No other patch is needed on the core server as this patch includes the contents of the console and Web console patches.

LANDesk Software Version 8.70 SP6

November 2008

This readme describes the main issues addressed in LANDesk Software 8.7 SP6. This service pack also includes all fixes made in SP1 through SP5. A complete list of the fixes in service pack 1 through 5 is available at http://community.landesk.com/downloads/ServicePack/87sp5readme.txt.

EXCEPT AS RESTRICTED BY LAW, THE SOFTWARE PROGRAMS CONTAINED IN THE FILE ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE OR FITNESS FOR A PARTICULAR PURPOSE.

This readme is divided into the following sections:

• Installing this service pack
• Additional SP6 information
• Additional SP6 information (previous service packs included in SP6)

Installing this service pack

You need to install this service pack on all clients, core servers, additional consoles, Web console servers, rollup core servers, off-core inventory servers, and managed devices. The easiest way to update managed devices with the service pack is to use the Security and Patch Manager tool.

• LD87-SP6-Core - For the core server and off-core inventory server.
• LD87-SP6-Client - For client workstations.
• LD87-SP6-Console - For remote Windows consoles only. This patch isn't needed on the core server since the core server patch includes this.
• LD87-SP6-Rollupcore - For the rollup core server.
• LD87-SP6-Webconsole - For off-core Web consoles. This patch isn't needed on the core server since the core server patch includes this.

Make sure you exit the Management Suite Windows console before applying this service pack to core servers and additional consoles. We also strongly recommend that you back up your core server and databases before applying this service pack.

Warning for customers with an off-core inventory server
Before applying this patch to the core server, make sure you stop the inventory service on the off-core inventory server. Failure to do this can result in possible database corruption. This patch updates the database tables and if an off-core inventory server inserts a scan into the database during this process, the update may fail.

Installing on the core server

1. Double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-Core on the core server.
3. When Setup finishes, reboot the core server. A reboot is required.

Installing on off-core inventory servers

After you've applied this service pack to the core server, you must apply this service pack to all off-core inventory servers, if you have any.

1. If not already extracted, double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-Core on the off-core inventory servers.
3. When Setup finishes, reboot the off-core inventory server.

Installing on additional (remote 32-bit) management consoles not physically located on the core server

Additional (remote 32-bit) consoles need to be updated to SP6 to connect to the upgraded core server and database. The console version is verified with the database. Historically the console did not check the service pack version and all versions were allowed to connect. This caused issues with old consoles being unable to handle the additional data or causing the console to corrupt data due to schema mismatches. This feature was implemented to enforce remote console updates.

After patching the core, choose ONE of the following methods for updating remote 32-bit consoles:

• Use the Security and Patch Manager tool to automate the remote 32-bit console update.
• Deploy the patch as a distribution package.
1. If not already extracted, double-click on the self-extracting executable and extract it.
2. Place the LD87-SP6-console folder on a UNC or web share.
3. Create a distribution package pointing to Setup.exe as the primary file, including all additional files and using the -S parameter to silence the install.
4. Deploy the distribution package.
• Manually install the patch.
1. If not already extracted, double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-Console on each remote console.
3. When Setup finishes, reboot.

Installing on all Web console servers not physically located on the core server

1. If not already extracted, double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-Webconsole on each addition off-core Web console.
3. When Setup finishes, reboot.

Installing on managed clients

After patching the core, choose ONE of the following agent update methods:

• Use the Security and Patch Manager tool to automate the client update.
• Deploy the patch as a distribution package.
1. If not already extracted, double-click on the self-extracting executable and extract it.
2. Place the LD87-SP6-client folder on a UNC or web share.
3. Create a distribution package pointing to Setup.exe as the primary file, including all additional files and using the -S parameter to silence the install.
4. Deploy the distribution package.
• Use the Scheduled Tasks window to "push" a client configuration to client computers.
• Launch WSCFG32.EXE on selected client computers.
• Manually install the patch.
1. If not already extracted, double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-client on each client workstation.
3. When Setup finishes, reboot.

Installing on Server Manager clients

After patching the core, choose ONE of the following agent update methods:

• Deploy the patch as a distribution package.
1. If not already extracted, double-click on the self-extracting executable and extract it.
2. Place the LD87-SP6-client folder on a UNC or web share.
3. Create a distribution package pointing to Setup.exe as the primary file, including all additional files and using the -S parameter to silence the install.
4. Deploy the distribution package
• Use the Scheduled Tasks window to "push" a client configuration to client computers.
• Launch SERVERCONFIG.EXE on selected client computers.
• Manually install the patch.
1. If not already extracted, double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-client on each Server Manager client.
3. When Setup finishes, reboot.

