Clutter: when to delete, when to hide

trash

The KeyConfigure user interface supports deletion of any of the main objects, but you should think twice before deleting. Often the motivation for deleting objects is to “clean up” the data. However, there are better ways to clean up than simply deleting data. Deleted objects can no longer be displayed in reports and this can obscure historical context that might be useful in analyzing your software requirements.

Hiding objects

The main KeyConfigure windows have a column on the left hand side where you can filter the list of objects presented on the right hand side. This is covered in the User Interface Navigation video. So whenever your goal is to “clean up” so that you are not constantly looking at extraneous records, one alternative is to use folders or filters to categorize and hide old data.

Computers

If you want to prohibit a computer from logging into KeyServer again, you should drag the computer onto the word “Excluded” on the left hand side of the computers window. Deleting a computer will not prevent future logins.

If you want to release a KeyServer license so that it can be used by a different client, you should drag it into “Dormant”. Setting a computer to Dormant allows it to continue to appear in Usage reports (Audit reports on the other hand only include Dedicated and Leased computers). For more about the different Login types, refer to the Computers Window documentation. Also note the section about Rules and Acknowledged computers — dragging to Dormant acknowledges a computer, so if you want rules to be applied in the event that the computer logs in again, you should drag it on to the “Discovered” rule.
Computers window documentation

Policies

You might be tempted to delete Policies in order to change configuration. If you no longer want a policy to have an effect on any clients, you should open the policy details and check the “Disabled” checkbox in the “Scope & Action” pane. This will disable the policy without changing any of the other properties. A disabled policy will no longer control or log usage and it will not be included when reconciling with purchase records — but  it will still be available for reference in historical usage reports. Deleting the policy would have the same effect on clients, but it would also prevent further reporting on the policy. If you don’t want to see the policy in the Policies window, you could make a folder (or filter) for disabled policies, and select only the other folders for display. Note that there are other ways to “turn off” a policy, such as setting the Scope to a group containing no computers, or deleting the product associations from within the policy – but these sorts of changes will not remove it from the reconcile calculations.

If you made a Policy just to do a simple test, then you can delete it when your test is complete since the usage and reporting data is likely unimportant.
Policies window documentation

Products

Sometimes after PRS automatically imports products, Administrators see Products listed that they have not purchased, and a common reaction is to want to delete them. However, these products appear because some program within the product has been found on a client computer. This does not mean that the product itself (which often is comprised of multiple programs) has been found. As an example, you may have purchased the Adobe Web Standard product. You will see this in the Products window along with the related products such as Adobe Web Premium and Adobe Photoshop. The related products are useful for comparing alternate purchase strategies in the future and also you may discover a product installation that you did not expect — this may reveal a compliance problem or an error in purchase records.

To look at a shorter list of products in the Products window, the simplest is to display only Referenced products — these are products for which there is a Purchase and/or a Policy. Even after filtering the Products window, you may see products listed in the Audit Products report that you don’t want to see. In order to prevent a product from appearing in that report, you can set the product to Ignored by dragging it onto the word Ignored in the left hand column of the products window. Ignored products will no longer appear in any Audit report but they will continue to appear in Usage reports if in fact they were managed by some policy that was used in the past.
Products window documentation

Purchases

If you make a mistake and discover that some purchase never should have existed at all, you can delete it. If for some reason you don’t want to count the entitlements for a certain purchase any more, you can check the “Dormant” checkbox in the “Rights & Conditions” pane. This tells the Reconcile windows not to include this purchase when computing your bottom line entitlement position for this product.
Purchases window documentation

Groups

Deleting a group that is defined by external authentication has no effect — the group will re-appear after a refresh. Deleting a group that is defined internally in KeyConfigure will mean that it can no longer be used as the scope of a Policy. If you attempt to delete a group that is currently referenced as the scope of one or more Policies, you will get a warning message. If you proceed, the group name will still appear as a scope limit in the policy details window but this non-existant group contains no computers – so the policy having no computers in its scope will be effectively disabled.
Groups documentation

Locations

Locations can be used to control who can login to KeyServer and they can be used as one of the clauses in a group definition. If “Allow Connections From All Locations” is not checked, then only computers within the specified ip ranges (locations) will be allowed to login to KeyServer. Deleting a location in this case will have the obvious consequences.

On the other hand, when “Allow Connections From All Locations” is checked, deleting a location will not effect what computers can login but still might change the meaning of any group definition that references the location. Assuming such a group is used as a scope for some policy, the deletion could cause the policy to manage fewer computers (perhaps none!). When a location is no longer needed to allow logins and it is not referenced in any group definition it can be deleted without consequences since locations do not appear in reports.
Locations documentation

Programs

You can delete programs, but they will be rediscovered when a client computer is audited or the program is launched. Unless a program is no longer installed anywhere deleting it will not have any enduring effect. Most of the discoveries listed in the Programs window are classified as Ignored (meaning they are not part of any Product) and they are hidden from view by default. Since KeyServer management Policies are based on Products and Products do not include ignored programs, deleting an ignored program has no effect on Policies. Of course a deleted program can no longer be mentioned in an Audit or Usage report that displays Programs (as opposed to Products or Policies). Most configuration is done in the Products, Policies, and Purchases window — and in the Programs window, ignored programs are hidden by default — so you really have little reason to worry about “extra” programs being included.

One of the strengths of KeyServer is that it will discover ALL programs on your computers. Many of them might initially be uninteresting, but if some day you want to investigate some issue the last use times on various computers will be available in the audit database. To learn more, you might make a new Product definition that includes the program (so it is no longer “ignored”) and then perhaps create a log policy (or maybe even a Deny policy !).
Programs window documentation

Time Sets

Time Sets are only used to specify options to reports. If you no longer need to run any reports on a certain Time Set, you can delete it.
Time Sets documentation

Connected Clients

You cannot delete Connected Clients as this window shows a live view of all connections.
Connected Clients documentation

Roles and Accounts

You can delete Roles and Accounts whenever they are no longer needed. Note though that deleting an Account defined by external Admin Authentication has no effect. These entries in the Roles & Accounts window are simply cached in memory once someone attempts to login using that name. The presence of the name doesn’t mean anything — external authentication is always consulted when someone tries to login.
Roles & Accounts documentation

Summary

Often the reason for wanting to delete an object from KeyConfigure is to get rid of clutter to simplify a view. However this is usually better accomplished by filtering the view of each of the main windows. For a few objects, deleting will cause a configuration change, but even then there may be a way to cause the same change without deleting. As always, don’t hesitate to contact us with questions.

No comments yet.

Leave a Reply