3062 SM

Novell ZENworks 7 Desktop Management Administration
C OURSE 306 2
Novell Training Services

A U T HOR IZ E D C OU RS E WARE
w w w. n o v e l l . c o m
Part # 100-005038-001 Version 1
VIEW ONLY NO PRINTING ALLOWED
Proprietary Statement
Copyright 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express prior consent of the publisher. This manual, and any portion thereof, may not be copied without the express written permission of Novell, Inc. Novell, Inc. 1800 South Novell Place Provo, UT 84606-2399
Trademarks
Novell, Inc. has attempted to supply trademark information about company names, products, and services mentioned in this manual. The following list of trademarks was derived from various sources.
Novell, Inc. Trademarks

Novell, the Novell logo, NetWare, BorderManager, ConsoleOne, DirXML, GroupWise, iChain, ManageWise, NDPS, NDS, NetMail, Novell Directory Services, Novell iFolder, Novell SecretStore, Ximian, Ximian Evolution and ZENworks are registered trademarks; CDE, Certified Directory Engineer and CNE are registered service marks; eDirectory, Evolution, exteNd, exteNd Composer, exteNd Directory, exteNd Workbench, Mono, NIMS, NLM, NMAS, Novell Certificate Server, Novell Client, Novell Cluster Services, Novell Distributed Print Services, Novell Internet Messaging System, Novell Storage Services, Nsure, Nsure Resources, Nterprise, Nterprise Branch Office, Red Carpet and Red Carpet Enterprise are trademarks; and Certified Novell Administrator, CNA, Certified Novell Engineer, Certified Novell Instructor, CNI, Master CNE, Master CNI, MCNE, MCNI, Novell Education Academic Partner, NEAP, Ngage, Novell Online Training Provider, NOTP and Novell Technical Services are service marks of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE LINUX AG, a Novell company. For more information on Novell trademarks, please visit http://www.novell.com/company/legal/trademarks/tmlist.html.
Disclaimer
Novell, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes in its content at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any NetWare software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of NetWare software at any time, without obligation to notify any person or entity of such changes. This Novell Training Manual is published solely to instruct students in the use of Novell networking software. Although third-party application software packages are used in Novell training courses, this is for demonstration purposes only and shall not constitute an endorsement of any of these software applications. Further, Novell, Inc. does not represent itself as having any particular expertise in these application software packages and any use by students of the same shall be done at the students own risk.
Other Trademarks
Adaptec is a registered trademark of Adaptec, Inc. AMD is a trademark of Advanced Micro Devices. AppleShare and AppleTalk are registered trademarks of Apple Computer, Inc. ARCserv is a registered trademark of Cheyenne Software, Inc. Btrieve is a registered trademark of Pervasive Software, Inc. EtherTalk is a registered trademark of Apple Computer, Inc. Java is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries. Linux is a registered trademark of Linus Torvalds. LocalTalk is a registered trademark of Apple Computer, Inc. Lotus Notes is a registered trademark of Lotus Development Corporation. Macintosh is a registered trademark of Apple Computer, Inc. Netscape Communicator is a trademark of Netscape Communications Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. Pentium is a registered trademark of Intel Corporation. Solaris is a registered trademark of Sun Microsystems, Inc. The Norton AntiVirus is a trademark of Symantec Corporation. TokenTalk is a registered trademark of Apple Computer, Inc. Tru64 is a trademark of Digital Equipment Corp. UnitedLinux is a registered trademark of UnitedLinux. UNIX is a registered trademark of the Open Group. WebSphere is a trademark of International Business Machines Corporation. Windows and Windows NT are registered trademarks of Microsoft Corporation. All other third-party trademarks are the property of their respective owners.
Software Piracy
Throughout the world, unauthorized duplication of software is subject to both criminal and civil penalties. If you know of illegal copying of software, contact your local Software Antipiracy Hotline. For the Hotline number for your area, access Novells World Wide Web page at http://www.novell.com and look for the piracy page under Programs. Or, contact Novells anti-piracy headquarters in the U.S. at 800PIRATES (747-2837) or 801-861-7101.
Contents
Contents
Introduction Student Kit Deliverables . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2 Course Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3

Course Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Course Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Prerequisite Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Classroom Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Course Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VMWare and the Exercises . . . . . . . . . . . . . . . . . . . . . . . . NetWare and ZENworks 7 . . . . . . . . . . . . . . . . . . . . . . . . Exercise Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self-Study Workbook . . . . . . . . . . . . . . . . . . . . . . . . . . . ZENworks 7 Product Documentation . . . . . . . . . . . . . . . Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3 Intro-4 Intro-5 Intro-6 Intro-6 Intro-8 Intro-9 Intro-15 Intro-15 Intro-16 Intro-17 Intro-17
Exercise Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-9
Course Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-19 SECTION 1 Install ZENworks 7 Desktop Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. TOC-1
Objective 1
Describe the ZENworks 7 Suite Features . . . . . . . . . . . . . . . . 1-3

Desktop Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Server Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Handheld Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Linux Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Asset Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Instant Messenger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Packaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Personality Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1-4 1-5 1-6 1-6 1-7 1-7 1-8 1-8 1-9
Objective 2
Describe the New Features of ZENworks 7 Desktop Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

ZENworks 7 Desktop Management Components . . . . . . . . . 1-10 Whats New Since ZENworks 6.5 Desktop Management SP 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
Objective 3
Implement eDirectory Design Guidelines for ZENworks . . . 1-18

General eDirectory Design Guidelines . . . . . . . . . . . . . . . . . 1-18 eDirectory Design Guidelines for ZENworks . . . . . . . . . . . . 1-21 Using a Separate Tree for ZENworks . . . . . . . . . . . . . . . . . . 1-22
Objective 4
Install ZENworks 7 Desktop Management Back End Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25

Perform Pre-Installation Tasks . . . . . . . . . . . . . . . . . . . . . . . Determine the Services You Want to Install . . . . . . . . . . . . . Install the ZENworks 7 Desktop Management Server . . . . . Perform Post-Installation Configuration Tasks . . . . . . . . . . . Verify That the ZENworks 7 Desktop Management Services are Installed on Your Linux Server . . . . . . . . . . . . . Check for ZENworks 7 Desktop Management Files Installed on Your Linux Server . . . . . . . . . . . . . . . . . . . Exercise 1-1 Install ZENworks 7 Desktop Management Back End Services . . . . . . . . . . . . . . . . . . . . . . . 1-26 1-32 1-38 1-47 1-51 1-54 1-57

TOC-2
Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Version 1
Contents
Objective 5
Evaluate ZENworks Desktop Management Access Methods 1-67

ZENworks Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . 1-67 Login Dialogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-75 How to Determine the Access Method and Login Dialog to Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-79
Objective 6
Install ZENworks 7 Desktop Management Middle Tier Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-81

Verify and Implement Pre-Installation Requirements . . . . . . Gather the Information Necessary for the Installation . . . . . . Install the ZENworks Middle Tier Server on Linux . . . . . . . Configure Security (Optional) . . . . . . . . . . . . . . . . . . . . . . . . Verify That the Middle Tier Server Works Properly . . . . . . . Exercise 1-2 Install the ZENworks 7 Desktop Management Middle Tier Services. . . . . . . . . . . . . . . . . . . . . . 1-82 1-84 1-85 1-94 1-94 1-97
Objective 7
Install the ZENworks Desktop Management Agent . . . . . . 1-109

Verify That Workstations Meet Prerequisites . . . . . . . . . . . Determine the Services You Want to Install . . . . . . . . . . . . Install the ZENworks Desktop Management Agent . . . . . . Verify That the ZENworks Desktop Management Agent Installation Works Properly . . . . . . . . . . . . . . . . . . . Exercise 1-3 Install the ZENworks Desktop Management Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-110 1-111 1-113 1-128 1-129
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-141 SECTION 2 ZENworks Desktop Management Policy Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Objective 1 Describe Policy Management . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
What Policies Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Benefits of Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
VIEW ONLY Objective 2 Describe Policy Packages NO PRINTING ALLOWED

Version 1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
TOC-3
Objective 3
Describe and Configure Search Policies . . . . . . . . . . . . . . . . . 2-8

What a Search Policy Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to Configure a Search Policy . . . . . . . . . . . . . . . . . . . . . . Container Associations and Searching . . . . . . . . . . . . . . . . . . Search Order and Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 2-1 Configure a Search Policy . . . . . . . . . . . . . . . . . . 2-8 2-9 2-14 2-16 2-18
Objective 4
Describe How Policies Work. . . . . . . . . . . . . . . . . . . . . . . . . 2-22

The Process for Applying Policies . . . . . . . . . . . . . . . . . . . . . 2-22 Components Used for Implementing Policies . . . . . . . . . . . . 2-23
Objective 5
Describe Effective Policies . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

