supported on

the connected computer.

■ If the WMI class is supported, but there is no instance of it on the computer,

then it is displayed as “No instances found.”

■ If Intel AMT, ASF, DASH, or IPMI technologies are detected on the target

computer, additional nodes appear in the tree.

The information that is available in the Real-Time System Manager section

includes only a subset of the WMI data. However, you can customizethe data that

can be accessed. Contact Symantec Technical Support if you want to create your

own views on the WMI data.

What you can do with Real-Time System Manager

From the Real-Time view, you can perform a variety of one-to-one tasks, such as

the following tasks:

■ View the target computer's software and hardware information.

■ Start and stop processes and services.

■ View the printer's configuration and manage print jobs.

■ Turn off and restart the target computer.

■ Turn on the target computer. An out-of-band capable computer, which is

properly configured, is required to use this feature. Use Altiris Out of Band
Management Component to configure computers for out-of-band management.

■ View theAltiris Agentconfiguration information and logs, send basic inventory,

request configuration, and change the Notification Server computer to which
the Altiris Agent is assigned.

■ Enable and disable Software Virtualization Layers. This feature requires

installed Symantec Workspace Virtualization Agent.

See “About the Real-Time view” on page 16.

17Introducing Real-Time System Manager

What you can do with Real-Time System Manager

See “Running real-time one-to-one tasks” on page 31.

Using Real-Time System Manager with properly configured out-of-band capable
computers, you can manage the computers that are turned off or that failed to
load an operating system. Managing computers remotely out of band lets you
significantly reduce the number of desk-side visits.

See “About out-of-band management” on page 13.

Table 1-2

Out of band features that Real-Time System Manager supports

DescriptionFeature

(Intel AMT and DASH only)

Lets youchange the system boot device to aCD, DVD,
or to an image that is located on a remote network
drive. For example, you can boot from a system
recovery disk.

See “Booting a computer from another device ”
on page 35.

Remote boot through Integrated
Drive Electronics Redirection
(IDE-R)

(Intel AMT only)

Lets you establish a remote console session and walk
the computer through a troubleshooting session, for
example, when you want to reinstall the operating
system, or change BIOS settings.

See “Starting a remote control session ” on page 34.

Remote consoleredirection through
Serial-over-LAN (SOL)

(Intel AMT only)

Lets you block all inbound network traffic and all
outbound network traffic from a target computer.
For example, you can block network traffic from an
infected computerto preventthreats fromspreading.

See “Filtering network traffic ” on page 37.

Hardware filtering of network
traffic (Circuit Breaker) using Intel
vPro System Defense technology

Real-Time SystemManager also lets you perform some of thetasks on a collection
of computers. You can run the tasks immediately or on a schedule.

See “Running real-time one-to-many tasks” on page 41.

Introducing Real-Time System Manager

What you can do with Real-Time System Manager

18

Table 1-3

One-to-many tasks that are available in Real-Time System Manager

DescriptionTask

Lets you boot a group of computers from either a PXE,
a floppy/HDD/CD device, or an image that is located on
a hard drive.

See “Booting multiple computers from another device

” on page 41.

Boot Redirection task (Intel
AMT, ASF, DASH)

Lets you block network traffic to and from the client
computer's operating system.

See “Filtering network traffic on multiple computers ”
on page 42.

Network Filtering task (Intel
AMT)

Lets you remotely reset a password for a local user
account on a group of computers.

See “Resetting a local user password on multiple

computers” on page 43.

Password Management task
(WMI)

Lets you remotely start or stop a process on a group of
computers.

See “Running or stopping a process on multiple

computers” on page 44.

ProcessManagement task (WMI)

Lets you remotely control a service on a group of
computers in the following ways:

■ Start

■ Stop

■ Restart

■ Change start mode to Automatic, Manual, or

Disabled.

See “Running or stopping a service on multiple

computers” on page 45.

ServiceManagement task (WMI)

Where to get more information

Use the following documentation resources to learn and use this product.

19Introducing Real-Time System Manager

Where to get more information

Table 1-4

Documentation resources

LocationDescriptionDocument

http://kb.altiris.com/

You can search for the product name under
Release Notes.

Information about new features and
important issues.

This information is available asan article in
the knowledge base.

Release Notes

■ The Documentation Library, which is

available in the Symantec Management
Console on the Help menu.

■ The Product Support page, which is

available at the following URL:

http://www.symantec.com/business
/support/all_products.jsp

When you open your product’s support
page, look for the Documentation link
on the right side of the page.

Information about how to use this product,
including detailedtechnical informationand
instructions for performing common tasks.

This informationis available in PDF format.

User Guide

The Documentation Library, which is
available in the Symantec Management
Console on the Help menu.

Context-sensitive help is available for most
screens in the Symantec Management
Console.

You can open context-sensitive help in the
following ways:

■ The F1 key

■ The Contextcommand, whichis available

in the Symantec Management Console
on the Help menu.

Information about how to use this product,
including detailedtechnical informationand
instructions for performing common tasks.

Help is available at the solution level and at
the suite level.

This information is available in HTML help
format.

Help

In addition to the product documentation, you can use the following resources to
learn about Altiris products.

Table 1-5

Altiris information resources

LocationDescriptionResource

http://kb.altiris.com/Articles, incidents,and issuesabout Altiris

products.

Knowledge base

http://www.symantec.com/connect
/endpoint-management-virtualization

An online magazine that contains best
practices, tips, tricks, forums, and articles
for users of this product.

Symantec Connect

(formerly Altiris Juice)

Introducing Real-Time System Manager

Where to get more information

20

Installing Real-Time System
Manager

This chapter includes the following topics:

■ System requirements

■ Installing or upgrading the Real-Time System Manager product

■ Uninstalling Real-Time System Manager

System requirements

Real-Time System Manager has the following requirements:

■ Real-Time System Manager installation requirements

See “AboutReal-Time System Manager installation requirements” on page 21.

■ Client computer software requirements

See “About client computer software requirements” on page 22.

■ Client computer hardware requirements

See “About client computer hardware requirements” on page 22.

About Real-Time System Manager installation requirements

Real-Time System Manager requires Symantec Management Platform 7.0 SP4.

Symantec ManagementPlatform isinstalled or upgraded automatically when you

use Symantec Installation Manager to install or upgrade this product.

For more information on the Symantec Management Platform prerequisites and

installation instructions, see the Symantec Management Platform Help.

2

Chapter

About client computer software requirements

The computersthat youwant tomanage mustmeet specific software requirements.

Table 2-1

Client computer software requirements

DescriptionRequirement

Microsoft Windows 2000 Professional SP4
or later

Operating system

Firewall is configured to accept WMI and
SNMP incoming connections.

See “Configuring the firewall to allow WMI

connection” on page 64.

Firewall

About client computer hardware requirements

If you want to use the out-of-band functionality of Real-Time System Manager,
the managed computers must support any combination of the following
out-of-band management technologies.

Table 2-2

Client computer hardware requirements

DescriptionTechnology

Computers with Intel AMT have an Intel
vPro or Centrino Pro label on them.

Intel AMT 2.0, 2.1, 2.5, 2.6, 3.0, 4.0 or later

The Broadcom andIntel implementations of
ASF are supported.

Broadcom ASF 2.0 or Intel ASF 2.0

The Broadcom and Intel implementations
(Intel AMT 4.0 and later) of DASH are
supported.

DASH

IPMI versions 1.5 and 2.0 are supported.IPMI

Installing or upgrading the Real-Time System Manager
product

Use Symantec Installation Manager to install or upgrade Real-Time System
Manager.

For more information on installing or upgrading products, see the Symantec
Management Platform Installation Guide.

Installing Real-Time System Manager

Installing or upgrading the Real-Time System Manager product

22

Uninstalling Real-Time System Manager

Use Symantec Installation Manager to uninstall Real-Time System Manager.

For more information on uninstalling products, see the Symantec Management

Platform Installation Guide.

23Installing Real-Time System Manager

Uninstalling Real-Time System Manager

Installing Real-Time System Manager

Uninstalling Real-Time System Manager

24

Preparing target computers
for management

This chapter includes the following topics:

■ Preparing target computers for management

■ Installing and configuring the SNMP component

Preparing target computers for management

Before you can use Real-Time System Manager, you must prepare the computers

that you want to manage.

Table 3-1

Process for preparing target computers for management

DescriptionActionStep

Discovery helpsyou findthe hostnames
of the computers on which you can
install the Altiris Agent.

See “Discovering computers”
on page 26.

Discover manageable computers
in your environment.

Step 1

3

Chapter

Table 3-1

Process for preparing target computers for management (continued)

DescriptionActionStep

The Altiris Agent lets Notification
Server get information from and
interact with the client computers.

See “Installing the Altiris Agent”
on page 27.

For one-to-onemanagement, theAltiris
Agent is optional. The Altiris Agent is
required if you want to run
one-to-many management tasks.

See “Aboutone-to-one and one-to-many

management” on page 13.

See “Aboutmanaging targetcomputers

without the Altiris Agent installed”

on page 15.

Install the Altiris Agent to target
computers.

Step 2

A firewall can prevent Real-Time
System Manager from connecting to
the target computer through the WMI
interface.

See “Configuring the firewall to allow

WMI connection” on page 64.

