Re-Introduction to LanDesk
Goal:
Students should become proficient in using LanDesk’s basic management features including:
Software distribution, Power management, Patch Management, and the Task scheduler.
Objectives:
Within LanDesk Management Console:
Students will create a Software Distribution Package
Students will create a Power Management Policy
Students will remotely apply a security patch
Students will schedule tasks each of the above tasks
Students will execute scheduled tasks.
Prerequisites:



Have LD 9 client installed on all appropriate machines at your site
Have the LD 9 console
Know the location of your LD repository
o This will be documented here as \\Your-Repository\
Procedures:
Introduction:
Because our target audience for the most part is very familiar with Altiris, many assume LanDesk will
work like altiris. This is in fact far from true, so our first task is to discuss the differences and help them
see why things are they way they are in LD, thus allowing them to more intuitively use the LD
management console.
a. Altiris was an all-in-one answer to our problem. It had a single client and a single
console. It was very convenient, but it no longer meets Brevard’s needs as a
management piece. It had inefficiencies such as the need to install BootWorks – a
proprietary PE environment. It was unable to manage AV services, HIPS, Patch
management, etc. It was really just software distribution and remote deployment.
b. Enter the LanDesk SUITE. We will call it a software suite because in reality, that’s what it
is. Much like when you install MS Office, it is actually Word, Excel, PowerPoint, etc. – all
1
separate programs with a similar interface and some shared resources. Each piece can
stand on its own, but you get the best bang for your buck if you have them all.
c. LanDesk management suite is:
i. Software Distribution
ii. Power Management
iii. Patch Management
iv. Anti-Virus
v. Host Intrusion Protection Services
vi. Operating System Deployment
vii. Inventory
viii. Scheduler*
ix. LD Management Console*
d. The list is fairly self-explanatory, two key pieces are the scheduler, which is the working
man of the LanDesk Suite, and the Management Console, which gives you control over
each of the other pieces of software and allows you to pass data from one to the other
easily.
e. Today we’ll be looking at Software Distribution, Power Management, Patch
Management, and the scheduler.
f. Because the scheduler is so integral to each of these tasks in LD, we’ll be talking about it
in each section, and also in its own section at the end.
Software Distribution:
1.
By the end of this, you will be able to make software distribution packages and the associated
scheduled task.
a. In the LD console, go to the distribution Packages section of the console
i. Either by clicking the button on the left labeled ‘Distribution’, then ‘Distribution
Packages , or, from the menu bar, Tools Distribution  Distribution Packages.
b. Planning: What type of package are you going to deploy?
i. This decided by the software vendor, we will typically use:
1. Mac – for Macs
2. MSI – Microsoft Installer
3. SWD – package made with LD packager
a. Like an exe file but can ‘heal’
4. EXE – windows executable
5. BAT – batch file
ii. Choose your type based on what is supplied by the software vendor or what you
have created.
c. Create the distribution package: Right click ‘My Packages’, hover over ‘New distribution
package’, and select the type appropriately.
d. Name it! It needs to start with your school number – e.g. 1161 Office 07 install
2
e. Fill in the blanks:
i. Package Information: Description, primary file, self explanatory, right?
ii. Install/uninstall options: Most are available for MSI or SWD tasks – it will make
the command line options for you! For exe, you still have command lines you
can add, but you have to know them.
iii. Additional files: Do you need to copy files down to the computer during the
install? Add them here
iv. Dependent Packages: Does this package need another package needs? Define
it here.
v. Prerequisites? If you have a query setup to show which machines can handle
this package, define it here. Could be used to define minimum memory or hard
drive requirements, etc.
vi. Detection: If you don’t want this to run if it’s already installed, you can define
this in the detection section – define a file installed by this package and if the
installer finds it, it skips that machine.
vii. Accounts: Install via local system or current user – depends on the software
requirements, but most should be fine with local system.
viii. Uninstall Association: If you have an uninstall package for this software, you can
associate it here.
ix. Assign return codes: ignore, you shouldn’t have to mess with this.
x. Save – you’re done!
f. You now have a software distribution package that you can pass to the scheduler and
have it install on your client machines.
g. To do this, right click on your package, then choose ‘Create Scheduled Task’
i. LD will AUTOMATICALLY take you to the scheduled tasks section in the console,
create the task, and date/time stamp it – what more could you want?
h. Let’s look at the typical scheduled task – right click on it and select ‘properties’ You will
be brought to the overview of the task.
i. Distribution package: this is the software distribution package you just created.
You could change this if you made a new distribution package for the same
purpose.
ii. Delivery Method:
1. Type
a. Multicast – not appropriate for software distributions
b. Policy – will install next time client runs a compliance scan,
could take up to 3 days, but is unattended.
c. Policy-supported push – will attempt to install now, but if the
machine isn’t on, it will try again next time machine runs an
inventory scan – default.
3
d. Push – standard altiris style deploy – if a client isn’t available
(busy or not on the network,) this fails for those clients – you
can either reschedule it to run again, or get them by hand.
2. Method
a. These are just how much network bandwidth you want to use –
pick your favorite.
iii. Target Devices
1. Will show you which devices you have targeted. Also you now have the
option to wake up devices for this install, simply check the box!
iv. Schedule Task
1. Tasks start unscheduled, because you first have to target devices, once
targeted, you can start now, or schedule it for later. You can explore
the options below that at your leisure, they are all self explanatory.
i. If you made changes, save them.
j. To target devices, select them from the ‘network view’ (the list of all your computers)
and drag them to the scheduled task.
k. If you want to start the task immediately, right click and choose ‘ start now’.
l. If you want to schedule it for later, right click the task, select properties, and set it
appropriately in the ‘schedule task’ section.