How Policies Are Applied . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27 What Effective Policies Are . . . . . . . . . . . . . . . . . . . . . . . . . . 2-34 Exercise 2-2 Determine Effective Policies . . . . . . . . . . . . . . . . 2-35
Objective 6
Describe Policy Package Copy and Policy Reporting . . . . . . 2-40

Policy Package Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-40 Policy Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-43
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-45 Exercise Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-48 SECTION 3 Implement Server Package Policies Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Objective 1 Create and Associate a Server Package . . . . . . . . . . . . . . . . . . 3-3
Create a Server Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Associate the Server Package . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

TOC-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Version 1
Contents
Objective 2
Describe the Purpose of Each Server Package Policy . . . . . . . 3-9

Dictionary Update Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Imaging Server Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Workstation Import Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . Workstation Removal Policy . . . . . . . . . . . . . . . . . . . . . . . . . Inventory Roll-Up Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZENworks Database Policy . . . . . . . . . . . . . . . . . . . . . . . . . . Wake-On-LAN Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 3-9 3-10 3-10 3-11 3-11 3-11
Objective 3
Plan Server Package Deployment . . . . . . . . . . . . . . . . . . . . . 3-12

Identify Possible Solutions to Meet Environment Needs . . . 3-12 Identify the Effect of the Policy on Associated Objects . . . . 3-13 Exercise 3-1 Configure a Server Policy Package . . . . . . . . . . . 3-17
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 SECTION 4 Automatically Import and Remove Workstations Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Objective 1 Describe Automatic Workstation Import (AWI) . . . . . . . . . . . 4-3
AWI Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 How AWI Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Objective 2
Implement Automatic Workstation Import (AWI) . . . . . . . . . 4-8

Verify that AWI is Working . . . . . . . . . . . . . . . . . . . . . . . . . . Configure the AWI Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . Enable Workstations to Find the Import Server . . . . . . . . . . Configure AWI Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . Register Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 4-10 4-18 4-25 4-26
Objective 3
Describe Automatic Workstation Removal (AWR) . . . . . . . 4-28

What AWR Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 How AWR Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
VIEW ONLY Implement Automatic Workstation Removal (AWR) . . . . . . Objective 4 NO PRINTING ALLOWED
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
4-30
TOC-5
Exercise 4-1 Import Workstation Objects into the Tree. . . . . . 4-34
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44 SECTION 5 Implement User Package Policies Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Objective 1 Create and Associate a User Policy Package . . . . . . . . . . . . . . 5-3
Create a User Policy Package . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Associate the User Policy Package . . . . . . . . . . . . . . . . . . . . . 5-4
Objective 2
Enable and Configure User Package Policies . . . . . . . . . . . . . 5-8

Dynamic Local User Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . Novell iPrint Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scheduled Action Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Extensible Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Desktop Preferences Policy . . . . . . . . . . . . . . . . . . Windows Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 5-15 5-23 5-23 5-28 5-31 5-36
Objective 3
Identify Common Configurations Set Through User Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-46 Exercise 5-1 Configure User Policies. . . . . . . . . . . . . . . . . . . . 5-48 Plan User Policy Package Deployment . . . . . . . . . . . . . . . . . 5-54
Identify Possible Solutions to Meet Environment Needs . . . 5-54 Identify the Effect of a Policy on Associated Objects . . . . . . 5-55
Objective 4
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-57 SECTION 6 Implement Workstation Package Policies Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
VIEW ONLY Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO PRINTING ALLOWED

TOC-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
6-2
Version 1
Contents
Objective 1
Create and Associate a Workstation Policy Package. . . . . . . . 6-3

Create a Workstation Policy Package . . . . . . . . . . . . . . . . . . . 6-3 Associate the Workstation Policy Package . . . . . . . . . . . . . . . 6-4
Objective 2
Enable and Configure Workstation Package Policies . . . . . . . 6-7

Computer Extensible Policy . . . . . . . . . . . . . . . . . . . . . . . . . . Novell iPrint Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Control Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Scheduled Action Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Workstation Imaging Policy . . . . . . . . . . . . . . . . . . . . . . . . . Workstation Inventory Policy . . . . . . . . . . . . . . . . . . . . . . . . ZENworks Desktop Management Agent Policy . . . . . . . . . . Exercise 6-1 Configure Workstation Policies . . . . . . . . . . . . . 6-7 6-9 6-9 6-9 6-10 6-11 6-12 6-12 6-17
Objective 3
Plan Workstation Package Deployment. . . . . . . . . . . . . . . . . 6-22 Exercise 6-2 Create an iPrint Policy in the SLC Workstation
Package to Distribute Your iPrint Printer . . . . . . . . . . . . . . . . . 6-25
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-32 SECTION 7 Introduction to ZENworks Application Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Objective 1 Describe How Application Management Works . . . . . . . . . . . 7-3
How Applications are Delivered through ZENworks . . . . . . . 7-3 Application Management Features . . . . . . . . . . . . . . . . . . . . . 7-5
Objective 2 Objective 3
Identify Application Management Tasks. . . . . . . . . . . . . . . . 7-12 Identify Application Management Components . . . . . . . . . . 7-15
Application Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15 Application Folder Objects . . . . . . . . . . . . . . . . . . . . . . . . . . 7-15 Exercise 7-1 Create and Use Application Folders . . . . . . . . . . 7-19

Version 1
TOC-7
Objective 4
Describe Novell Application Launcher Components . . . . . . 7-22

User Interface Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Application Launcher Engine . . . . . . . . . . . . . . . . . . . . . . . . Application Launcher Service for Windows . . . . . . . . . . . . . Application Launcher Workstation Helper . . . . . . . . . . . . . . 7-22 7-35 7-35 7-36 7-39 7-44 7-46 7-56 7-58 7-60 7-62
Objective 5
Configure Novell Application Launcher . . . . . . . . . . . . . . . . 7-38

Start Application Launcher . . . . . . . . . . . . . . . . . . . . . . . . . . Configure Application Launcher to Replace the Windows Desktop (Shell) . . . . . . . . . . . . . . . . . . . . . . . . . . . Customize Application Launcher Configuration Options . . . View the Objects Effective Settings . . . . . . . . . . . . . . . . . . . View the Configuration Tree . . . . . . . . . . . . . . . . . . . . . . . . . Designate the Top of a Configuration Tree . . . . . . . . . . . . . . Exercise 7-2 Configure Novell Application Launcher . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-65 SECTION 8 Distribute and Package Applications Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2 Objective 1 Distribute a Scripted Installation . . . . . . . . . . . . . . . . . . . . . . . 8-3 Exercise 8-1 Use ZENworks to Distribute a
Simple Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Objective 2
Re-package Applications With ZENworks snAppShot . . . . . . 8-9 Exercise 8-2 Use snAppShot to Deploy a NonMSI-Based
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Objective 3
Distribute an AOT/AXT Application with ZENworks . . . . . 8-18 Exercise 8-3 Create an Application Object
Using an AOT File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20

Contents
Objective 4
Package Software with ZENworks Software Packaging . . . . 8-25

AdminStudio ZENworks Edition System Requirements . . . . AdminStudio ZENworks Edition Components . . . . . . . . . . . What Windows Installer Is . . . . . . . . . . . . . . . . . . . . . . . . . . . How to Install AdminStudio ZENworks Edition . . . . . . . . . . 8-26 8-26 8-27 8-29
Objective 5
Repackage Applications with the AdminStudio Repackaging Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34

How the Repackaging Wizard Works . . . . . . . . . . . . . . . . . . Suggestions for Successful Repackaging . . . . . . . . . . . . . . . . Repackaging a Legacy Application Setup . . . . . . . . . . . . . . . Exercise 8-4 Repackage and Distribute WinZip 9.0 . . . . . . . . 8-34 8-35 8-35 8-45
Customize Application Installation with AdminStudio Tuner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49 Distribute MSI Based Applications with ZENworks. . . . . . . 8-52 Exercise 8-5 Create an MSI Application to
Distribute WinZip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-55
Convert AOT/AXT Packages to MSI Packages Using AdminStudio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-59 Decide Which Type of Distribution to Use . . . . . . . . . . . . . . 8-62 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-64
SECTION 9
Application Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Objective 1
Identify Application Object Configuration Options . . . . . . . . 9-3

Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Common . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MSI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . GUID Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 9-14 9-31 9-46 9-48 9-70 9-82 9-83 9-90
Objective 2
Automate the Distribution of Applications . . . . . . . . . . . . . . 9-94

A Distribution Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-94 Lights-Out Distribution (Pre-Install) . . . . . . . . . . . . . . . . . . . 9-94
Objective 3
Repair and Uninstall Applications . . . . . . . . . . . . . . . . . . . . 9-102

Verify an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-102 Uninstall an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-103
Objective 4
Describe Terminal Server and Web Applications . . . . . . . . 9-106

Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-106 Terminal Server Applications . . . . . . . . . . . . . . . . . . . . . . . 9-107
Objective 5
Distribute Applications to Disconnected Workstations . . . . 9-109