Configure a firewall on the target
computers.

Step 3

If you have computers with Intel AMT,
ASF, DASH,or IPMIcapabilities inyour
environment, configure them for
out-of-band management.This letsyou
take the full advantage of Real-Time
System Manager.

See “About out-of-band management”
on page 13.

See “Configuring out-of-band capable

computers” on page 27.

Configure out-of-band capable
computers for out-of-band
management.

Step 4

Discovering computers

Discovery lets you find the hostnames of the computers where you can install the
Altiris Agent. You can discover computers on the network using a domain or a
workgroup search.

Preparing target computers for management

Preparing target computers for management

26

For more information on resource discovery, see the Symantec Management

Platform Help.

See “Preparing target computers for management” on page 25.

To discover computers

1

In the Symantec Management Console, on the Actions menu, click Discover
> Import Domain Membership/WINS.

2

In theAddDomain box, type the domain name, and then click the Add symbol.

3

Check Domain Membership, and then click Discover Now.

4

As the discovery process finishes, click View discovery reports to view the
list of discovered computers.

Installing the Altiris Agent

The Altiris Agent is the software that establishes communication between

Notification Serverand the computers in your network. Computers with theAltiris

Agent installed on them are called managed computers. Notification Server then

interacts with the Altiris Agent to monitor and manage each computer from the

Symantec Management Console.

You must install the Altiris Agenton the computersthat you want tomanage with

Real-Time System Manager.

For moreinformation onthe Altiris Agent, see the Symantec Management Platform

Help.

See “Preparing target computers for management” on page 25.

To install the Altiris Agent

1

In the Symantec Management Console, on the Actions menu, click
Agents/Plug-ins > Push Altiris Agent.

2

On the Altiris Agent Installation page, install the Altiris Agent to computers
in your environment.

For more information on how to install the Altiris Agent, see the Symantec
Management Platform Help (Press F1 or clickHelp > Context in the Symantec
Management Console).

Configuring out-of-band capable computers

You must properly configure out-of-bandcapable computers to beable to connect

to those computers using the out-of-band management technologies.

27Preparing target computers for management

Preparing target computers for management

To configure Intel AMT and ASF computers for out-of-band management, you
can install and use the Altiris Out of Band Management Component software.

For moreinformation, seethe Outof Band Management Component Implementation
Guide.

To work with IPMI, you must enable and configure the technology in the target
computer's BIOS. Refer to the hardware manufacturer's documentation.

Installing and configuring the SNMP component

With Real-Time System Manager you can see some of the target computer's
hardware configuration information through Simple Network Management
Protocol (SNMP).

To be able to view SNMP data, you must install the Simple Network Management
Protocol component on the client computer.

Then, to allow incoming SNMP connections, you must open UDP port 161 on the
target computer. You can add a firewall exception locally or use a group policy to
configure the firewall. Alternatively, you can temporarily disable the firewall.

To install the SNMP component on Windows XP

1

On the target computer, open the Control Panel.

2

Click Add or Remove Programs.

3

In the Add or Remove Programs dialog box, click Add/Remove Windows

Components.

4

In the Windows Components Wizard dialog box, click Management and

Monitoring Tools, and then click Details.

5

Check Simple Network Management Protocol.

6

Click OK.

7

Click Next.

8

Click Finish.

To install the SNMP component on Windows Vista or Windows 7

1

On the client computer, open the Control Panel.

2

In the Control Panel, locate and click Programs and Features.

3

In the Programs and Features dialog box, click Turn Windows features on

and off.

Preparing target computers for management

Installing and configuring the SNMP component

28

4

In theWindows Features dialog box, check SNMPFeature on WindowsVista.
On Windows 7,check SimpleNetwork Management Protocol (SNMP) >WMI
SNMP Provider.

5

Click OK.

To configure the SNMP service

1

On the client computer, open the Control Panel.

2

In the Administrative Tools, click Services.

3

In the Services dialog box, double-click SNMP Service.

4

On the Security tab, check Send authentication trap.

5

Under Accepted community names, click Add, and then add a community
name, if not already added.

For example, add a public name with the READ ONLY rights.

6

Click Accept SNMP packets from any host.

7

Click OK.

8

Restart the service.

29Preparing target computers for management

Installing and configuring the SNMP component

Preparing target computers for management

Installing and configuring the SNMP component

30

Using Real-Time System
Manager

This chapter includes the following topics:

■ Running real-time one-to-one tasks

■ Running real-time one-to-many tasks

Running real-time one-to-one tasks

One-to-one computer management is performed from the Resource Manager's

Real-Time view, in the Real-Time System Manager section.

See “About the Real-Time view” on page 16.

See “Accessing the Real-Time view” on page 32.

For example, you can run the following real-time one-to-one tasks:

■ Remotely turn on, turn off, or restart the target computer.

See “Turning off, turning on, or restarting a computer” on page 33.

■ Start a remote control session (SOL) on a computer with Intel AMT to change

BIOS settings.
See “Starting a remote control session ” on page 34.

■ Boot an Intel AMT, ASF, or DASH computer from another device to diagnose

and fix the operating system problems.
See “Booting a computer from another device ” on page 35.

■ Isolate an infected Intel AMT computer from the network.

See “Filtering network traffic ” on page 37.

■ Configure computer health monitoring.

4

Chapter

See “Configuring alerts ” on page 38.

■ Configure the Intel AMT device settings.

See “Configuring the Intel AMT device settings ” on page 40.

■ View the Intel AMT log that is stored in the NVRAM of the target computer.

See “Viewing Intel AMT log ” on page 40.

Accessing the Real-Time view

The Real-Time view is located in the Resource Manager.

You can open the Resource Manager in the following ways:

■ From a computer filter or a report

Use this method for the managed computers that are registered with
Notification Server.

See “To openthe Real-Timeview fromcomputer filters or reports” on page 32.

■ From the Real-Time System Manager resolution tools

Use this method for the unmanaged computers that do not have the Altiris
Agent installed.

See “To open the Real-Time view from the Real-Time System Manager

resolution tools” on page 33.

To open the Real-Time view from computer filters or reports

1

In the Symantec Management Console, select the computer that you want to

manage fromthe list of discovered resources, any computer filter, or a report.

For example, you can do one of the following:

■ In theSymantec ManagementConsole, on the Manage menu, click Filters.

In the left pane, click Computer Filters > All Computers. In the right
pane, click the computer that you want to manage.

■ Discover computers and click View discovery reports to view the list of

discovered computers. In the report, click the computer that you want to
manage.

See “Discovering computers” on page 26.

2

Right-click the selected computer and click Resource Manager.

3

In the Resource Manager, on the View menu, click Real-Time.

4

In the tree view pane, click Real-Time Consoles.

See “About the Real-Time Home page” on page 33.

Using Real-Time System Manager

Running real-time one-to-one tasks

32

To open the Real-Time view from the Real-Time System Manager resolution tools

1

In the Symantec Management Console, on the Actions menu, click Remote
Management > Real-Time Management.

2

On the Manage page, type the host name or the IP of the computer you want
to connect to, and then click Connect.

3

In theResource Manager, view the real-time information about the computer.

See “About the Real-Time Home page” on page 33.

About the Real-Time Home page

The Real-TimeHome page is the first page in the Resource Manager's Real-Time

view tree. It displays the connection information for the computer. This page

displays the list of protocols that the target computer supports, and if the target

computer accepts the connection credentials that you provided. The protocols

include WMI, ASF, DASH, Intel AMT, IPMI, and SNMP. Only the protocols that

are turned on in the connection profile are displayed.

If credentials are displayed as invalid, verify that your connection profile is

configured to use the correct credentials.

Under Supported protocols, you can select, add, or modify the connection profile

that you want to use when connecting to the target computer.

For more information, view topics about connection profiles in the Symantec

Management Platform Help.

See “Troubleshooting connection through the Real-Time view” on page 61.

Turning off, turning on, or restarting a computer

Note: The availability of power commands depends on the current power state

and the technologies (WMI, ASF, Intel AMT, DASH, IPMI) that are available on

the target computer. For example, WMI power management is limited to Reboot

and Power off commands and can be performed on a computer with a running

operating system. This limitation is because WMI is an in-band functionality.

For computers with Intel Active Management Technology (Intel AMT), you can

configure the Redirectionoptions before restarting or turning on the computer.

See “Starting a remote control session ” on page 34.

See “Booting a computer from another device ” on page 35.

33Using Real-Time System Manager

Running real-time one-to-one tasks

Warning: Before restartingthe target computer, make sure that Redirectionstatus
displays no active SOL or IDE-R sessions. If there is an active session, it is
terminated when the task runs.

To perform a power management action

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Management Operations > Manage

Power State and Redirection.

3

Under Remote power management, select a power action.

4

If you want to perform a graceful restart or shutdown through WMI, check

Graceful power action.

If the WMI operation fails, the hard shutdown of the target computer is

performed out of band using ASF, DASH, Intel AMT, or IPMI. The hard

shutdown is possible if any of these technologies are supported and properly

configured on the target computer.

5

Click Run task now.

