After carefully installing and configuring many software packages on one computer, it is often convenient to then "clone" this original system onto multiple target computers. This is often useful when setting up a lab so that every computer has exactly the same set of software on it, and the same basic configuration. This general process is often referred to as "cloning", and is still commonly used despite newer layered deployment methods becoming popular. In the latter, case, installing KeyAccess as a package on deployed systems has no special concerns as it's a unique install and not a copy of an install.

Some configuration details like the name and IP address for each target machine must be unique. Because of this, certain files and Windows Registry keys must be deleted before the image is captured from the source system. Note if you are making an "image" that will only be used to restore a single computer to its original state (e.g., using products such as "Deep Freeze" and "Drive Shield"), then all files can (and probably should) be included in the image. If a source image will be cloned to multiple targets, consult the lists below for KeyAccess-related files and settings that must be excluded from the source image.

Virtual Computers

A virtual computer is implemented simply as a file (or small collection of files) within some host computer, and therefore a virtual computer is especially easy to clone (either consciously or otherwise). But beware: the same precautions described below should be followed within any virtual computer image before it is cloned. When following the instructions below, KeyServer will create a new computer record for the virtual computer that is identified (by default) by the letter V prefixing the computer ID (as seen in the Computers window). KeyServer can be configured to use other ID types for Virtual Computers - see the Computer ID Types documentation for more.

  Depending on the particular virtual computer technology and network setup configuration, there may be some surprises. In particular (depending on how the ethernet hardware interface is virtualized), cloned virtual computers running on multiple hosts may all attach themselves to a single computer record in the KeyServer's Computer window! Obviously this will lead to some confusing anomalies in license control and reporting. You might see multiple active sessions in the "Users of KeyServer" window that all correspond to the same computer in the Computers window.

To avoid this problem, every cloned instance of a virtual computer must be customized with a distinct virtual ethernet hardware address. This requirement is in addition to the more obvious requirement that the virtual computer name must likewise be made unique to avoid name conflicts in the domain. Fortunately, the various virtualization technologies and KeyServer generally provide configuration options that will result in distinct computer records for each distinct instance of a virtual computer. Alternatively, a different Computer ID type can be configured for use on VMs. To put it more simply, if you're copying a VHD for use on another machine, you should use the same procedures as if you were cloning a machine, like using SysPrep and removing files like those in this document. Feel free to call Sassafras Support for help navigating these concerns.


When preparing to clone a Windows system, stop the KeyAccess Service, then delete the following folders and registry keys:

  • C:\ProgramData\KeyAccess\ (if using a modern OS version)
  • C:\Documents and Settings\All Users\Application Data\KeyAccess\ (if using a pre-Win7 OS)
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyAccess\Settings\pref
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyAccess\Settings\settings
  • Be sure not to start the KeyAccess Service again before capturing your image. If you reboot the machine, the service will start and you'll need to remove these items again.

    MacOS X

    The first step is to ensure that the KeyAccess process is not running. Using these commands in Terminal will ensure all processes are terminated.

    sudo killall kass
    killall KeyAccess
    sudo launchctl unload /Library/LaunchDaemons/com.sassafras.KeyAccess.plist
    sudo killall kass
    killall KeyAccess

    After this, just delete the /Library/Preferences/KeyAccess/ folder and empty the Trash.

    Note: If you want cloned clients to point to the same KeyServer as the computer you took the image from, you should be sure to copy the file /Library/Preferences/com.sassafras.KeyAccess.plist, so do NOT delete this.


    As with Mac, the first step is to terminate any running process, then remove the appropriate directory:

    sudo service KeyAccess stop
    sudo rm -r /var/lib/KeyAccess

    Note that if you have client specific customizations in the /usr/share/ka/ka.xml you will want to consider if cloning this or setting default values before cloning is appropriate.

    Carbon Copy Cloner

    Carbon Copy Cloner is an OS X utility from Bombich Software. In order to exclude the KeyAccess files from the images it writes, edit the file at Library/Preferences/com.bombich.ccc.plist (probably relative to your home directory). Find the cacheItems section that starts with:

    Add the following items to the end of the array:
        <string>var/root/Library/Preferences/KeyAccess\ Audit</string>
        <string>var/root/Library/Preferences/KeyAccess\ Offline</string>
        <string>var/root/Library/Preferences/KeyAccess\ Prefs</string>
        <string>var/root/Library/Preferences/Portable\ Keys\ (don???t\ move\)</string>
        <string>/Library/Preferences/KeyAccess/KeyAccess\ Audit</string>
        <string>/Library/Preferences/KeyAccess/KeyAccess\ Offline</string>
        <string>/Library/Preferences/KeyAccess/KeyAccess\ Prefs</string>
        <string>/Library/Preferences/KeyAccess/Portable\ Keys</string>


    Ghost is a Windows utility from Broadcom (formerly Symantec). In order to exclude the KeyAccess files from the images it writes, you should first manually delete the registry entries listed above, then run ghost.exe with the flag -skip=@skipfile. *

    skipfile should contain the following text:

    [ghost exclusion list]
    *\Documents and Settings\All Users\Application Data\KeyAccess Audit
    *\ProgramData\KeyAccess\KeyAccess Audit
    *\Documents and Settings\All Users\Application Data\KeyAccess\KeyAccess Audit
    *\Local Settings\Application Data\KeyAccess Offline
    *\ProgramData\KeyAccess\KeyAccess Offline
    *\Documents and Settings\All Users\Application Data\KeyAccess\KeyAccess Offline
    [end of list]
    Alternatively, you could create the image, and then use Norton Ghost Explorer to remove these manually.

    *Note: when the source image uses the NTFS file system the ghost tools mentioned above can't be used so you will have to manually delete the files and directory. Before deleting, use the task manager to shutdown keyacc32.exe and then freeze the source image before rebooting.

    Other Programs

    There are many other utilities which can be used for cloning, for which we don't have specific instructions on how to exclude files. If you use one of these products, and know how to configure excluded files, please send an email describing the process to Sassafras Support.

    On a somewhat related issue, when using an image restore technology such as "Deep Freeze" (in order to revert a managed computer back to an initial state), similar cautions apply. The settings listed above should be excluded from the reversion. For details regarding "Deep Freeze", read tech note #3704.