How Disconnected Application Launcher Works . . . . . . . . Types of Disconnectable Applications . . . . . . . . . . . . . . . . How to Distribute Applications to Disconnected Workstations . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 9-1 Manage Applications. . . . . . . . . . . . . . . . . . . . . 9-109 9-110 9-111 9-113
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-122 SECTION 10 Application Auditing and Reporting Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1
VIEW ONLY Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO PRINTING ALLOWED

TOC-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
10-2
Version 1
Contents
Objective 1
Configure Reporting for Application Events . . . . . . . . . . . . . 10-3

Available Reporting Options . . . . . . . . . . . . . . . . . . . . . . . . . How to Configure Service Location Packages . . . . . . . . . . . How to Configure the Application Object . . . . . . . . . . . . . . How a Report is Sent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 10-6 10-14 10-15
Objective 2
Implement Rogue Process Management . . . . . . . . . . . . . . . 10-16

Configure Tracking of Unmanaged Applications . . . . . . . . 10-16 Restrict Launching of Unmanaged Applications . . . . . . . . . 10-18 Exercise 10-1 Restrict Application Access With Rogue Process Management (RPM) . . . . . . . . . . . . . . . 10-20
Objective 3
Use Predefined Reports to View Application Events . . . . . 10-25 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27
SECTION 11
Distributed Application Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Objective 1
Implement Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Identify How Load Balancing Works . . . . . . . . . . . . . . . . . . Create a Duplicate Application Object (Optional) . . . . . . . . . Determine Configuration Options . . . . . . . . . . . . . . . . . . . . . Configure Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3 11-4 11-5 11-6
Objective 2
Implement Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

Select the Configuration Options You Want to Use . . . . . . . 11-9 Configure Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11
Objective 3
Implement Application Site List . . . . . . . . . . . . . . . . . . . . . 11-14

Identify How Application Site Lists are Implemented Using the Novell Client . . . . . . . . . . . . . . . . . 11-15 Identify How Application Site Lists Are Implemented Using a ZENworks Middle Tier Server . . . . . 11-16 Configure Application Site Lists . . . . . . . . . . . . . . . . . . . . . 11-19

Version 1
TOC-11
Objective 4
Implement Remote Alternate Applications . . . . . . . . . . . . . 11-22

Alternate Remote Application Configuration Options . . . . 11-22 How to Configure Alternate Remote Access Applications . 11-24 Exercise 11-1 Configure a Remote Alternate Application. . . 11-27
Describe Optimization Tips for Application Management . 11-30 Describe How to Simplify a Distributed Application Environment Using ZENworks Server Management . . . . . 11-32 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34
SECTION 12
Deploy Personality Migration Services Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Objective 1
Describe the Role and Function of Personality Migration Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3

Personality Migration Features . . . . . . . . . . . . . . . . . . . . . . . Personality Migration Types . . . . . . . . . . . . . . . . . . . . . . . . . Personality Migration Components . . . . . . . . . . . . . . . . . . . . How Personality Migration Components Work . . . . . . . . . . 12-3 12-4 12-6 12-9
Objective 2
Install ZENworks Personality Migration . . . . . . . . . . . . . . . 12-11

Prepare the Server for Personality Migration . . . . . . . . . . . 12-11 Prepare Workstations for Personality Migration . . . . . . . . . 12-15 Install ZENworks Personality Migration . . . . . . . . . . . . . . . 12-16
Objective 3
Migrate Workstations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24

Use the DNA Template Editor to Create a Template . . . . . Create an Application Object to Collect the Personality . . . Create an Application Object to Apply the Personality . . . . Exercise 12-1 Capture a Workstations Personality . . . . . . . . 12-24 12-31 12-38 12-40
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-46

Contents
SECTION 13
Image Workstations with ZENworks 7 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-2
Objective 1
Describe Workstation Imaging Components . . . . . . . . . . . . . 13-3

ZENworks Imaging Windows Agent . . . . . . . . . . . . . . . . . . . Imaging Engine (img) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ZENworks Image Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . ZENworks Imaging Proxy Server . . . . . . . . . . . . . . . . . . . . ZENworks PreBoot Services Environment . . . . . . . . . . . . . Linux Boot Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Image-Safe Data Viewer and Editor . . . . . . . . . . . . . . . . . . Imaging Boot Disk Creator . . . . . . . . . . . . . . . . . . . . . . . . . 13-3 13-8 13-9 13-10 13-11 13-13 13-13 13-17
Objective 2
Describe Common Imaging Deployment Strategies . . . . . . 13-19

Install a Standard Image Before Deploying New Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enable Existing Workstations for Future Re-Imaging . . . . . Re-Image Corrupted Workstations . . . . . . . . . . . . . . . . . . . Restore Lab or Classroom Workstations to a Clean State . . 13-19 13-21 13-21 13-22
Objective 3
Prepare the ZENworks Imaging Server . . . . . . . . . . . . . . . . 13-24

How to Install Preboot Services . . . . . . . . . . . . . . . . . . . . . . 13-24 How Preboot Services Works . . . . . . . . . . . . . . . . . . . . . . . 13-27
Objective 4
Prepare Workstations for Imaging . . . . . . . . . . . . . . . . . . . . 13-40

Workstation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 13-40 How to Configure an Imaging Boot Method . . . . . . . . . . . . 13-42 How to Enable Workstations for Auto-Imaging Operations 13-54
Objective 5
Create and Restore Images. . . . . . . . . . . . . . . . . . . . . . . . . . 13-58

Create a Workstation (Base) Image . . . . . . . . . . . . . . . . . . . Create an Add-On Image . . . . . . . . . . . . . . . . . . . . . . . . . . . Use Image Explorer to Customize an Image . . . . . . . . . . . . Make an Image Available for Automatic Imaging . . . . . . . 13-59 13-60 13-61 13-63

Version 1
TOC-13
Objective 6
Configure Imaging Policies . . . . . . . . . . . . . . . . . . . . . . . . . 13-70

Define Imaging Policies for Unregistered Workstations . . . Define Imaging Policies for Registered Workstations . . . . . Exercise 13-1 Deploy a Workstation Image. . . . . . . . . . . . . . Exercise 13-2 Restore the Deployment Workstations Personality. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-70 13-74 13-78 13-84
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-88 SECTION 14 Congure Remote Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-2 Objective 1 Describe the Role and Function of Remote Management . . . 14-3
Remote Management Features and Benefits . . . . . . . . . . . . . 14-3 Remote Management Components . . . . . . . . . . . . . . . . . . . . 14-4 Remote Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5
Objective 2
Configure Remote Management . . . . . . . . . . . . . . . . . . . . . . 14-9

Select a Remote Management Deployment Strategy . . . . . . . Configure Remote Management Ports (Optional) . . . . . . . . Configure Remote Management Policies . . . . . . . . . . . . . . Assign Rights to Remote Operators . . . . . . . . . . . . . . . . . . . Start Remote Management Operations Using ConsoleOne . Start User-Initiated Sessions . . . . . . . . . . . . . . . . . . . . . . . . 14-9 14-11 14-14 14-22 14-25 14-29 14-31 14-37 14-40 14-43
Objective 3
Perform Remote Management Tasks. . . . . . . . . . . . . . . . . . 14-31

Perform Remote Control Operations . . . . . . . . . . . . . . . . . . Execute Remote Wake Up Sessions . . . . . . . . . . . . . . . . . . View Diagnostic Information . . . . . . . . . . . . . . . . . . . . . . . Exercise 14-1 Configuring Remote Management . . . . . . . . .
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-52

Contents
SECTION 15
Congure Workstation Inventory and Reporting Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
Objective 1
Describe the Role and Function of Workstation Inventory . . 15-3

Workstation Inventory Components . . . . . . . . . . . . . . . . . . . 15-3 Inventory Server Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Objective 2
Configure Workstation Inventory . . . . . . . . . . . . . . . . . . . . 15-21

Plan Your Workstation Inventory Deployment . . . . . . . . . . Exercise 15-1 (Optional) Plan an Inventory Deployment . . . Install Inventory Agents on Workstations . . . . . . . . . . . . . . Configure the Inventory Service Object . . . . . . . . . . . . . . . Configure the Database Location Policy . . . . . . . . . . . . . . . Configure the Roll-Up Policy . . . . . . . . . . . . . . . . . . . . . . . Configure Workstation Inventory Policies . . . . . . . . . . . . . Configure the Dictionary Update Policy . . . . . . . . . . . . . . . Exercise 15-2 Configure Workstation Inventory . . . . . . . . . . 15-21 15-27 15-34 15-34 15-36 15-39 15-41 15-45 15-51
Objective 3
Run Inventory Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-61