Starting a remote control session

(Intel AMT only)

The Intel AMT feature Serial-over-LAN (SOL) redirects the remote computer's
screen text output to a virtual serial port that Real-Time System Manager can
read and displayin the Symantec Management Console. For example, this feature
lets you access the remote computer's BIOS using the remote terminal window
and change BIOS settings, or you can watch the boot process.

To use this feature with the Intel AMT client computers that are configured in
secure mode,their FullyQualified Domain Name (FQDN) must be resolved correctly
on the Notification Server computer. Also, you must configure the connection
profile to use the right certificates for authentication.

For moreinformation, seethe Outof Band Management Component Implementation
Guide.

If theSOL session cannot start, make sure that the Intel AMT device is configured
to allow this functionality.

See “Configuring the Intel AMT device settings ” on page 40.

Using Real-Time System Manager

Running real-time one-to-one tasks

34

To start a SOL session

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Management Operations > Manage
Power State and Redirection.

3

Under Redirection options, check Display task progress and remotely
control computer to create a new SOL session after you turn on the target

computer.

Note that, if the session is closed from the client side (for example, the
computer is restarted locally), the Remote Control Terminal is not closed
automatically. In this case, you must close the terminal window manually.

Warning: If there is already an active SOL session, it is terminated when the
task runs.

4

If you want to change the BIOS settings remotely during the SOL session,
check Enter BIOS on startup.

Note that, when you exit the client computer's BIOS, the client computer
stops sending theinformation tothe terminal.However, theRemote Control
Terminal windows is not closed automatically. In this case, you must close
the terminal window manually.

5

Turn on or restart the computer.

See “Turning off, turning on, or restarting a computer” on page 33.

To view the details of an active SOL session

1

On the Manage Power State and Redirection page, click Details to open the
Redirection Details dialog box.

2

(Optional) To disconnect a SOL session, click Stop remote control.

3

Click Close.

Booting a computer from another device

(Intel AMT, ASF, DASH)

The IDE-R feature of Intel AMT, ASF, and DASH technologies lets you boot the

target computer froma remote disk drive or image. This feature lets you diagnose

and fix the operating system problems.

35Using Real-Time System Manager

Running real-time one-to-one tasks

To use this feature with the Intel AMT client computers that are configured in
secure mode,their FullyQualified Domain Name (FQDN) must be resolved correctly
on the Notification Server computer. Also, you must configure the connection
profile to use the right certificates for authentication.

For moreinformation, seethe Outof Band Management Component Implementation
Guide.

If theIDE-R session cannot start, make sure that the IntelAMT device is configured
to allow this functionality.

See “Configuring the Intel AMT device settings ” on page 40.

You can also run this task on multiple computers, immediately or on a schedule.

See “Booting multiple computers from another device ” on page 41.

To start an IDE-R session

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Management Operations > Manage

Power State and Redirection.

3

Check Perform boot from.

Warning: If there is already an active IDE-R session, it is terminated when the

task runs.

4

Select the device to boot from.

5

To start the computer from an image, click Browse to navigate to a network

share where the image is located.

Warning: Do not use an image file that is placed on a CD or a DVD-ROM to

start the computer. Use only the images that are stored on local or network

hard disk drives.

6

Turn on or restart the computer.

See “Turning off, turning on, or restarting a computer” on page 33.

Using Real-Time System Manager

Running real-time one-to-one tasks

36

To view details of active IDE-R session

1

On the Manage Power State and Redirection page, click Details to open the
Redirection Details dialog box.

2

(Optional) To disconnect a boot device, click Stop redirection.

3

Click Close.

Filtering network traffic

(Intel AMT only)

The network filtering (Circuit Breaker) functionality on Intel AMT lets you block

network trafficfrom and to the target computer's operating system. For example,

you can use this feature to isolate an infected computer from the network.

Note: Network filtering works only if both client operating system and Intel AMT

network settings are configured to use Dynamic Host Configuration Protocol

(DHCP).

Some ports stay open when network filtering is active.

See “About network filtering ports and settings” on page 72.

You can also run this task on multiple computers, immediately or on a schedule.

See “Filtering network traffic on multiple computers ” on page 42.

To block all incoming and all outgoing traffic from the target computer's operating

system

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Networking > Intel AMT Network
Filtering.

3

Click Filter network traffic other than to and from the Notification Server.

4

If you want to prevent the target computer from sending malicious packets,
check Enable anti-spoofing filter.

This feature forces the identity verification of outgoing network traffic and
drops packets if the computer is suspected of originating malicious attacks
that are known as IP spoofing.

5

Click Save changes.

37Using Real-Time System Manager

Running real-time one-to-one tasks

To protect the target computer from network flooding

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Networking > Intel AMT Network

Filtering.

3

Click Limit the number of PING packets to and type the number of packets

per second allowed to pass through the Intel vPro network filter.

Default: 10 packets per second.

4

Click Save changes.

Configuring alerts

(Intel AMT, ASF, DASH)

You can specify the custom destination for SNMP alerts (PET). For a computer
with Intel AMT, you can specify which alerts to log and send.

You cannotdirectly disableASF alerts using Real-Time System Manager. However,
you can modify the SNMP server and SNMP community settings appropriately
specifying a non-existent destination for ASF alerts. For example, you can type

0.0.0.0. If the destination does not respond to ping, ASF alerts are disabled.

To change the PET destination

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Management Operations > Manage

Alerts.

3

Under Subscription settings, type the SNMP server’s IP.

This value is applied to computers with Intel AMT and ASF.

By default, the task is configured with the Notification Server computer’s IP.

In this case, the Altiris™ Event Console software, which is installed on the

Notification Server computer, accepts and displaysthe SNMP events thatthe

client computers send.

4

Type the SNMP community string.

Example: public

Using Real-Time System Manager

Running real-time one-to-one tasks

38

5

Type the destination URI for DASH alerts. By default, the value is set to the
Notification Server's Web service event listener: http://<Notification

Server IP>/Altiris/WSEL/wsel.aspx

Currently, DASH does not support sending alerts through HTTPS. If your
Notification Server is installed on a secureWeb site, configure the wsel.aspx
file so that it can be accessed through HTTP.

6

Select a DASH alerts delivery mode. The options are as follows:

DASH client computer does not verify if the event listener
has accepted the alert.

Push

DASH client computer verifies if the event listener has
accepted the alert. If the event listener does not reply, the
client computercan unsubscribethis particular event filter
(vendor dependent).

Push with acknowledge

7

Click Save changes.

To subscribe to alerts (Intel AMT and DASH only)

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Management Operations > Manage
Alerts.

3

Under Select and configure event filters, configure the alerts.

The options are as follows:

Adds a new alert subscription.Add

Removes the alert from the client computer's memory and reclaim
space.

Remove

Activates the alert. When the alert triggers, a message is sent to the
destination address that you configuredunder Subscription settings.

Subscribe

Deactivates the alert, but does not remove it from the memory.Unsubscribe

4

(Intel AMT only) If you want to remove all previous alert subscriptions from
the client computer and reclaim space before applying new subscriptions,
check Remove 3rd party filters and alert subscriptions.

5

Click Save Changes.

39Using Real-Time System Manager

Running real-time one-to-one tasks

Configuring the Intel AMT device settings

(Intel AMT only)

You can enable or disable starting SOL and IDE-R sessions and change Intel AMT
power-saving settings.

To allow SOL and IDE-R sessions

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Configuration > Intel AMT Settings.

3

To allow the target computer starting a SOL session, check Task progress

window and remote control.

4

To allow the target computer starting an IDE-R session, check Redirect to

optical/floppy drive or image on a server.

5

Click Save Changes.

To change the Intel AMT power-saving settings

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Configuration > Intel AMT Settings.

3

To allow the Intel AMT device to enter sleep state, check UseManageability

Engine's power saving mode after and type the timeout value.

Example: 5 minutes.

4

Click Save Changes.

See “Starting a remote control session ” on page 34.

See “Booting a computer from another device ” on page 35.

Viewing Intel AMT log

(Intel AMT only)

You can view the Intel AMT events that are stored in the target Intel AMT
computer's NVRAM.

To view the Intel AMT log

1

Open the Real-Time view for the computer you want to manage.

See “Accessing the Real-Time view” on page 32.

2

Click Real-Time System Manager > Event Logs > Intel AMT Event Log.

Using Real-Time System Manager

Running real-time one-to-one tasks

40

Running real-time one-to-many tasks

When you manage a computer from the Real-Time view, you can configure only

one computer at a time. This type of management is called a one-to-one

management. If you want to perform the same task on many computers, you can

use one-to-many tasks.

See “About one-to-one and one-to-many management” on page 13.

Real-Time System Manager installation integrates one-to-many tasks into the

Task Server infrastructure, under Manage > Jobs and Tasks > System Jobs and

Tasks > Real-Time System Manager.

For more information on Task Server, see the Symantec Management Platform

Help.

You can run the following real-time one-to-many tasks:

■ Boot Redirection task (Intel AMT, ASF, DASH)

See “Booting multiple computers from another device ” on page 41.

■ Network Filtering task (Intel AMT)

See “Filtering network traffic on multiple computers ” on page 42.

■ Password Management task (WMI)

See “Resetting a local user password on multiple computers” on page 43.

■ Process Management task (WMI)

See “Running or stopping a process on multiple computers” on page 44.

■ Service Management task (WMI)

See “Running or stopping a service on multiple computers” on page 45.

