- AccessChk: View effective permissions on files and folders - Thu, Apr 13 2023
- Read NTFS permissions: View read, write, and deny access information with AccessEnum - Wed, Mar 29 2023
- Kill Windows a process with Tskill and Taskkill - Mon, Mar 13 2023
XEOX is an administrative tool that allows you to manage hardware, software, and networks from a central repository. XEOX is suitable for companies with 10 to 10,000 PCs, and it is compatible with all major versions of Windows. Of course, it is possible to implement XEOX for customers who are even smaller, e.g., who have just one server and a few computers.
Currently, XEOX includes four main modules:
- Configuration Management Database (CMDB) – A database that stores information about hardware and software assets, sites, people, and departments.
- Update Center – A module that shows devices and provides information about needed updates.
- Job Center – A module that creates, schedules, and controls jobs like the installation of Windows updates.
- Port-based Network Access Control (PNAC) – A network security solution that prohibits access to the network by unregistered devices.
Other modules include a Reporting module, an IP-Plan module, a Security module, and a Subnet configuration module. For more information about each module, visit the XEOX website.
Installing the XEOX agent
To get started with XEOX, an agent needs to be installed on your Windows clients. The agent will create an object in CMDB and fetch inventory and Windows update statistics. It is also responsible for applying updates and running other tasks, like a scheduled reboot.
The agent can be installed in several ways: manually or by using command line, PowerShell, or Group Policy. To install the agent, simply copy the command from XEOX dashboard -> Agent and execute it on the target computer.
Note: The installation command is organization-specific. If you have more than one organization defined in your XEOX account, make sure to pick the command for the correct organization. Organizations will be covered later in this post.
CMDB & Inventory
The Configuration Management Database (CMDB) module is a central repository of your hardware and software assets. CMDB offers two options for storing an asset:
- Automatic asset creation – This option requires the XEOX agent to be installed on a device, which will be your Windows server or client.
- Manual asset creation – Manual asset creation is useful for adding devices like printers and phones.
CMDB also allows you to create Sites, Departments, and Persons (to whom you may assign an asset). Although having Departments or Persons is optional, having a Site is required. The default site for an agent is Lost&Found, which is created automatically for an organization. To change this, simply create a new site in CMDB -> Site and mark it as the default for new agents.
NOTE: For manually created assets, you must always select the Site manually.
A few minutes after an agent has been installed on a device, a hardware object is created in the CMDB with various kinds of information about its hardware, network information, installed software, and so on. Note that several tags are generated automatically; for example, indicating whether the device is a DHCP server or a desktop.
Update Center is a module that displays information about your devices and their update status. Here you can easily see how many devices are missing updates, the overall status of the device (indicated by a color code), and some basic information about the device (like the amount of free disk space available). Several actions can be initiated from Update Center; for example, new patch jobs.
Job Center is where you control the actions of a device using an installed agent. The job may be a scheduled reboot, installation of Windows updates or software programs, or a random task that you create using the provided toolbox.
Many options are available in the job settings. You can create a job for a single device or, using a tag, for many devices. You can also exclude a specific device from the job. A single job can include several tasks, such installing a software program followed by installing Windows updates.
To apply Windows updates, XEOX uses a product called WuInstall, a command-line tool. If you want to know more about WuInstall, check out my review WuInstall: Windows Updates with a command.
Port-based Network Access Control (PNAC) is a security solution that prohibits access to the network by unregistered devices. It is based on dot1x. It allows you to create own network access rules, such as rules for moving unknown devices to a specific VLAN. PNAC supports switches from the CISCO SG series, Cisco Catalyst, HP Procurve, HP Aruba, and the DELL Powerswitch N series.
PNAC also offers features like automatic network documentation, mail notifications for unknown devices, and more.
Many organizations can be created under your account, which is extremely useful if you are an IT service provider. Having more than one organization allows you to separate your customer devices from each other and to create different jobs, sites, and so on. One cool thing is that you can grant granular access to your customer so that he can check the status of his devices or perform allowed actions on his own.
XEOX has a transparent, pay-per-use pricing model. Each device costs 1€/month per module. Currently there are two paid modules:
- Update & Job Center
- Port-based NAC
The CMDB module is included for free in either one. If you are eager to try XEOX, you can sign up at their website and get six months for free, which is great.
Subscribe to 4sysops newsletter!
XEOX is a very promising tool for managing Windows-based environments. It offers a very intuitive user interface, easy deployment, automatic hardware and software inventory, change tracking, deployment of software and updates, and much more. The tool is being constantly improved, and new features are being added on a regular basis. Forthcoming features that I can tell you about include a basic alerting system (client availability, disk space, etc.) and TeamViewer integration.