Types of Inventory Reports . . . . . . . . . . . . . . . . . . . . . . . . . How to Generate Inventory Reports . . . . . . . . . . . . . . . . . . How to View Inventory Data with Quick Reports . . . . . . . . How to Export the Inventory Information . . . . . . . . . . . . . . Exercise 15-3 Generate Workstation Inventory Reports . . . . 15-61 15-62 15-64 15-72 15-77
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-84 Exercise Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-86 SECTION 16 Install and Congure Asset Inventory Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1

Version 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-2
TOC-15
Objective 1
Describe the Role and Function of Asset Inventory . . . . . . . 16-3

Asset Inventory Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-3 ZENworks Asset Management Server Components (Applications) . . . . . . . . . . . . . . . . . . . . . . . . . . 16-5 ZENworks Asset Management Client Applications . . . . . . . 16-7
Objective 2
Install a Standalone Deployment of ZENworks Asset Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-9

Standalone vs. Enterprise Deployment . . . . . . . . . . . . . . . . System Requirements for a Standalone Deployment Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . How to Install an Evaluation Standalone Deployment of ZENworks Asset Management . . . . . . . . . . . . . . . . . . . . System Requirements for a Client PC or Server . . . . . . . . . How to Install Client Software on Your PCs or Servers . . . How to Access ZENworks Desktop Management Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 16-1 Install and Configure a Standalone Deployment of ZENworks Asset Management . . . . . . . . . . . 16-10 16-12 16-13 16-24 16-27 16-31 16-36
Objective 3
Perform Basic Inventory Tasks With ZENworks Asset Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-49

View Inventory Data From the Reports Tab in Web Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Perform Basic Administrative Tasks With the Manager . . . Use the Network Discovery Engine to Discover Devices on Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . Use Novell ZENworks Asset Management Software Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercise 16-2 Perform Basic Asset Inventory Tasks with ZENworks Asset Management Web Console and Manager. . 16-49 16-52 16-54 16-57 16-65
Objective 4
Evaluate the Software Compliance and Usage Components of ZENworks Asset Management (ZAM) . . . 16-72
Software Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-72 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-74
VIEW ONLY NO PRINTING Summary ALLOWED

TOC-16
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-76
Version 1
Contents
APPENDIX A
Novell ZENworks 7 Desktop Management NetWare Server Installation How to Install ZENworks Desktop Management Back End Services on a NetWare Server. . . . . . . . . . . . . . . . A-2
Install the ZENworks Desktop Management Server . . . . . . . . A-2 Perform Post-Installation Configuration Tasks . . . . . . . . . . . A-17 Verify That the ZENworks Desktop Management Services Work Properly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-21 Exercise A-1 Install ZENworks Desktop Management Back End Services . . . . . . . . . . . . . . . . . . . . . . . A-22
How to Install ZENworks Desktop Management Middle Tier Services on a NetWare Server . . . . . . . . . . . . . A-27
Gather the Information Necessary for the Installation . . . . . . A-27 Install the ZENworks Middle Tier Server . . . . . . . . . . . . . . . A-28 Configure Security (Optional) . . . . . . . . . . . . . . . . . . . . . . . . A-38 Verify That the Middle Tier Server Works Properly . . . . . . . A-39 Exercise A-2 Install the ZENworks Middle Tier Services . . . . A-41 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-47
APPENDIX B
Linux Fundamentals Linux KDE Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2

How to Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3 How to Log Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-5 How to Shut Down and Reboot the Linux System . . . . . . . . . B-6 How to Identify KDE Desktop Components . . . . . . . . . . . . . . B-7 How to Use the Konqueror File Manager . . . . . . . . . . . . . . . B-11

Linux File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-14

File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Hierarchical Structure of the File System . . . . . . . . . . . . FHS (Filesystem Hierarchy Standard) . . . . . . . . . . . . . . . . . . Root Directory (/) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Directories (/home/) . . . . . . . . . . . . . . . . . . . . . . . . . . . Storage Devices (/dev/) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mount Points for Removable Media (/media/*) . . . . . . . . . . Mount Point for Temporarily Mounted File Systems (/mnt/) Directories for Mounting Other File Systems . . . . . . . . . . . . Filename Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual Consoles on OES Linux . . . . . . . . . . . . . . . . . . . . . . Bash Shell on Novell Open Enterprise Server Linux Servers Common Bash File System Commands . . . . . . . . . . . . . . . . Bash Command Web References . . . . . . . . . . . . . . . . . . . . . . B-14 B-17 B-19 B-21 B-21 B-22 B-22 B-23 B-24 B-25 B-26 B-28 B-35 B-36
Bash Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-26
Linux File System Permissions . . . . . . . . . . . . . . . . . . . . . . B-36

Permissions and Permission Values . . . . . . . . . . . . . . . . . . . . B-37 How to Set Permissions From the Command Line . . . . . . . . B-38 How to Set Permissions From a GUI Interface . . . . . . . . . . . B-42

Introduction
Introduction
The ZENworks 7 Desktop Management Administration course (3062) introduces you to the features and basic administrative tasks of installing and conguring ZENworks 7 Desktop Management services (and related ZENworks 7 components) on an Open Enterprise Server (OES) Linux server. Before starting the course, make sure you review the following:

Student Kit Deliverables Course Design

Course Objectives Course Audience Prerequisite Knowledge Certication Classroom Agenda Course Setup VMWare and the Exercises NetWare and ZENworks 7 Exercise Conventions Self-Study Workbook ZENworks 7 Product Documentation
Exercise Guidelines

Course Feedback

Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Intro-1
Student Kit Deliverables

Your 3062 student kit includes the following items:
Novell ZENworks 7 Desktop Management Administration manual (2 volumes) The manual contains the topics covered in a classroom and in the Novell Certication Exam for the course. It also contains exercises that can be completed in a classroom or in a self-study environment.
Novell ZENworks 7 Desktop Management Administration 3062 Course CD This CD contains a .pdf le of the course manual and the les necessary to setup and complete the exercises in the course.
DA-ZEN VMware Server DVD The DA-ZEN VMware Server DVD contains an OES Linux and a NetWare VMware virtual machine that you can use to install ZENworks 7 Desktop Management and other ZENworks 7 components.
Novell ZENworks 7 Product DVD The Novell ZENworks 7 Product DVD contains .iso les of all the Novell ZENworks 7 product CDs you need to complete the exercises in the course.

Intro-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Version 1
Introduction
Course Design
The following provides information about the design of the course to help you evaluate how to use the course materials in a classroom and for self-study:

Course Objectives Course Audience Prerequisite Knowledge Certification Classroom Agenda
Course Objectives
This course teaches you how to perform the following ZENworks administrative tasks:
Design a ZENworks Desktop Management implementation based on company or institution requirements Install ZENworks Desktop Management (middle tier and back-end services, and the management agent) Configure and implement server policy packages, user policies, and workstation policies Perform application management tasks such as distribution and packaging, auditing, and reporting Perform workstation administrative tasks such as importing and removing workstations, imaging workstations, and remotely managing workstations Perform administrative tasks such as configuring personality migrations, implementing patch management, using workstation inventory and reporting, and installing and using ZENworks Asset Management

Version 1
Intro-3
If you are in a classroom setting, and there is time left at the end of the course, the instructor might have you do the LiveFire exercise from the 3062 Self-Study workbook. The exercise gives you a chance to practice the skills learned throughout the course by providing a list of ZENworks Desktop Management requirements you implement on your own.
Course Audience
The primary audience for this course is NetWare administrators with no ZENworks experience who would like to implement ZENworks 7 in their production environment. However, we also recognize that you might be one of the following:
A ZENworks administrator, integrator, or engineer with experience using ZENworks 6.5 or earlier A new Novell or ZENworks customer A networking consultant Someone interested in obtaining the Certified NetWare EngineerSM (CNESM) 6 certification
Whatever your interest in ZENworks Desktop Management, this course provides a solid foundation of basic administrative skills in ZENworks 7 Desktop Management (and related ZENworks 7 Suite components). It also provides an introduction to the basic Linux skills you need to install these components on a SUSE Linux Enterprise Server or Novell Open Enterprise Linux Server on Linux.

Introduction
Prerequisite Knowledge
You should have an understanding of the following:

CompTIA A+ CompTIA Network+ Foundations of Novell Networking (courses 3001 or 3016) Novell Network Management (courses 3004 or 3042)
or
Equivalent networking experience (such as Linux or Windows networking).
We also recommend (but do not require) the following:
Some experience with eDirectory 8.7.3 or later through training, testing, or on-the-job experience Basic experience with any Linux desktop or server in a computing environment such as an enterprise or academic environment or through a training course (such as 3036 - SUSE Linux Fundamentals)
Extensive knowledge of Linux is not required to successfully complete the exercises in the course, but to adequately administer ZENworks 7 on a Linux server in a production environment, you need to have a Certied Linux Professional (CLP) certication-equivalent knowledge of SUSE Linux Enterprise Server 9.