Booting multiple computers from another device

(Intel AMT, ASF, DASH)

You can boot the computers with ASF, DASH, or Intel AMT from a remote disk

drive or image.

You can also perform this task on a single computer in real time.

See “Booting a computer from another device ” on page 35.

To start the computers from a remote location

1

In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.

2

In the left pane, click System Jobs and Tasks > Real-Time System Manager.

3

Click Boot Redirection.

41Using Real-Time System Manager

Running real-time one-to-many tasks

4

In the right pane, select a device to boot from.

5

To start the computer from an image, click Browse to navigate to a network

share where the image is located.

Warning: Do not use an image file that is placed on a CD or a DVD-ROM to

start the computer. Use only the images that are stored on local or network

hard disk drives.

6

Click Save changes.

7

Run the task one time or on a schedule.

For information on howto run tasks,see the SymantecManagement Platform

Help.

Warning: If there is already an active IDE-R session, it is terminated when the

task runs.

Filtering network traffic on multiple computers

(Intel AMT only)

The Intel AMT network filtering (Circuit Breaker) functionality lets you block
network trafficfrom and to the target computers' operating systems. Forexample,
you can use this feature to isolate infected computers from the network.

Note: Network Filtering works only ifboth client operating system and Intel AMT
network settings are configured to use Dynamic Host Configuration Protocol
(DHCP).

Some ports stay open when network filtering is active. You can customize the
ports that you want to stay open.

See “About network filtering ports and settings” on page 72.

You can also perform this task on a single computer in real time.

See “Filtering network traffic ” on page 37.

See “Modifying the list of open network filtering ports” on page 73.

Using Real-Time System Manager

Running real-time one-to-many tasks

42

To apply the network filtering settings

1

In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.

2

In the left pane, click System Jobs and Tasks > Real-Time System Manager.

3

Click Network Filtering.

4

If you want to block network traffic to and from the operating system, do the
following steps:

■ Click Filter network traffic other than to and from the Notification

Server.

■ Choose if you want to use the solution default filtering settings or browse

for a custom .xml file.
See “Network Filters page” on page 59.

■ If youwant toprevent the target computer from sending malicious packets,

check Enable anti-spoofing filter. This feature forces the identity
verification ofoutgoing network traffic and drops packets ifthe computer
is suspectedof originating malicious attacks that are known asIP spoofing.

5

If you want toprotect the targetcomputer fromnetwork flooding, clickLimit
the number of PING packets to and type the number of packets per second

allowed to pass through the Intel AMT network filter.

Default: 10 packets per second.

6

If you want to disable network filtering, click Allow all network traffic.

7

Click Save changes.

8

Run the task one time or on a schedule.

For information on howto run tasks,see the SymantecManagement Platform
Help.

Resetting a local user password on multiple computers

You can reset the password for a local user on the target computers.

You can also perform this task on a single computer in real time.

See “Running real-time one-to-one tasks” on page 31.

To reset a password

1

In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.

2

In the left pane, click System Jobs and Tasks > Real-Time System Manager.

43Using Real-Time System Manager

Running real-time one-to-many tasks

3

Click Password Management.

4

Type the user name to reset the password for in the following format:

COMPUTER\User or DOMAIN\User

5

Type and confirm a new password.

6

Type the name and password of an administrative user with permissions to

manage the specified user account.

7

Click Save changes.

8

Run the task one time or on a schedule.

For information on howto run tasks,see the SymantecManagement Platform

Help.

Running or stopping a process on multiple computers

You can run or end a process on the target computers.

You can also perform this task on a single computer in real time.

See “Running real-time one-to-one tasks” on page 31.

To run or end a process

1

In the Symantec Management Console, on the Manage menu, click Jobs and

Tasks.

2

In the left pane, click System Jobs and Tasks > Real-Time System Manager.

3

Click Process Management.

4

Type the name of the process to run or end.

Example: AeXNSAgent.exe

You canalso type a full UNC path (Example: \\server\share\AeXNSAgent.exe)

as long as you have the authentication infrastructure to support that. This

means that either you have no authentication (null session shares) or you

have Kerberos with the intermediate computer trusted for delegation, and

delegatable credentials for the user.

5

Select an action.

6

Click Save changes.

7

Run the task one time or on a schedule.

For information on howto run tasks,see the SymantecManagement Platform

Help.

Using Real-Time System Manager

Running real-time one-to-many tasks

44

Running or stopping a service on multiple computers

You can start, stop, restart a service on the target computers and change the

startup mode of a service.

You can also perform this task on a single computer in real time.

See “Running real-time one-to-one tasks” on page 31.

To manage a service

1

In the Symantec Management Console, on the Manage menu, click Jobs and
Tasks.

2

In the left pane, click System Jobs and Tasks > Real-Time System Manager.

3

Click Service Management.

4

Type the name of the service to manage.

Example: cisvc

5

Select an action.

6

Click Save changes.

7

Run the task one time or on a schedule.

For information on howto run tasks,see the SymantecManagement Platform
Help.

45Using Real-Time System Manager

Running real-time one-to-many tasks

Using Real-Time System Manager

Running real-time one-to-many tasks

46

About Real-Time System
Manager pages

This chapter includes the following topics:

■ Configuration node: Intel AMT Configuration mode page

■ Configuration node: Intel AMT Settings page

■ Configuration node: Intel Remote Access Policy page

■ Controllers and Ports node

■ Event Logs node

■ Input and Output Devices node

■ Management Operations node: Manage Alerts page

■ Management Operations node: Manage Local Users and Groups page

■ Management Operations node: Manage Power State and Redirection page

■ Management Operations node: Manage Printers page

■ Management Operations node: Manage Processes page

■ Management Operations node: Manage Services page

■ Management Operations node: Remote Control page

■ Mass Storage node

■ Memory node

■ Networking node

5

Chapter

■ Operating System node

■ Physical System node

■ Altiris Agent node

■ Manage Virtual Layers page

■ Summary page

■ Network Filters page

Configuration node: Intel AMT Configuration mode
page

(Intel AMT only)

This page is available only if Real-Time System Manager detects that the target
computer is configured to use Intel AMT.

The page lets you unconfigure the Intel AMT device on the client computer.

Table 5-1

Options on the Configuration node: Intel AMT Configuration mode
page

DescriptionOption

Removes all Intel AMT settings except for administrative user credentials and
PID-PPS pairs. After partial unconfiguration is complete, the Intel AMT client
computer starts sending configuration requests to the setup and configuration
server (Intel SCS). The computer is not available for management through the
Intel AMT interface until it is configured again by Intel SCS.

For more information on the Intel AMT initialization, setup, and configuration,
see the Out of Band Management Component Implementation Guide.

Partial

Removes all settings from the Intel AMT device. You must initialize, set up, and
configure the device again.

If you click this option, you can also select a Small Business or Enterprise
configuration model to set after unconfiguration is complete.

For details on Intel AMT initialization, setup, and configuration, see the Out of
Band Management Component Implementation Guide.

Full

Configuration node: Intel AMT Settings page

(Intel AMT only)

About Real-Time System Manager pages

Configuration node: Intel AMT Configuration mode page

48

See “Configuring the Intel AMT device settings ” on page 40.

Configuration node: Intel Remote Access Policy page

(Intel AMT 4.0 and later only)

This page is available only if Real-Time System Manager detects that the target

computer is configured to use Intel AMT.

This page lets you view the Client Initiated Remote Access (CIRA) policies which

the client computer is configured to use. If there is an active session, this page

lets you close the session.

For more information on configuring remote access policies, see the Out of Band

Management Component Implementation Guide.

Table 5-2

Options on the Configuration node: Intel Remote Access Policy

DescriptionOption

This option is enabled when there is an active remote access session on
the target computer.

This option ends the session.

Close session

Controllers and Ports node

This node lets you view controller and port information.

Table 5-3

Pages under the Controllers and Ports node

DescriptionPage

Displays IDE controller information.IDE Controller

Displays parallel port information.Parallel Port

Displays SCSI controller information.SCSI Controller

Displays serial port information.Serial Port

Displays USB controller information.USB Controller

Displays USB hub information.USB Hub

49About Real-Time System Manager pages

Configuration node: Intel Remote Access Policy page

Event Logs node

This node lets you view event logs.

Table 5-4

Pages under the Event Logs node

DescriptionPage

Displays the application event log.Application Log

Displays the security event log.Security Log

Displays the system event log.System Log

The following log is available only for computers with Intel AMT:

Table 5-5

Intel AMT pages under the Event Logs node

DescriptionPage

Displays the Intel AMT event log stored in the NVRAM on the
managed computer.

Intel AMT Event Log

The following log is available only for computers with IPMI:

Table 5-6

IPMI pages under the Event Logs node

DescriptionPage

Displays the IPMI event log.SystemEvent Log

The following logs are available only for Active Directory controllers:

Table 5-7

Active Directory controller pages under the Event Logs node

DescriptionPage

Displays the directory service log.Directory Service

Displays Domain Name Server (DNS) log.DNS Server

Displays the file replication service event log.File Replication Service

Input and Output Devices node

This node contains input and output devices items.