Installing on the rollup core server

1. If not already extracted, double-click on the self-extracting executable and extract it. It is recommended to extract to a permanent location.
2. From the extracted files, run Setup.exe from LD87-SP6-Rollupcore on the rollup core server.
3. When Setup finishes, reboot.

Additional SP6 information

The following sections describe important changes SP6 makes that you may want to be aware of. This service pack includes SP1 through SP5, and important SP1 through SP5 changes are described in another readme available at http://community.landesk.com/downloads/ServicePack/87sp5readme.txt.

Agent changes

• Updated many Agent Configuration foreign language issues.
• Improved Mac client stability.

Asset Management

• Updated CSV import to allow editing the asset after import.
• Improved data synchronization Asset manager database and the LDMS database

Connection Control Manager

• Usbmon.exe disables key combination "Ctlr + Shift + Up arrow” in Excel as it is used by Usbmon.exe. So we added support to change these Keystrokes.
• Added support in Connection control configurations for W2K3 Client

Console

• Improved stability console and nested group functionality
• Added support in Connection control configurations for W2K3 Client

Inventory changes

• Fixed problem where softmon could cause 100% CPU utilization when scanning for blocked applications.
• Fixed several inventory service memory usage issues.
• Updated inventory service to roll ldappl3.pat changes into ldappl3.base. You can also change the percentage from 25 to something between 1 and 99 by setting the value in: HKLM\software\landesk\managementsuite\winconsole\softwareconfiguration\ldappl3\Patch File Maximum Percentage
• Updated inventory service maintenance routine, to handle multiple SQL Server lock timeout exceptions.
• Added an option to "send all executed data" for Inventory Scanner via command-line. Use /SAE to force "Send All Executed".

Macintosh

• Added a New method has been added to get proxy info under PPC.
• Updated client stability.

OS deployment and provisioning changes

• Add ability to create folders more than 3 levels deep.
• Updated various issues to increase PXE stability and performance.

Provisioning

• Now the size and offset parameter can accept -1 as valid value when creating a partition.
• Updated various issues to increase Provisioning stability and performance.

Remote Control

• Fixed remote control sessions that failed to a locked workstation when signing on with a different user than the user who locked it.
• Fixed various language related issues.

Reporting

• Fixed various report display issues.
• Added a canned report for the rollup "Detected Vulnerabilities" to display additionally the Originating Core server of the Device.

Security and Patch Manager changes

• Added support for newer visions of McAfee, Trend PC-cillin,
• Added support for Symantec Endpoint Protection 11, Trend Server Protect 5.7, Internet Security 2008, OfficeScan 8.0, eTrust 8.0 & 8.1, and ESET nod32 antivirus.
• Installing the self-contained agent install now installs AV will remove other vendors' AV products if the machine cannot contact the core server at the time of install.
• Updated support for Windows Vista OS.
• Added enhancement for updatevirusdefinitions.exe to use proxy settings in the patchsources.xml when executable is run independently.
• When viewing Security and Patch Information for multiple computers, and then selecting multiple vulnerabilities to schedule a repair - only the affected computers for the first vulnerability would be added to the repair task. This has been fixed so that any of the currently selected affected computers will be added to the repair task for each vulnerability in the repair.

Software distribution changes

• Improved software distribution peer download performance.
• Multicast Targets with 0.0.0.0 Subnet Masks get stuck in active status.
• Scheduled Tasks within Groups disappeared if groups were dragged within one another.
• The name of the core server has been added to the preferredservers file name so that different cores will request different files from their peers. This should prevent managed nodes from getting a preferredservers file from core that they are not managed by.
• When using a Subnet Aware Download in the delivery method, when a file finished downloading it was not closing the socket, This update will now close the socket (on 127.0.0.1) and exit the thread. Also when Subnet Aware Download fails to create a socket to 127.0.0.1 for file discovery, the tread will continue and attempt peer download, this occurs when Subnet Aware Download is enabled and the required lock fails.
• Updated Software Distribution to increase stability and performance.

Software Licensing Monitoring

• Added support for usage data for Yahoo Messenger version 7.
• Updated several import and reporting errors.

LANDesk Trusted Access

• The /showui vulscan command line option was hard coded in the code. This has been removed and is controlled by the settings xml file. In order for this change to take affect, the settings must be re-published.
• Updated several import and reporting errors.

Other changes

• This service pack adds support for Windows XP SP3 and Vista SP1 as management consoles and managed clients.
• When the COM+ LANDesk1 component Signature is called the memory is not unallocated and dllhost.exe hangs. This memory leak was fixed.

Additional SP1 through SP5 information

This service pack includes SP1 through SP5, and important SP1 through SP5 changes are described in another readme available at http://community.landesk.com/downloads/ServicePack/87sp5readme.txt.