Certication
This course helps you prepare for the following tests: Table Intro-1
Certication CNE CNE Test Number 050-694 CNI Test Number 050-894
Arrange to take a test within 6 weeks of receiving this course. After that, the test might be replaced by a test based on an updated version of the course. For more about Novell certication programs, access www.novell.com/training/certinfo/.
Classroom Agenda
This course is designed to be taught as a 5-day course with the following basic agenda:
Duration (hh:mm) 00:30 04:00
Module Day 1 Introduction Section 1: Install ZENworks 7 Desktop Management Section 2: ZENworks 7 Desktop Management Policy Management Day 2 Section 3: Implement Server Policy Packages Section 4: Automatically Import and Remove Workstations Section 5: Implement User Policies
02:00
00:30 01:40
02:40 01:50

Intro-6
Section 6: Implement Workstation Policies
Version 1
Introduction
Module Day 3 Section 7: Introduction to ZENworks Application Management Section 8: Distribute and Package Applications Section 9: Application Management Day 4 Section 9: Application Management (continued) Section 10: Application Auditing and Reporting Section 11: Distributed Application Management Section 12: Manage Personality Migration Services Section 13: Image Workstations with ZENworks 7 Day 5 Section 13: Image Workstations with ZENworks 7 (continued) Section 14: Congure Remote Management Section 15: Congure Workstation Inventory and Reporting Section 16: Install and Congure ZENworks Asset Management
Duration (hh:mm) 02:10
03:20 01:00 01:50
00:40 01:00
01:30
01:40
01:30
01:20 01:40
02:00

Course Setup
The following are the Windows XP host machines and VMware virtual machines used for the exercises in the course. Figure Intro-1
Host 1 WinXP Pro SP2 10.200.200.1 Host 2 WinXP Pro SP2 10.200.200.2
VMware WS 4.5.2/5 ConsoleOne 1.3.6d OpenOffice 1.1.4 (crossover cable) Host 1 VMware Virtual Machines DA-ZEN OES Linux 10.200.200.250 DNS/DHCP iPrint Server NSS Data Hard Disk
VMware WS 4.5.2/5 ConsoleOne 1.3.6d OpenOffice 1.1.4
Host 2 VMware Virtual Machines WS1 WinXP Pro XP2 10.200.200.11 Novell Client 4.5.1
DA-CITRIX Win2K Server 10.200.200.200 Terminal Server OpenOffice 1.1.4
WS2 WinXP Pro XP2 10.200.200.12
DA-SPM WinXP Pro SP2 10.200.200.150 Novell Client 4.9.1 AdminStudio ZEN snAppShot OpenOffice 1.1.4 Install File WinZip Install File
All students and the instructor have a pair of Windows XP workstations that host VMware Workstation virtual machines. The Windows XP workstations are connected by a crossover cable and are isolated from other computers in the classroom.

Introduction
Exercise Guidelines
The following information provides guidelines to help you make the most of the exercises provided in the course:

VMWare and the Exercises Exercise Conventions Self-Study Workbook ZENworks 7 Product Documentation Scenario
VMWare and the Exercises

In order to complete the exercises in the course, you can use VMware Workstation or VMware Player. In a classroom setting, you might be using one or the other. The following guidelines help you have a successful experience using VMware for the course exercises:

How to Move In and Out of VMware How to Use the VMware Snapshot Feature How to Use VMware Player
How to Move In and Out of VMware
While using a VMware virtual machine, you can switch (release) mouse and keyboard control to the host computer desktop by pressing Ctrl+Alt. To return to the VMware virtual machine and begin using the mouse and keyboard in the virtual machine by clicking the VMware window.

Version 1
Intro-9
Pressing Ctrl+Alt+Insert in a VMWare virtual machine is the same as pressing Ctrl+Alt+Delete.
How to Use the VMware Snapshot Feature
If you are using VMware Workstation 5 to run the virtual machines on Host1 and Host2, you can use the Snapshot feature to capture the current state of a virtual machine hard drive as a le, and then return to that state by selecting the Snapshot le.
Because Snapshot only saves the difference between the last state of the hard drive and the current state, snapshot les are relatively small.
The Snapshot feature is very useful when completing exercises. After successfully completing an exercise, you take a snapshot of the current state of the virtual machine. If you have problems in the next exercise, you can start over by reverting back to the previous snapshot. To use the Snapshot feature in this course for exercises, you need to know how to do the following:

Capture an Exercise Snapshot Return (Revert) to an Previous Exercise Snapshot
Because several of the exercises involve more than one virtual machine (such as DA-ZEN, WS1, and WS2), make sure you take a snapshot of each virtual machine used at the end of the exercise.
x
Intro-10
If you are in a classroom setting, the instructor might have already provided exercise snapshots on your Host1 and Host2 computers.
Version 1
Introduction
Capture an Exercise Snapshot
To capture a snapshot of a virtual machine at the end of an exercise, do the following:

1.
Make sure that your mouse cursor is released from the virtual machine window (you normally press Ctrl+Alt), and that you have shut down the virtual machine. Shutting down the virtual machine before capturing saves space as VMware only captures the current state of the virtual hard drive (.vmdk le) instead of the hard drive and what is in memory.
x
2.
Shutting down the virtual machine before capturing also ensures a clean snapshot and can help you avoid problems with some systems (such as Linux) that can occur after the snapshot (such as decreased processing speed).
From the VMware Workstation menu bar, select VM > Snapshot > Take Snapshot. A Take Snapshot dialog appears.
3.
In the Name field, enter the snapshot name. We recommend using the name of the next exercise. For example, if you have just nished Exercise 1-1 successfully, use an Ex. 1-2 snapshot name. This makes it easier to nd the snapshot you need to start the exercise.
4.
In the Description field, enter a description of the virtual machine (such as Use this virtual machine at the beginning of Exercise 1-2). When you finish, select OK. The snapshot le is saved in the same directory where your VMware virtual machine les are stored.
5.

Version 1
Intro-11
Return (Revert) to an Previous Exercise Snapshot
To return the virtual machine back to a state at the end of a previous exercise, do the following:
1.
Make sure that the VMware virtual machine is running or that the VMware virtual machine tab page is displayed. Make sure that your mouse cursor is released from the virtual machine window (you normally press Ctrl+Alt). From the VMware Workstation menu bar, select VM > Snapshot > Snapshot Manager. The Snapshot Manager dialog appears:
2.
3.
Figure Intro-2
VIEW ONLY 4. NO PRINTING ALLOWED

Intro-12
The snapshot tree at the top of the dialog shows the snapshots for this virtual machine in the order you have taken them. Select the snapshot for the exercise you want to start.
Version 1
Introduction
For example, if you wanted start at the beginning of Exercise 1-2, you would select that snapshot: Figure Intro-3
Notice that the full name and description of the snapshot appears below the snapshot tree window.
5.
After selecting the snapshot, select Go To. A warning message appears indicating that the current state of the virtual machine will be lost if you restore the snapshot.
6.
Do one of the following:
If saving the current state does not matter, continue by selecting Yes. or

If you want to save the current state before reverting to the selected snapshot, select No; then select You are here (in the snapshot tree) and save the state as a snapshot by selecting Take Snapshot.
If you select Yes, the snapshot you selected is restored, and you can with the current exercise.
How to Use VMware Player
VMware Player is free, downloadable software from VMware that lets you play VMware virtual machines created in VMware Workstation. It is also available on your 3062 Course CD. If VMware Player is installed on your Host1 and Host2 computers (instead of VMware Workstation) to run the course virtual machines (DA-ZEN, DA-SPM, DA-CITRIX, WS1, and WS2), there are some issues you need to understand before using VMware Player to complete the exercises:
Tabs vs. Windows. While VMware Workstation lets you open several virtual machines in the VMware Workstation window, and then tab from machine to machine, you need to start a new window (instance) of VMware Player for each virtual machine. While this does not impact the functionality of the exercises, there are steps that tell you to select a tab (such as DA-ZEN_Linux) and then select Start this virtual machine from the tab page. These steps refer to using VMware Workstation. To start a virtual machine in VMware Player, you need to start VMware Player and browse to and open the virtual machine (the .vmx le). You then switch between virtual machine by selecting a window instead of a tab.