About Real-Time System Manager pages

Event Logs node

50

Table 5-8

Pages under the Input and Output Devices node

DescriptionPage

Displays keyboard information.Keyboard

Displays modem information.Modem

Displays monitor information.Monitor

Displays pointing device information.Pointing Device

Displays local printer information.Printer

Displays video adapter information.Video Adapter

Management Operations node: Manage Alerts page

See “Configuring alerts ” on page 38.

Management Operations node: Manage Local Users
and Groups page

This page lets you view local users, groups, and their details on the target

computer.

Table 5-9

Options on the Management Operations node: Manage Local Users
and Groups page

DescriptionOption

Lets you rename the selected user or group.Rename

Lets you view properties of the selected user or group.Properties

Lets you reset the password for the selected user.

To reset a local user password on multiple computers, immediately or
on a schedule, use the Password Management task.

See “Resettinga localuser passwordon multiple computers” on page43.

Reset Password

51About Real-Time System Manager pages

Management Operations node: Manage Alerts page

Management Operations node: Manage Power State
and Redirection page

See “Turning off, turning on, or restarting a computer” on page 33.

See “Starting a remote control session ” on page 34.

See “Booting a computer from another device ” on page 35.

Management Operations node: Manage Printers page

This page lets you manage printers and print jobs on the target computer.

Table 5-10

Options on the Management Operations node: Manage Printers
page

DescriptionOption

Uninstalls the selected printers from the target computer.Remove

Sends a test page to the selected printer.Print test page

Lets you cancel, pause, or resume all print jobs.Manage jobs

Management Operations node: Manage Processes
page

This page lets you run or stop a process on the target computer.

To runor terminatea process on multiple computers, immediately or on a schedule,
use the Process Management task.

See “Running or stopping a process on multiple computers” on page 44.

Table 5-11

Options on the Management Operations node: Manage Processes
page

DescriptionOption

Lets you run a process. In the Run Application dialog box, type the name of
the application you want to run on the target computer. Click OK.

Note: Due to WMI security restrictions, the program you run using this task

runs in another session on most operating systems. Users cannot see that
this application is running unless they look it up in the Windows Task
Manager.

Run

About Real-Time System Manager pages

Management Operations node: Manage Power State and Redirection page

52

Table 5-11

Options on the Management Operations node: Manage Processes
page (continued)

DescriptionOption

Lets you terminate the process that you selected.Terminate

Management Operations node: Manage Services page

This page lets you run or stop a service on the target computer.

To run, stop, or configure a service on multiple computers, immediately or on a

schedule, use the Service Management task.

See “Running or stopping a service on multiple computers” on page 45.

Table 5-12

Options on the Management Operations node: Manage Services
page

DescriptionOption

Starts the selected service.Start

Stops the selected service.Stop

Restarts the selected service.Restart

Pauses the selected service.Pause

Resumes the selected service.Resume

Changes the startup mode of the selected service to automatic.Run automatically

Changes the startup mode of the selected service to manual.Run manually

Changes the startup mode of the selected service to disabled.Disable

Management Operations node: Remote Control page

Intel AMT Release 6.0 introduces support for the Keyboard, Video and Mouse

(KVM) capability. KVM enables remote control of an Intel AMT system using a

remote keyboard and mouse and viewing the managed system’s screen output at

a remote monitor.

This page lets you start a remote control session.

53About Real-Time System Manager pages

Management Operations node: Manage Services page

To start a remote control session, in addition to Intel AMT credentials, you must
enable and configure the WS-MAN protocol in the connection profile. Use the
same user name and password for WS-MAN as you use for Intel AMT.

Table 5-13

Management Operations node: Remote Control page

DescriptionOption

Lets you connect a remote CD/DVD or floppy drive to the
managed computer.

You can use a floppy or a CD/DVD that is connected to the
Notification Server computer, or you can browse to a CD/DVD
or floppy image. If you want to use an image, type the path that
the NotificationServer computer can access. For example, if you
opened Symantec Management Console on a remote computer,
type an UNC path to the image.

If you want to connect a remote disk drive to the managed
computer's Windows session, you may need to use device
manager on the managed computer to scan for hardware
changes.

Redirection options

Lets you start the remote control session.Remotecontrol options

Mass Storage node

This node contains mass storage items.

Table 5-14

Pages under the Mass Storage node

DescriptionPage

Displays disk drive information.Disk Drive

Displays floppy disk drive information.Floppy Disk Drive

Displays logical disk drive information.Logical Disk Drive

Displays CD/DVD device information.Media Device

Memory node

This node lets you view memory information.

About Real-Time System Manager pages

Mass Storage node

54

Table 5-15

Pages under the Memory node

DescriptionPage

Displays cache memory information.Cache Memory

Displays logical memory configuration information.Logical Memory Configuration

Displays physical memory information.Physical Memory

Networking node

This node contains networking items.

Table 5-16

Pages under the Networking node

DescriptionPage

See “Filtering network traffic ” on page 37.Intel AMT Network

Filtering

This page is available only if Real-Time System Manager
detects that the target computer is configured to use Intel
AMT.

The page lets you change the network settings that the Intel
AMT deviceuses. Werecommend thatyou configure the Intel
AMT device to obtain an IP address automatically. Dynamic
IP address lets you make sure that the IP of the Intel AMT
device is always the same as the IP of the operating system.
The same IP lets you manage the computer using both WMI
and Intel AMT interfaces simultaneously.

Warning: Be careful when configuring the VLAN value. If

the value is incorrect, the Intel AMT devices will not be
accessible.

Intel AMT Network
Settings

Displays the information that concerns the routing of
network data packets.

Internet packets are usually sent to a gateway and local
packets are routed directly by the client computer. You can
use thisinformation totrace the problems that are associated
with misrouted packets and direct a computer to a new
gateway asnecessary. This class is only applicable to IP4 and
does not address IPX or IP6. The class is intended to provide
the same information that is shown when you type the route
print command at the command prompt.

IP Route Table

55About Real-Time System Manager pages

Networking node

Table 5-16

Pages under the Networking node (continued)

DescriptionPage

Displays network adapter information.Network Adapter

Displays network adapter configuration information.Network Adapter

Configuration

Displays network connection information.

Note: To view network connection information, the target

computer must have Microsoft .NET server installed or be
running Microsoft Windows XP.

Network Connection

Displays server connection information.Server Connection

Displays server session information. This item implements
the Win32_ServerSessions WMI class. It is available only on
Windows XP/2003 operating systems.

Server Session

Displays the active wireless profiles that are stored in the
Intel AMT memory and their priority.

Wireless Profile (Intel
AMT)

Operating System node

This node contains operating system information.

Table 5-17

Pages under the Operating System node

DescriptionPage

Displays the local time settings.Local Time

Displays general operating system information.Operating System

Displays the page file settings,such asinitial and maximum size,
and location.

Page File Settings

Displays the printing jobs. The Total Pages value is the number
of pages that are required to complete the printing job.

Printing Job

Displays the Internet connections that are related to Windows
Product Activation (WPA).

Proxy Server

Displays information about the target computer’s quick fixes.
Quick fixes are software updates and fixes, such as service pack
updates and hotfixes .

Quick-Fix Engineering

About Real-Time System Manager pages

Operating System node

56

Table 5-17

Pages under the Operating System node (continued)

DescriptionPage

Displays registry information, such as size, install date, location,
and status. You can update the proposed size for the registry.

Registry

Displays the share information on the target computer.Share

Displays terminal server settings.Terminal Server

Physical System node

This node contains firmware and hardware information.

Table 5-18

Pages under the Physical System node

DescriptionPage

Displays informationabout the third-party management
agents that report their status to the Intel AMT device.

Agent Watchdogs

Displays BIOS information.BIOS

Displays hardware and firmware information.Computer System

Displays DASH registered profiles information (DASH
only).

DASH Registered Profiles

Displays DASH preinstalled software information
(DASH only).

DASH Software

Displays cooling device information (DASH only).Fan

Displays Field Replaceable Unit information.

Field ReplaceableUnit (FRU) is a PCI or PCI Express bus
add-in hardware component of a computer that can be
replaced in the field and requires no special devices
(such as a soldering iron) to install. If no or anunknown
FRU is detected, no description appears.

Field Replaceable Unit (Intel
AMT)

Displays motherboard device information.Motherboard Device

Displays power supply information (DASH only).Power Supply

Displays processor information.Processor

Displays hardwaresensor information(IPMI and DASH
only).

Sensor

57About Real-Time System Manager pages

Physical System node

Table 5-18

Pages under the Physical System node (continued)

DescriptionPage

Displays SMBIOS memory information.SMBIOS

Displays sound device information.Sound Device

Altiris Agent node

This node lets you view the Altiris Agent information and configure the agent.

Table 5-19

Pages under the Altiris Agent node

DescriptionPage

Displays the Altiris Agent log.

You can filter the log by type.

Altiris Agent Log

Displays the Altiris Agent plug-ins.

You can re-register Altiris Agent plug-ins: for example, when
troubleshooting the Altiris Agent.

Altiris Agent Plug-ins

Displays the Altiris Agent configuration settings such as
Notification Server name, configuration and basic inventory
refresh interval, and so on.

This page lets you change the Notification Server computer to
which the Altiris Agent is assigned, manually request
configuration, sendbasic inventory,and turnon theAltiris Agent
diagnostics.