You have now successfully created a distribution package, scheduled it, and deployed it remotely.
Common things to keep in mind:
Making your own packages is good for things that are small to medium sized installs and involve
mapping drives and other procedures that require multiple steps.
If software comes with an MSI such as google earth, photostory, etc. use that – it is much easier and will
automatically give you uninstall options and unattended options.
MS Office – this is how you do it in LD – try it now if you wish and I’ll answer any questions.
1. Create a new executable distribution package – name it xxxx Office 2007
2. Primary File = \\Your-Repository\Packages\Office07\setup.exe
3. Install Options – command line option = “-adminfile BPSOff07.MSP” without the quotes
a. This includes BPS’s Volume License key and all standard settings.
4. Go to additional files, browse to \\Your-Repository\Packages\Office07, then add ALL files
AND folders EXCEPT setup.exe
5. Save and you’re done
Challenge: The command line for office to uninstall is “-uninstall” (without quotes of course.) Can you:
Make an uninstall package?
4
Associate this with the office install package?
Power Management:
1. By the end of this, you will be able to make power management policies and the associated
scheduled task.
a. In the LD console, go to the Power Management section of the console
i. Either by clicking the button on the left labeled ‘Power Management’, then
‘Power Management’, or, from the menu bar, Tools Power Management 
Power Management.
b. Planning: What type of power management policy do you want?
c. Create the new policy: Right click ‘my policies’ and select ‘New Power Policy’. Give it a
name starting with your school number.
d. Depending on your plan, select an action
i. Hibernate – shuts computer off and stores memory on hard drive
ii. Standby – puts computer in low power state
iii. Turn on
iv. Turn off – can select device, monitor, computer, or hard disk
v. Alert - ?? Appears useless to us…
e. If appropriate, select a device
f. Select ‘inactivity trigger’
i. For turn off of computer, this will be type, hard or soft. Hard shuts down no
questions asked, soft will give users a chance to save open documents, but if
they don’t, computer may not actually turn off.
g. Source – applicable to laptops, plugged in, AC power, or both
h. Day – select all appropriate
i. Time – select all appropriate
j. Click ‘add power scheme’
k. Repeat D-J as necessary.
l. Ignore options for now, there’s an easier way later.
m. When you’re done, click Save.
n. To send this to computers, right click on your new policy and choose ‘Schedule Power
Policy’ – LD AUTOMATICALLY takes you to scheduled tasks and creates the task for you.
o. This task is different, and there aren’t really any options or anything of interest inside.
p. Drag target computers to the task, right click task, select ‘start now’
i. Over the course of a few days, your policy will be deployed to the target
machines.
To add a process sensitive trigger:
5
Process sensitive triggers will allow machines to ignore a power policy if something is running. In the
power management section, click the second button from the right and choose ‘identify process
sensitive triggers.”
Next, type the name, for example, the AV is ‘LDAVScanner.exe’
Check the box to ‘enable and apply to all policies’ if appropriate
Click OK
Now that you have these defined, you can edit your policies and go to the options section to
add/manage process sensitive triggers.
Challenge: PowerPoint’s process is called Powerpnt.exe – can you make a policy that puts a teacher
machine to sleep after 15 minutes of inactivity unless PowerPoint is open?
Patch Management:
1. By the end of this, you will be able to remotely deploy security patches detected by LanDesk
a. In the LD console, go to the Patch and Compliance section of the console
i. Either by clicking the button on the left labeled ‘Security and Compliance’, then
‘Patch and Compliance’, or, from the menu bar, Tools Security and
Compliance  Patch and Compliance
b. Expand All Types Detected.
c. Choose a patch or patches
d. Right click and select ‘Download associated patches’ – this downloads them to your core
server to make for a more speedy deployment. – re-confirm your selection and click
‘download.’
e. Once finished, right click on your patches and choose ‘Repair…’
f. Append your school number to the beginning of the repair task name
g. General Tab:
i. Repair as scheduled task – allows you to schedule it for later
ii. Split… - will help save bandwidth if you want to stage it to distribute overnight
but install in the morning
iii. Computers to repair – don’t add any or add all affected*
iv. Repair as policy – will repair next time computers run inventory scan
1. Add query representing affected nodes – automatically makes a query
for the patch and adds it to the task – if new machines are added to
your console and are affected by this patch, they will automatically
repair!
v. Download only from local peers… your choice
6
vi. Scan and repair settings – use current agent settings, this is setup by the district.
h. Patches Tab: - just shows you the patches.
i. When you click OK, it will make the distribution package, and the scheduled task for
you, it will take you to the task scheduler. You can either target machines if you chose
not to have LD do it for you automatically, or simply right click and select ‘start now’
* When applying multiple patches, I recommend using separate tasks, especially if you’re allowing LD to
make your queries and target machines for you. If you do two patches, it will only target machines
missing both patches, leaving machines with only one of the patches potentially unpatched.
Recommended: Make each patch task separate, select to repair as policy and to add the query
representing affected nodes. Some time setting up in the beginning will make your life easier in the
future!
The Scheduler:
We’ve covered the task scheduler’s basic functions already. Some of the other things you can do:
1.
Check the status of a task – expand each task and it will give you details on what is
happening, what has happened, etc.
2. If a task has failed, you can re-start it.
a. By viewing properties, you can have it restart for only failed devices!
3. You can create groups, as you can in most sections of the LD console, to help organize your
tasks. E.g. Software installs, Power management tasks, etc.
4. Because this is the hub for all LD modules, it is searchable!
Questions?
7