Intro-14
Creating Snapshots. The Snapshot feature is only available in VMware Workstation. It is not available in VMware Player.
Version 1
Introduction
NetWare and ZENworks 7

ZENworks 7 installs on NetWare, Linux, and Windows. Although the exercises in the course focus on installing and conguring ZENworks 7 Desktop Management on a Novell Open Enterprise Server Linux server, you can use the DA-ZEN_NetWare virtual machine on your DA-ZEN VMware Server DVD to practice installing on a NetWare 6.5 server. The exercises for completing these steps are included in Novell ZENworks 7 Desktop Management NetWare Server Installation on A-1.
Only the exercises in Appendix A are supported when using the DA-ZEN_NetWare virtual machine. The exercises in Sections 1-17 are not supported or tested on the DA-ZEN NetWare virtual machine.
Exercise Conventions
The exercises use conventions that indicate information you need to enter that is specic to your server. The following describes the most common conventions:
italicized/bolded text. This is a reference to your unique situation, such as the host name of your server. For example, if the host name of your server is DA3 and you see the following: hostname.da.com you would enter DA3.da.com

Version 1
10.0.0.x or DAx. This is the IP address or host name that is assigned to your OES NetWare server.
Intro-15
For example, if your IP address is 10.0.0.3, and you see the following: 10.0.0.x you would enter 10.0.0.3
Select. The word select is used in exercise steps to indicate a variety of actions including clicking a button on the interface and selecting a menu item. Enter and Type. The words enter and type have distinct meanings. The word enter means to type text in a eld or type text at a command line prompt and press the Enter key. The word type means to type text without pressing the Enter key. If you are directed to type a value, make sure you do not press the Enter key or you might activate a process that you are not ready to start.
Self-Study Workbook
If you plan on working through the exercises outside a classroom, the Novell ZENworks 7 Desktop Management Administration Self-Study Workbook (in PDF format on your 3062 Course CD) provides all the exercises in the course, as well as instructions for setting up the computers and VMware virtual machines you need to complete the exercises. The self-study workbook also contains a LiveFire exercise (not included in the course manual) that tests the skills you learned by completing the exercises in the course.

Introduction
The exercises in the course require a copy of VMware Workstation 5 (or later) or VMware Player. If you do not own a copy of VMware Workstation 5, you can obtain a 30-day evaluation version at www.vmware.com. A copy of VMware Player is included on your 3062 Course CD or you can download it from www.vmware.com.
ZENworks 7 Product Documentation

For your convenience, we have provided many of the ZENworks 7 administration guides available at http://www.novell.com/documentation/zenworks7 and on your 3062 Course CD. These guides provide you with the instructions you need for implementing ZENworks 7 Desktop Management (and related components) in a production environment, and are frequently referenced throughout this manual.
Scenario
The following scenario is used throughout the course to help focus exercises on specic ZENworks 7 Desktop Management administrative tasks: Digital Airlines management has made the decision to begin using ZENworks 7 components to automatically congure, deploy, update, inventory, and track software on their Windows desktops. In addition, Digital Airlines would like to begin migrating some of their Novell services (such as iPrint and iFolder) to OES Linux servers, and install ZENworks 7 on Novell Open Enterprise Server (OES) Linux.

Version 1
Intro-17
As the network administrator for Digital Airlines, you have requested hardware to test ZENworks 7 (and other Novell services) on OES Linux in a lab environment before implementation in a production environment. You decide to initially set up 2 host servers using VMware to test ZENworks 7 Desktop Management and other ZENworks 7 components to meet the business requirements management is expecting from implementing ZENworks 7. In addition, you also need to determine what training you might need to administer ZENworks 7 on an OES Linux server.

Introduction
Course Feedback
Your feedback is valuable to Novell Education. To provide feedback on the course materials, use the web services tool at http://www.novell.com/training/contactus.html.


Install ZENworks 7 Desktop Management
SECTION 1
In this section, you learn about the new features in ZENworks 7 Desktop Management, eDirectory design guidelines for implementing ZENworks Desktop Management, and how to access ZENworks services. You also learn about the ZENworks Desktop Management components and how to install those components.
Objectives
1. 2.
Describe the ZENworks 7 Suite Features Describe the New Features of ZENworks 7 Desktop Management Implement eDirectory Design Guidelines for ZENworks Install ZENworks 7 Desktop Management Back End Services Evaluate ZENworks Desktop Management Access Methods Install ZENworks 7 Desktop Management Middle Tier Services Install the ZENworks Desktop Management Agent
3. 4. 5. 6. 7.

Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. 1-1
Introduction
Before installing and conguring the Back End services, Middle Tier services, and the agents, its important to understand the services provided by ZENworks, the role of eDirectory in providing these services, and what you need to do to prepare for installation. ZENworks uses eDirectory to manage policies, applications, and workstations. ZENworks has a 3-tier architecture that consists of Back End services, Middle Tier services, and workstation agents:

Back End services provide core ZENworks services. The Middle Tier provides communication as well as data translation services between the Back End server and the ZENworks workstation agents. Desktop Management agents are installed on workstations. Back End and Middle Tier services interact with workstation agents to provide management services.
How quickly ZENworks accesses objects in your eDirectory tree depends on the placement of these objects. A well-designed tree increases the efciency of the Directory.

1-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Version 1
Objective 1
Describe the ZENworks 7 Suite Features

Novell ZENworks makes it easy to deploy, manage, and maintain IT resources in today's diverse IT environments. By providing an integrated set of cross-platform tools that automate management across the lifecycle of desktops, laptops, servers, and handheld devices, ZENworks helps you to eliminate administrator effort and reduce IT costs while delivering the IT resources that users need, when they need themall based on identity. To help you understand how the ZENworks Desktop Management components play a role in the overall ZENworks 7 Suite, you need to know about the following suite features:

Desktop Management Server Management Handheld Management Linux Management Asset Inventory Data Management Instant Messenger Software Packaging Personality Migration Patch Management

Desktop Management
ZENworks Desktop Management lets you manage Windows desktops and laptops, including the ability to:
Automate distribution of desktop, thin-client, and Web applications, as well as provide self-healing of applications. Remotely manage workstations, including file transfers and real-time diagnostics. Inventory workstation hardware and software for both troubleshooting and auditing purposes. Deploy standard operating environments through the use of workstation imaging. Maintain standard operating environments through user and workstation policies that control workstation environments and behavior.
Server Management
ZENworks Server Management lets you manage NetWare, Windows, Linux, and Solaris servers, including the ability to:
Deploy application and data files across all server platforms regardless of server location to ensure a secure and consistent environment. Enforce and update server configuration, including both mass configurations and remote configurations. Inventory server hardware and software for auditing and capacity planning across multiple server platforms. Automate routine server management processes to ensure consistency and timely completion. Use policies to control server environments and behavior.

1-4
Version 1
Discover servers, monitor real time and historical data, receive and process SNMP traps for critical server parameters, and generate reports.
Handheld Management
ZENworks Handheld Management lets you manage Palm, Windows CE, Pocket PC, and BlackBerry handheld devices, including the ability to:

Distribute applications and content to devices. Secure information by using password enforcement, integration, self-destruct, and lockout capabilities. Optimize low-bandwidth connectivity through the use of compression, checkpoint restart, delta technology, and configurable bandwidth technology. Inventory device hardware and software and use detailed queries to generate reports. Automate device setup and standardize settings and programming. Retrieve files from devices to protect data and integrate it with corporate data. Remotely view or control the IP-enabled Windows CE devices. Synchronize the system password on the handheld device with the users network password. Assign multiple access points to a handheld device and defining the order of the access points to which the device must connect. Install software at a predefined time even when the device is not connected to the network. Uninstall software from Windows CE devices using the handheld policy.

Version 1
1-5
Delete files from Palm or Windows CE devices using the handheld policy.
Linux Management
ZENworks Linux Management lets you centrally control Linux software congurations for both servers and workstations, including the ability to:
Manage users and organize groups of machines for installations and updates. Integrate with leading software update systems such as SUSE Cast and Red Hat Network. Roll back software packages to pre-update versions if unintended problems are caused by the update. Automatically resolve software package requirements before updating to ensure that all dependencies are met.
Asset Inventory
Asset Inventory, a component of ZENworks Asset Management, lets you customize and manage the inventory of hardware and software in your enterprise using the following features:
Set up collection schedules to determine when inventory data is collected from workstations and customize many aspects of the inventory process itself. Control how (especially in a large enterprise) inventory data is organized and grouped by Collection Domains and Collection Servers. Assign different roles to inventory users, giving you control over who can work with inventory data and what kinds of changes they can make.

1-6
Version 1
Analyze the inventory data through queries and reports and edit the data when necessary.
You can choose whether to install Asset Inventory only (a license is provided with ZENworks), to install a 90-day evaluation version of ZENworks Asset Management, or to install a fully-functioning version of ZENworks Asset Management (including the Asset Inventory component) by purchasing a separate license.
Data Management
ZENworks Data Management, powered by Novell iFolder 2.1, enables you to manage the storage of users les, including the ability to:
Provide users with access to their files from anywhereonline or offlineacross multiple workstations and the Internet. Provide users with a simple, convenient, and secure way to back up and synchronize their files.
Instant Messenger
Instant Messenger, powered by GroupWise Instant Messenger 1.0, is a corporate messaging solution that delivers security, manageability, and business-class functionality. Using Instant Messenger, you can provide the following:
Secure communications among employees to protect sensitive information. Policy-based management through eDirectoryTM to simplify administration. Business-class functionality designed especially for the enterprise environment.