Altiris Agent Settings

Displays the Client Task Agent status and the task history.Altiris Agent Tasks

Displays the maintenance windows information.

To disablemaintenance tasksfor aperiod oftime, checkDisallow

maintenance task, choose the period of time, and then click
Apply.

For moreinformation onmaintenance windows, see the Symantec
Management Platform Help.

Maintenance Windows

Manage Virtual Layers page

On thispage, you can manage the Software VirtualizationSolution's virtual layers
on the target computer.

About Real-Time System Manager pages

Altiris Agent node

58

This page appears only for the computers with Software Virtualization Agent

installed.

For more information, see Software Virtualization Solution documentation.

Table 5-20

Options on the Manage Virtual Layers page

DescriptionOption

Shows the details of the virtual layer.Details

Activates the virtual layer.

When a layer is activated, all the contents of the layer are visible.

Activate

Deactivates the virtual layer.Deactivate

Resets the virtual layer.

When a layer is created, the captured data is stored in a read-only
sublayer. If a user makes any changes to the application or data, that
data is stored in a writeable sublayer. You can reset the layer, which
deletes allthe datathat theuser hasadded (writeable data) and maintains
the original read-only data.

Reset

Configures whether the layer should be activated automatically on
system startup.

If the target computer does not have the SVS Admin installed, manual
layers are not accessible to the user.

Auto or Manual

Deletes the virtual layer.Remove

Summary page

This page shows the target computer's summary information.

Note: Antivirus information for computers with Microsoft Windows 2000 is

available only if the Inventory Agent/Plug-in is installed on the target computer.

For more information, see the Inventory Solution User Guide.

Network Filters page

On this page, you can configure the list of ports to keep open when you enable

the Network Filtering feature of Intel AMT.

See “Filtering network traffic ” on page 37.

59About Real-Time System Manager pages

Summary page

See “Filtering network traffic on multiple computers ” on page 42.

See “Modifying the list of open network filtering ports” on page 73.

Warning: We recommend that you back up the default list of filters before making
any changes. The Export to file symbol lets you back up the default list.

See “About network filtering ports and settings” on page 72.

Table 5-21

Options on the Network Filters page

DescriptionOption

Clears the list of filters.Clear list

Loads thelist offilters fromthe .xmlfile thatReal-Time SystemManager
uses as default.

Load

Saves thelist of filters into the .xml file that Real-Time System Manager
uses as default.

Warning: Before saving, make sure that you backed up the default .xml

file.

Save

Imports the list of filters from an .xml file.Import from file

Saves the list of filters to an .xml file.

You can use the .xml file as a backup. You can also create a custom .xml
file to use with the Network Filtering task.

See “Filtering network traffic on multiple computers ” on page 42.

Export to file

Adds a filter.Add

Edits the filter that you selected in the list.Edit

Deletes the filter that you selected in the list.Delete

About Real-Time System Manager pages

Network Filters page

60

Troubleshooting

This appendix includes the following topics:

■ Troubleshooting connection through the Real-Time view

Troubleshooting connection through the Real-Time
view

Some ofthe reasons why Real-Time System Manager cannot establisha real-time

connection with the target computer are listed in the following table.

A

Appendix

Table A-1

Possible reasons of real-time connection errors

Possible reasonsTechnology

The connection credentials are incorrect.

The computer is turned off .

The operating system is not loaded.

The computer is not connected to the network.

The firewall does not allow incoming WMI connections.

See “Configuring the firewall to allow WMI connection” on page 64.

Simple file sharing is enabled.

See “Disabling simple file sharing on Windows XP SP2” on page 67.

User Access Controlis turned on.

See “Configuring User Access Control on Windows Vista and Windows 7”
on page 67.

You are connecting to Microsoft Windows XP Home Edition, where WMI
remote connection is not available.

You are connecting with a user that has an empty password.

WMI

The connection credentials are incorrect.

ASF is turned on in the BIOS but not configured.

For more information on configuring computers with ASF, see the Out of
Band Management Component Implementation Guide.

ASF is turned off in the BIOS.

The computer is not connected to the network.

The target computer is not ASF capable.

ASF

Troubleshooting

Troubleshooting connection through the Real-Time view

62

Table A-1

Possible reasons of real-time connection errors (continued)

Possible reasonsTechnology

The connection credentials are incorrect.

The Intel AMT device is not configured.

For more information on configuring computers with Intel AMT, see the
Out of Band Management Component Implementation Guide.

The Intel AMT device is in secure mode, but the connection profile is not
configured to use the correct certificates, and vice versa.

For moreinformation on configuring connection profiles, see the Symantec
Management Platform Help.

Intel AMT is turned off in the BIOS.

The computer is not connected to the network.

The computer is not Intel AMT capable.

Intel AMT

The connection credentials are incorrect.

DASH is turned on in the BIOS but not configured.

For more information on configuring computers with DASH, see the Out of
Band Management Component Implementation Guide.

DASH is turned off in the BIOS.

The computer is not connected to the network.

The target computer is not DASH capable.

DASH

The connection credentials are incorrect.

The IPMI device is not configured.

The IPMI device is in secure mode, but the connection profile is not
configured to use the correct certificates.

IPMI is turned off in the BIOS.

The computer is not connected to the network.

The target computer is not IPMI capable.

IPMI

The SNMP community string is incorrect.

SNMP is not installed on the target computer.

The SNMP service is not running on the target computer.

The Notification Server computer is not in the list of hosts to accept the
SNMP packets from. Check SNMP service properties.

SNMP

63Troubleshooting

Troubleshooting connection through the Real-Time view

Configuring the firewall to allow WMI connection

WMI connection through the Real-Time view can fail when you try to connect to
a computerwith MicrosoftWindows XPService Pack2, WindowsVista, orWindows
7 operating system.

This issue can occur when the default configuration of the Windows Firewall
program blocks incoming network traffic for Windows Management
Instrumentation (WMI) connection. For the connection to succeed, the remote
computer must permit incoming network traffic on TCP ports 135, 445, and
additional dynamically-assigned ports, typically in the range of 1024 to 1034.

You can resolve this issue in one of the following ways:

■ Configure the firewall on the computer you want to connect to.

See “Configuring the firewall on a single computer” on page 64.

■ Configure the firewall on all computers in the domain using group policy.

See “Configuring the firewall on multiple domain computers with a group

policy” on page 65.

■ Temporarily disable the firewall.

See “Troubleshooting connection through the Real-Time view” on page 61.

Configuring the firewall on a single computer

For evaluation, youcan configurethe firewallusing thecomputer’s local settings.

See “Configuring the firewall to allow WMI connection” on page 64.

To configure the firewall on Windows XP SP2

1

Log on to the target computer as the administrator.

2

Click Start > Run, type gpedit.msc in the Open dialog box, and then click

OK.

3

In the Group Policy window, click Local Computer Policy > Computer

Configuration > Administrative Templates > Network > Network

Connections > Windows Firewall.

4

If the computer is in a domain, click Domain Profile. If the computer is not

in a domain, click Standard Profile.

5

Double-click Windows Firewall: Allow remote administration exception,

click Enable, and then click OK.

Troubleshooting

Troubleshooting connection through the Real-Time view

64

To configure the firewall on Windows Vista

1

Log on to the target computer as the administrator.

2

From the Control Panel, open the Windows Firewall Settings dialog box.

3

On the Exceptions tab, check Windows Management Instrumentation(WMI).

To configure the firewall on Windows 7

1

Log on to the target computer as the administrator.

2

From theControl Panel, locate and open the WindowsFirewall configuration
dialog.

3

Click Allow a program or feature through Windows Firewall.

4

Check Windows Management Instrumentation (WMI).

Configuring the firewall on multiple domain computers with

a group policy

These steps assume that all the computers that you want to manage by using this

policy are in the same organizational unit.

For moreinformation about how to use a group policy, visitthe following Microsoft

Web site:

http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx

These stepsassume that Windows Firewall is configured to use thedomain profile.

The domain profile is the most typical scenario.

For more information about Windows Firewall profiles and about how Windows

selects theprofile to load, see the Deploying Windows Firewall Settings for Microsoft

Windows XP with Service Pack 2 guide.

To obtain this guide, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=

4454e0e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en

See “Configuring the firewall to allow WMI connection” on page 64.

To configure the firewall on multiple domain computers with a group policy

1

Create a group policy object for the organizational unit that contains the
Windows XP SP2 computers that you want to manage:

■ Log on to a domain controller.

■ Click Start > Run, type dsa.msc in the Open dialog box, and then click

OK.

65Troubleshooting

Troubleshooting connection through the Real-Time view

■ Expand your domain, right-click the organizational unit in which you

want to create the group policy, and then click Properties.

■ On the Group Policy tab, click New.

■ Type a name for the group policy object, and then press Enter.

■ Click Close.

2

Log on to a domain-member computer that is running Windows XP SP2. Log

on with a user account that is a member of one or more of the following

security groups:

■ Domain Admins

■ Enterprise Admins

■ Group Policy Creator Owners

3

Click Start > Run, type mmc in the Open dialog box, and then click OK.

4

On the File menu, click Add/Remove Snap-in.

5

On the Standalone tab, click Add.