Version 1
1-7
Instant Messenger is based on Novell eDirectory and is LDAPenabled,
Software Packaging
ZENworks Software Packaging, powered by InstallShield AdminStudio ZENworks Edition, lets you manage Microsoft Windows Installer (MSI) packages, including the ability to:
Convert legacy-based installs to MSI packages, including migration of ZENworks AOT and AXT packages to MSI packages. Customize MSI packages for your organizations varying needs. Automate creation of directory objects used for management and distribution of the MSI package.
Personality Migration
ZENworks Personality Migration, powered by Unicenter Desktop DNA from Computer Associates, lets you efciently migrate and restore a full desktop environment, including the ability to do the following:
Control migration of system settings, desktop settings, and application settings. Control migration of folders and files. Use typical migrations or create custom migrations. Automate migrations. Back up and restore desktop environments.

Patch Management
ZENworks Patch Management, powered by PatchLink Update, lets you manage the software update and patch process across NetWare and Windows operating systems, including the ability to do the following:
Apply all required updates and patches to new installations to match corporate standards. Patch all major vendors software, including Novell, Microsoft, IBM, Adobe, Corel, Symantec, McAfee, WinZip, Citrix, and many others. Review detailed patch information to determine what patches are right for your organization. Target specific machines to ensure that the correct machines get the correct patches. Schedule the update times. Generate reports on patch compliance.
Patch Management is not part of the course material or certication exam. However, you can learn more about Patch Management by referring to the Novell ZENworks Patch Management Server User Guide (ptm7admin.pdf) in the ZENworks7_docs directory on your 3062 Course CD. You can also watch a presentation on Patch Management included on your 3062 Course CD in the Patch_Management_Video folder.

Objective 2
Describe the New Features of ZENworks 7 Desktop Management

Novell ZENworks Desktop Management is one of the core components of the ZENworks 7 Suite. It uses policy-driven automation to reduce (and in some cases eliminate) desktop management tasks such as software distribution, software repair, desktop conguration, workstation imaging, remote management, and workstation inventory throughout the life cycle of the device. To describe the new features of ZENworks 7 Desktop Management, you need to know the following:

ZENworks 7 Desktop Management Components Whats New Since ZENworks 6.5 Desktop Management SP 1
ZENworks 7 Desktop Management Components

ZENworks 7 Desktop Management includes the following basic components:
Automatic Workstation Import and Removal. Automatic Workstation Import imports workstations into eDirectory and integrates them automatically. Automatic Workstation Removal removes obsolete workstation data from the directory and from the Inventory database.

1-10
Workstation Management. Through the use of ZENworks policies, Workstation Management provides you with automatic management of server, user, and workstation configurations, processes, and behaviors to help eliminate visiting each workstation in your site to configure user settings and workstations.
Version 1
Application Management. Application Management helps you manage the distribution of applications to users on Windows workstations. Workstation Imaging. With Workstation Imaging, you can perform imaging operations such as capturing an image of a workstation and storing it on the same workstation (locally) or on an imaging (proxy) server, or restoring an image to several workstations simultaneously in a multicast session. In addition, Workstation Imaging supports Preboot Execution Environment (PXE) through Desktop Management Preboot Services. Preboot Services uses PXE to nd out if there is imaging work specied for a workstation and to provide the workstation with the les necessary to boot to the Desktop Management imaging environment.
Remote Management. Remote Management lets you remotely manage workstations (called managed workstations) from the remote management console and perform tasks such as remotely controlling the managed workstation and transferring files between the remote management console and the managed workstation. Workstation Inventory. ZENworks 7 Desktop Management lets you gather and administer complete hardware and software information for all workstations connected to your network. From ConsoleOne, you can view the complete hardware and software inventory of the workstations. You can also query the centralized database of the workstations and generate reports.
Sybase. Sybase Adaptive Server Anywhere (ASA) is a network database server bundled with ZENworks 7 Desktop Management.

Desktop Management lets you install Sybase ASA as the database platform for mounting Workstation Inventory and Novell Application Launcher databases on NetWare and Windows. In addition to the basic components of ZENworks 7 Desktop Management, you are also introduced to the following ZENworks 7 components in this course:
Asset Inventory. Asset Inventory is a component of Novell ZENworks Asset Management (ZAM) that lets you customize and manage the inventory of hardware and software in your enterprise. ZENworks Asset Management is new to ZENworks 7 and gives you features that are not currently part of the Workstation Inventory component.
Patch Management. ZENworks Patch Management, powered by PatchLink Update, lets you manage the software update and patch process across NetWare and Windows operating systems.
Patch Management is not part of the course material or certication exam. However, you can learn more about Patch Management by referring to the Novell ZENworks Patch Management Server User Guide (ptm7admin.pdf) in the ZENworks7_docs directory on your 3062 Course CD. You can also watch a 2 hour presentation on patch management (Novell ZENworks Patch Management.exe) included on your 3062 Course CD in the Patch_Management_Video folder.
Personality Migration. ZENworks Personality Migration, powered by Unicenter Desktop DNA from Computer Associates, lets you efficiently migrate and restore a full desktop environment. Software Packaging. ZENworks Software Packaging, powered by InstallShield AdminStudio ZENworks Edition, lets you manage Microsoft Windows Installer (MSI) packages.

1-12
Version 1
When combined with the basic components of ZENworks 7 Desktop Management, these services give you a complete set of tools for managing resources for the desktops in your organization.
Whats New Since ZENworks 6.5 Desktop Management SP 1

The following briey describes whats new in Novell ZENworks 7 Desktop Management since the release of ZENworks 6.5 Desktop Management Support Pack 1:

General Changes Application Management Workstation Imaging Workstation Inventory
General Changes
The following describes the general changes to ZENworks Desktop Management functionality in ZENworks 7:

Support for Novell Linux Servers Support for Tablet PCs New Products and Updated Products Bundled with Desktop Management
Support for Novell Linux Servers

Version 1
With the release of ZENworks 7 Desktop Management, all desktop management components can be installed on SUSE Linux Enterprise Server 9 SP1, and Novell Open Enterprise Server (OES) Linux servers.
1-13
Support for Tablet PCs
ZENworks now supports distribution of policies and applications to Tablet PCs running the Windows XP Tablet PC Edition.
New Products and Updated Products Bundled with Desktop Management
Even if you license only the ZENworks 7 Desktop Management portion of the ZENworks 7 Suite, the license includes the use of other products included in the suite, including the following:
ZENworks Asset Inventory component of ZENworks 7 Asset Management. This component includes hardware and software inventory, network discovery, Web reporting, and workstation inventory history. Instant Messenger. Powered by GroupWise Instant Messenger 1.0, Instant Messenger is an instant messaging solution that delivers the following:
Secure communications among employees to protect sensitive information Policy-based management through eDirectory to simplify administration Business-class functionality designed especially for the enterprise environment
Identity Manager 2.02 Bundle Edition. This product lets you install ZENworks 7 Desktop Management in an all-Windows environment, synchronizing data between Novell eDirectory and Microsoft Active Directory. Novell iManager 2.5. This tool helps you administer eDirectory objects for ZENworks 7 Desktop Management and for administering ZENworks 7 for Servers.

Updated products. Updated products that ship with ZENworks 7 Desktop Management include the following:
ZENworks Data Management, powered by Novell iFolder 2.1.5 ZENworks Patch Management, powered by PatchLink Update version 6.2.2 ZENworks Software Packaging, powered by InstallShield AdminStudio ZENworks Edition (version 6) ZENworks Personality Migration, powered by Unicenter Desktop DNA from Computer Associates
Application Management
The following describe the changes to ZENworks Application Management functionality in ZENworks 7:
Support Added for Recognition of the Fourth Component of an OS Version Support Added for Deploying the Desktop Management Agent to Workstations in a Windows Workgroup
Support Added for Recognition of the Fourth Component of an OS Version
Windows XP SP2 adds a fourth component to a Windows operating system version (for example 5.1.1287.1120). ZENworks 7 Application Management now supports this fourth component. For older applications with only three components in an operating system version, ZENworks Desktop Management adds a zero (0) in the fourth component position. When the legacy requirement setting is imported into the distribution rules, ZENworks changes the fourth number from a 0 (zero) to a wildcard value, or x.

Version 1
1-15
This can create a potential issue if you want to perform an Equal to: = compare operation in an operating system version distribution rule, when the wildcard value does not exactly match the specied value in the fourth component.
Support Added for Deploying the Desktop Management Agent to Workstations in a Windows Workgroup
If the workstation where the Agent Distributor is executed is not a member of a Microsoft domain, the Agent Distributor can now be used to distribute the Desktop Management Agent to target workstations that are members of its Windows workgroup.
Workstation Imaging
The Linux kernel in the imaging engine has been upgraded to version 2.6, providing a wider variety of hardware and network card support.
Workstation Inventory
Workstation Inventory in Novell ZENworks 7 Desktop Management provides the following new features:
Upgrading Workstation Inventory from previous versions of ZENworks Desktop Management. Upgrading Workstation Inventory from ZENworks for Desktops 4.x, ZENworks 6.5 Desktop Management, or ZENworks 6.5 Desktop Management SP1 to ZENworks 7 Desktop Management is supported. Setting up the Oracle9i inventory database on a UNIX server. You can now set up the Oracle9i Inventory database on a UNIX server. Setting up the Oracle10g R1 inventory database on Windows or UNIX servers. You can now set up the Oracle10g R1 Inventory database on Windows or UNIX servers.