6

In the Add Standalone Snap-in dialog box, click GroupPolicy, and then click

Add.

7

In the Select Group Policy Object dialog box, click Browse.

8

Click the group policy object that you want to update with the new Windows

Firewall settings.

For example,click the organizational unit that containsthe Windows XP SP2

computers, click OK, and then click the group policy object that you created

in step 1.

9

Click OK, and then click Finish.

10

Click Close, and then click OK.

11

Under ConsoleRoot, expand the grouppolicy object that you selected instep

8, and then click Computer Configuration > Administrative Templates >

Network > Network Connections > Windows Firewall > Domain Profile.

12

In the right pane, double-click Windows Firewall: Allow remote

administration exception.

Troubleshooting

Troubleshooting connection through the Real-Time view

66

13

Click Enabled, and then specify the administrative scope in the Allow
unsolicited incoming messages from dialog box.

For example, to permit remote administration from a particular IP address,
type thatIP address in the Allow unsolicited incoming messages from dialog
box. To permit remote administration from a particular subnet, type that
subnet byusing the Classless Internet Domain Routing (CIDR) format. In this
scenario, type192.168.1.0/24 to specify the network 192.168.1.0 with a 24-bit
subnet mask of 255.255.255.0.

For more information on how to specify a valid administrative scope, see the
Syntax area of the Setting tab in this policy.

14

Click OK, and then click Exit on the File menu.

Disabling simple file sharing on Windows XP SP2

This isa Windows XP limitation caused by the“ForceGuest” option that is enabled

by default on all Windows XP computers that are members of a workgroup (in

contrast to domain members). All users who log onto such computers over the

network are forced to use the Guest account.

See “Troubleshooting connection through the Real-Time view” on page 61.

To disable simple file sharing

◆

Do one of the following steps:

■ Uncheck Usesimplefilesharing under the ControlPanel>FolderOptions

> View tab.

■ Set the “ForceGuest” DWORD value equal to 0 (zero) under the

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] key
in the Windows registry on the client computer.

For more information, see Microsoft knowledge base articles :

http://support.microsoft.com/default.aspx?scid=KB;EN-US;180548
http://support.microsoft.com/default.aspx?scid=kb;en-us;290403

Configuring User Access Control on Windows Vista and Windows 7

You can turn off the User Access Control (UAC) from the Control Panel. This

applies only to the computers that are not in a domain.

For more information, see Microsoft article http://technet.microsoft.com/en-us/

windowsvista/aa905108.aspx.

See “Troubleshooting connection through the Real-Time view” on page 61.

67Troubleshooting

Troubleshooting connection through the Real-Time view

To configure User Access Control on Windows Vista

1

On the client computer with the Microsoft Windows Vista operating system,

open the Control Panel.

2

Double-click User Accounts.

3

In the UserAccounts dialog box, click Turn User Account Control on or off.

4

Uncheck Use User Account Control (UAC) to help protect your computer,

and then click OK.

To configure User Access Control on Windows 7

1

On theclient computer with the Microsoft Windows 7 operating system, open

the Control Panel.

2

Click User Accounts.

3

Click Change User Account Control settings.

4

Move the slider to Never notify, and then click OK.

Troubleshooting

Troubleshooting connection through the Real-Time view

68

Technical Reference

This appendix includes the following topics:

■ About the ports used by Real-Time System Manager

■ About authentication

■ About changes in default system security

■ About network filtering ports and settings

■ Modifying the list of open network filtering ports

■ About power management and redirection

About the ports used by Real-Time System Manager

The following table lists the ports that are used for communication by Real-Time

System Manager, Symantec Management Platform, and the Symantec Management

Console. You can use the table to configure the firewall between your console,

server, and managed computers as needed.

Table B-1

Ports used by Real-Time System Manager

BindingDirectionDescriptionPortProtocol

Symantec Management
Console — Symantec
Management Platform

bothWWW (HTTP)80TCP

Symantec Management
Console — Symantec
Management Platform

bothLDAP389TCP

B

Appendix

Table B-1

Ports used by Real-Time System Manager (continued)

BindingDirectionDescriptionPortProtocol

Symantec Management
Console — Symantec
Management Platform

both(optional) SSL

(HTTPS)

443TCP/UDP

Symantec Management
Platform — managed
computer

bothEcho (ICMP)7TCP/UDP

Symantec Management
Platform — managed
computer

bothDCE endpoint

resolution

135TCP/UDP

Symantec Management
Platform — managed
computer

bothMicrosoft-DS445TCP/UDP

Symantec Management
Platform — managed
computer

bothRPC>1024TCP/UDP

Real-Time System
Manager — managed
computer

bothSNMP161UDP

Real-Time System
Manager — managed
computer

bothSNMP trap162UDP

Real-Time System
Manager — managed
computer

bothNon-secure
ASF and IPMI
connection
port

623UDP

Real-Time System
Manager — managed
computer

bothSecure ASF
and IPMI
connection
port

664UDP

Real-Time System
Manager — managed
computer

bothNon-secure
DASH
connection
port

623TCP/UDP

Real-Time System
Manager — managed
computer

bothSecure DASH
connection
port

664TCP

Technical Reference

About the ports used by Real-Time System Manager

70

Table B-1

Ports used by Real-Time System Manager (continued)

BindingDirectionDescriptionPortProtocol

Real-Time System
Manager — managed
computer

bothNon-secure
Intel AMT
connection
port

16992TCP

Real-Time System
Manager — managed
computer

bothSecure Intel
AMT
connection
port

16993TCP

Real-Time System
Manager — managed
computer

bothNon-secure
Intel AMT
remote
control port
(SOL/IDE-R)

16994TCP

Real-Time System
Manager — managed
computer

bothSecure Intel
AMT remote
control port
(SOL/IDE-R)

16995TCP

About authentication

Authentication happens on the Notification Server computer where Real-Time
System Manager is installed.

When you use Real-Time System Manager, the following authentication points
apply:

■ When you try to access the Symantec Management Console or the Resource

Manager page,Notification Server verifies that the user hasthe rights to access
Real-Time System Manager. You can access the console either as a user who
is interactively logged on to the Notification Server computer or as a user who
is connected to the Notification Server computer remotely through a browser.
In case of an interactively logged on user, the Windows logon information is
passed to Notification Server. When a computer is managed locally from a
target computer, the Internet Explorer credentials are used.

■ By default,Real-Time SystemManager uses the Notification Server Application

Identity credentials (WMI Credential for Default Connection Profile) to
connect to remote computers. If the Notification Server Application Identity
account has no administrator rights to access the remote computer, the
connection fails. Create a new connection profile with correct credentials.

71Technical Reference

About authentication

■ Once successfully authenticated, Real-Time System Manager

administrative-user credentials are used as “administrative” credentials for
all WMI commands until the Resource Manager page is closed.

■ The NotificationServer computer and the target computercan be on different

domains. In this case you must specify the user in the form of
"domain\username" inthe connection profile. This is not truefor the following
cases:

■ If there is a trust relationship between domains such that users from the

Notification Server domain have a sufficient privilege level (on the target
Real-Time System Manager host) that WMI requires.

■ If the target computer has a local account (with sufficient WMI rights)

whose user name and password are identical to the user whose credentials
were used to access Real-Time System Manager.

About changes in default system security

During installation and setup of Real-Time System Manager, the access list for
the Windows_Folder\Temp directory is changed as follows:

■ The IIS_WPG (SERVER_NAME\IIS_WPG) group is added with full control for

the folder, subfolder, and files.

■ The ASP.NET computeraccount (SERVER_NAME\ASPNET) user is added with

full control for the folder, subfolder, and files.

About network filtering ports and settings

To allow communication with the Notification Server computer for remediation,
the following ports stay open on the target computer when network filtering is
active.

Table B-2

Ports kept open when network filtering is active

DirectionTypePort name and

description

Port #

Receive/TransmitTCP/UDPDNS port53

Receive/TransmitUDPDHCP boot protocol

server

67

Receive/TransmitUDPDHCP bootprotocol client68

Receive/TransmitTCPNotification Server port80

*

Technical Reference

About changes in default system security

72

Table B-2

Ports kept open when network filtering is active (continued)

DirectionTypePort name and

description

Port #

Receive/TransmitUDPKerberos port88

Receive/TransmitTCPNETBIOS Name Service137

Receive/TransmitTCP/UDPLDAP port389

Receive/TransmitTCP/UDPSecure LDAP port636

Receive/TransmitEthernet frameARP2054

Receive/TransmitTCPNotification Server Tickle

port

52028

*

*

Depends on Notification Server configuration

See “Modifying the list of open network filtering ports” on page 73.

See “Filtering network traffic ” on page 37.

See “Filtering network traffic on multiple computers ” on page 42.

Modifying the list of open network filtering ports

You can modify the list of ports to keep open when network filtering is active on
the Network Filters page.

See “About network filtering ports and settings” on page 72.

See “Filtering network traffic ” on page 37.

See “Filtering network traffic on multiple computers ” on page 42.

To modify the list of open network filtering ports

1

In the Symantec Management Console, on the Settings menu, click All
Settings.

2

In the left pane, click Remote Management > Real-Time System Manager >
Network Filters.

3

Modify the filters.

73Technical Reference

Modifying the list of open network filtering ports

About power management and redirection

The following table displays the power management and redirection capabilities
for the Intel AMT or ASF-capable computers in different power states.

Table B-3

Intel AMT power management capabilities

Boot
redirect

AMT power
on

AMT power
off

AMT rebootPower state

Yes

2

NoYesYesS0/G0 “working”

YesNoYesYesS1 “sleeping with system
h/w & processor context
maintained”

YesNoNoNoS2 “sleeping, processor
context lost”

Yes

2

YesYes

1

Yes

1

S3 “sleeping, processor &
h/w context lost, memory
retained”

Yes

2

YesYes

1

Yes

1

S4 “non-volatile sleep /
suspend-to disk”

YesYesNoNoS5/G2 “soft-off”

YesNoNoNoS4/S5 soft-off, particular
S4/S5 state cannot be
determined

NoNoNoNoG3/Mechanical Off

YesNoNoNoSleeping in an S1, S2, or S3
state (used when particular
S1,S2, S3 state cannot be
determined), or Legacy
SLEEP state

YesNoNoNoG1 sleeping (S1-S4 cannot
be determined)

YesNoNoNoS5 entered by override, for
example, by4-second power
button override

YesNoNoNoLegacy ON, for example,
non-ACPI OS working state

Technical Reference

About power management and redirection

74

Table B-3

Intel AMT power management capabilities (continued)

Boot
redirect

AMT power
on

AMT power
off

AMT rebootPower state

YesNoNoNoLegacy OFF, for example,

non-ACPI OS off state

YesNoNoNoUnknown

1

Performed through the power on command.

2

Redirection can be enabled only for the reboot command.

Table B-4

ASF power management capabilities

Boot redirect

3

ASF power
on

ASF power
off

ASF rebootPower state

Yes

2

NoYesYesS0/G0 “working”

YesNoYesYesS1 “sleeping with system
h/w & processor context
maintained”

YesNoYesYesS2 “sleeping, processor
context lost”

Yes

2

YesYesYesS3 “sleeping,processor &
h/w contextlost, memory
retained”

Yes

2

YesYes

1

Yes

1

S4 “non-volatile sleep /
suspend-to disk”

YesYesNoNoS5/G2 “soft-off”

YesYesYesYesS4/S5 soft-off, particular
S4/S5 state cannot be
determined

NoNoNoNoG3/Mechanical Off

YesNoYesYesSleeping in an S1, S2, or
S3 state (used when
particular S1,S2, S3 state
cannot bedetermined), or
Legacy SLEEP state

75Technical Reference

About power management and redirection

Table B-4

ASF power management capabilities (continued)

Boot redirect

3

ASF power
on

ASF power
off

ASF rebootPower state

YesNoYesYesG1 sleeping (S1-S4

cannot be determined)

YesYesNoNoS5 entered by override,
for example, 4-second
power button override

YesNoYesYesLegacy ON, for example,
non-ACPI OS working
state

YesYesNoNoLegacy OFF,for example,
non-ACPI OS off state

YesYesYesYesUnknown

1

Performed through the power up command.

2

Redirection can be enabled only for the reboot command.

3

Only local redirection can be enabled with ASF.

Technical Reference

About power management and redirection

76

Altiris Agent The software that is installed on the computers that you want to manage. It

facilitates interactions between Notification Server and a managed computer.
The agent receives requests for information from Notification Server, sends data
to Notification Server, and downloads files. The Altiris Agent also lets you install
and manage solution plug-ins that add functionality to the agent.

ASF (Alert Standard

Format)

An industry standard-based technology that lets IT administrators manage
computers regardlessof the operating system state. ASF provides alerts andpower
management functionality aslong asthe computer is plugged in with an Ethernet
connection. ASFfunctions throughhardware on the network card or system board,
a software agent on theclient computer, andmanagement software onthe server.

Circuit Breaker A security toolset of Intel AMT. This toolset represents a set of hardware-based

network packet filters. IT technicians can apply these filters to computers that
send suspicious network packets to seal infected computers from the rest of the
network.

DNS (Domain Name

System)

A system that converts host names and domain names into IP addresses on the
Internet or on the local networksthat use the TCP/IPprotocol. For example, when
a Website address is given to DNS, DNS servers return the IP address of the server
that is associated with that name.

IDE-R (IDE-Redirection) An Intel AMT built-in hardware capability. It lets IT administrators start a

computer froman image that is stored on the network or onthe remotely mounted
CD-ROM or hard drive.

in-band management A type of remote computer management. It requires the target computer's

operating system to be initialized and to function properly.

Intel AMT (Intel Active

Management

Technology)

A solutionthat is based in hardware and firmware andis connected to the system's
auxiliary power plane. Despite the power state or the operating system state of
the client computer, Intel AMT provides IT administrators with access to alerts,
hardware inventory, power management, circuit breaker, and agent presence
functionality. Intel AMT functionality requires the computer to be plugged into
the power source and connected to the network. Intel AMT functionality does not
require a software agent to be installed on the client computer.

Notification Server The Symantec Management Platform service that communicates with the Altiris

Agent and the CMDB to provide management, security, and administrative
functionality. It processes events, facilitates communications with managed

Glossary

computers, andcoordinates thework ofthe otherSymantec Management Platform
services.

out-of-band

management

A type of remote computer management. It lets IT administrators connect to a
computer's management controller when the computer is turned off, in sleep or
hibernate modes, or otherwise unresponsive through the operating system.
Out-of-band management can be performed on the computers that have Intel
AMT, DASH, or ASF-capable network adapters.

PET (Platform Event

Trap)

An event that is originated directly from platform firmware (BIOS) or platform
hardware (ASIC, chipset , or microcontroller) independently of the state of the
operating system or system management hardware. PET events provide advance
warning of possible system failures.

power state The overall power consumption of the system. Six power states exist that range

from S0 (the system is powered on and fully operational) to S5 (the system is
powered off). States S1, S2, S3, and S4 are referred to as sleeping states.

PXE Boot (Pre-Boot

Execution Environment)

An environment to start computers using a network interface independently of
available data storage devices (like hard disks) or installed operating systems. An
administrator can load operating systems and other software onto the device
from a server over the network.

Resource Manager A feature that displays information about a resource, such as its properties and

current state. It also lets you troubleshoot and perform actions on managed
resources.

SOL (Serial-over-LAN) A feature of Intel AMT that redirects console output to a remote terminal. It lets

IT administrators remotely change BIOS settings, repair a computer that cannot
start, and so on.

SOL/IDE-R (Serial-over-

LAN/IDE-Redirection)

The proprietary protocols that are defined for Intel AMT that redirect keyboard,
text, floppy disk, and CD transfers from a local host to a remote workstation.

Symantec Management

Console

The Web-baseduser interface for managing the Symantec Management Platform
and any other installed solutions.

Symantec Management

Platform

The platformthat provides a set of services forIT-related solutions. These services
include security, scheduling, client communications and management, task
execution, file deployment, reporting, centralized management, and CMDB
services.

task An action that is performed on a computer. Server tasks are run on Notification

Server. Client tasks are run on managed computers.

task server A managed computer on which the Task Service plug-in is installed. The task

server lets you sequence tasks and provides automation for Symantec solutions.

Glossary78

A

alerts

using 38

Altiris Agent

discovering computers 26

installing 27
AMT. See Intel AMT
ASF 22, 61

about 14

B

BIOS

configuring remotely 34
Boot Redirection task 41
booting

from another device 35, 41

C

Centrino Pro. See Intel AMT
Circuit Breaker. See network filtering
computer

in-band management 13

one-to-many management 13

one-to-one management 13

out-of-band management 13

restarting 33

turning off 33

turning on 33
computers

discovering 26
context-sensitive help 19

D

DASH 11, 22, 61

about 15
DHCP 37
documentation 19

F

firewall

configuring 64

H

help

context-sensitive 19

I

IDE-R

enabling 40
using 35, 41

viewing active sessions 37
in-band management 13
installing

Altiris Agent 27

Real-Time System Manager 22
Intel AMT 11, 22, 61

about 14

configuring power-saving options 40

viewing logs 40
Intel vPro. See Intel AMT
IPMI 61

N

network filtering

disabling 43

enabling 42

using 37, 42
Network Filtering task 42
network flooding

protecting from 43

O

one-to-many

management 13

tasks 41
one-to-one

management 13

tasks 31

Index

Out of Band Management Component 17
out-of-band management 13

preparing computers for 27

P

password

resetting 43
Password Management task 43
PETs. See alerts
power management 33
process

running or stopping 44
Process Management task 44

R

Real-Time Home page 33
Real-Time view

about 16

accessing 32

troubleshooting connection via 61
Release Notes 19

S

service

running or stopping 45
Service Management task 45
SIM 22–23
SNMP 11, 61
SNMP alerts. See alerts
SOL

enabling 40

using 34

viewing active sessions 35
Symantec Installation Manager. See SIM
Symantec Management Console

about 13

opening 13

T

Task Server 41
tasks

one-to-many 18

one-to-one 17

U

uninstalling

Real-Time System Manager 23

upgrading

Real-Time System Manager 22

using

one-to-many tasks 41
one-to-one tasks 31

W

WMI 11, 61, 64

about 15

X

.xml file 43

Index80