1-16
Version 1
Quickly and easily viewing the inventory data. Workstation Inventory provides a new tool known as Quick Reports to easily retrieve and view the data from the ZENworks Inventory database. Each Quick Report contains a list of inventory components and a query that you dene using the Quick Report Wizard.
Improving the Throughput of the ZENworks 7 Inventory Storer. You can now improve the throughput of the ZENworks 7 Inventory Storer by deploying multiple root servers to directly store the inventory data to the Oracle 9.2.0.6 Inventory database. Connecting the Linux Inventory Server and ConsoleOne to the Microsoft SQL 2000 Inventory Database. To set up the Inventory database for Microsoft SQL Server 2000, you need to configure the Inventory Database for Microsoft SQL Server 2000, and then connect the Inventory Server and ConsoleOne to the Inventory Database running Microsoft SQL Server 2000.

Objective 3
Implement eDirectory Design Guidelines for ZENworks

Knowing and following a few eDirectory design guidelines can help you place and manage the objects in your tree to create an efcient eDirectory structure. An efcient eDirectory design lets ZENworks quickly nd and access eDirectory objects, which results in better network performance, regardless of the number of objects in your tree. Because eDirectory is a cross-platform solution, the design guidelines are different for various operating systems and applications:

General eDirectory Design Guidelines eDirectory Design Guidelines for ZENworks Using a Separate Tree for ZENworks
General eDirectory Design Guidelines

The following are general design guidelines for creating the core elements (trees, partitions, and replicas) of eDirectory:

Tree Design Guidelines Partition Design Guidelines Replica Design Guidelines

Tree Design Guidelines
Use the following guidelines when designing a tree:
Design the upper levels of the tree based on WAN infrastructure. This part of the design represents the organizational structure, provides better bandwidth use, and provides faster access to resources. Make sure your eDirectory design does not require users to access resources across a WAN link. This can decrease network performance. Remember to implement this rule especially when creating user and workstation groups.
Design the lower levels of the tree based on the organization of network resources. This keeps all related objects, such as group objects, in a container. This in turn provides ZENworks with fast access to these resources. For example, at Digital Airlines, a user in the IS container at SLC can access a printing resource faster if both the user and the printing resource are in the same location.
Group membership should be constrained to users or workstations that all reside on the same side of a WAN link. Group membership should not span a WAN. Design the tree so there is minimum tree walking. Tree walking happens when a client submits a request to eDirectory and the request is received by a server that cant fulfill the request. The server must then send the request up the tree to another server. Several servers might need to be contacted before a qualied server is located. As long as the replica information can be accessed quickly, tree walking is not a problem. However, if replica information is available across a slow WAN link, delays can occur.

Partition Design Guidelines
Keep the following in mind when creating a partition:
Partition the upper levels of the tree based on WAN infrastructure. This reects the organizational structure, provides better bandwidth use, and improves access to resources. Dont create partitions that span WAN links. This can generate additional network traffic. Create partitions according to geographical location. This helps keep resources local and decreases network traffic. Partition the lower levels of the tree based on size (eDirectory has been tested to hold up to a billion objects).
Replica Design Guidelines
Keep the following guidelines in mind when creating replicas:
Maintain 3 replicas for fault tolerance. Each replica stores the eDirectory structure of that partition. Replicate locally (if possible) so network traffic decreases. Replicating locally places replicas of each partition on servers that are physically close to the users that use the information in that partition.
Place the master replica on servers local to the partition.

eDirectory Design Guidelines for ZENworks

Installing ZENworks Desktop Management impacts your eDirectory tree design because several new eDirectory objects are created. You must consider the impact these new objects will have on your tree. In addition, the ZENworks Desktop Management functionality lets you create other objects such as policy packages, application objects, and workstation objects in eDirectory. The objects added during ZENworks installation are created in the same container where the ZENworks server exists. Although there is no limit on the number of objects in a container, additional containers or partitions might be required to organize objects. However, these additional containers or partitions only affect the lower levels of the tree. To use ZENworks efciently, you must be aware of design guidelines that apply to the following:
Application and application folders. These objects let you
organize user access to applications. Placing or creating application objects close to the users who are accessing them facilitates good network performance.
Group objects. Consider the following for group objects:
For small networks, create group objects in the same container as associated applications. This improves access to resources. Never span group membership across a WAN link. If group membership spans a WAN link and the WAN goes down, login time will be signicantly longer. If possible, keep users of a group within the same partition so external references and associated network trafc are minimized.

Workstation objects. Create workstation objects close to the
physical workstation. This enables the workstation when it boots up to quickly login and identify the policies and applications associated with itself.
Policy package objects. Create policy package objects close to the
eDirectory objects they affect. A policy is a set of rules that helps manage or restrict the use of certain eDirectory objects. For ease of management, these policies are grouped into policy packages. Follow these recommendations when creating policy package objects:
Associate policy package objects at the location or site container level and lower in the eDirectory tree. Create user and workstation policy package objects close to the user or workstation objects that access thempreferably in the same container, but at least in the same partition.
Using a Separate Tree for ZENworks

ZENworks 6.5 and later versions let you install ZENworks into a tree separate from your production environment. With this type of installation, you can keep the administration of the ZENworks product family independent of the production eDirectory environment. Installing ZENworks into a separate tree can be useful because it
Prevents the need to modify the production file, print, and directory servers when installing or upgrading ZENworks. Lets ZENworks administrators have the rights to manage ZENworks objects only. Can provide a ZENworks tree structure significantly less complicated, depending on your needs.

1-22
Version 1
In order to support multiple trees, the following changes were introduced in ZENworks 6.5 Desktop Management:
During the agent installation you can specify the ZENworks tree. During the agent installation you can specify that Application Launcher (NAL) should only look for applications in the ZENworks tree. The Graphical Identification and Authentication (GINA) modules were modified to provide pass through authentication to the ZENworks tree, after successfully logging into the production tree.
As with most major changes in architecture, you should also consider the following drawbacks when implementing ZENworks in its own tree:
DirXML or Novell Identity Manager 2.0 need to be installed and configured in both the production and ZENworks tree if you want to do user based ZENworks administration without manually maintaining both trees. This can be somewhat challenging if you have not used DirXML before.
Because the ZENworks server can only be in one tree, more servers may be required. This means that if you decide to place the server in the ZENworks tree, you cannot place replicas of the production tree on the server. If you only have a single server at a given location this may require another server.
Remember that the ZENworks tree option is provided as an easy, low-impact way to introduce ZENworks into the environment without having to make signicant changes to the production tree.

For complete information on ZENworks trees, refer to Appendix B: Using a ZENworks Tree on page 63 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Objective 4
Install ZENworks 7 Desktop Management Back End Services

To use ZENworks, you must install Back End services. Back End services are the core services in ZENworks Desktop Management that provide various management functions. You can install the Back End services on NetWare 6, NetWare 6.5, Windows 2000 server, Windows Server 2003, Novell Open Enterprise Server (OES) Linux 1.0, and SUSE Linux Enterprise Server 9 Support Pack 1 (SP1). In this course, we focus on installing the Back End services on Novell Open Enterprise Server Linux. For details on installing the Back End services on NetWare, see Novell ZENworks 7 Desktop Management NetWare Server Installation on A-1.
For complete information on installing the Back End services, see the Novell ZENworks 7 Desktop Management Installation Guide (dm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
To install the Back End services, do the following:

Perform Pre-Installation Tasks Determine the Services You Want to Install Install the ZENworks 7 Desktop Management Server Perform Post-Installation Configuration Tasks Verify That the ZENworks 7 Desktop Management Services are Installed on Your Linux Server

Version 1
1-25
Check for ZENworks 7 Desktop Management Files Installed on Your Linux Server
Perform Pre-Installation Tasks

Before you install Back End services, do the following:
1.
Meet the following minimum hardware requirements:

Server OS NetWare 6 NetWare 6.5 Windows 2000 Server Windows Server 2003 SUSE Linux Enterprise Server 9 SP1 OES Linux 1.0 Disk Space 290 MB 290 MB Minimum Requirement Pentium III CPU, 512 MB RAM. Pentium III CPU, 512 MB RAM.
Table 1-1
290 MB
Pentium III CPU, 512 MB RAM.
290 MB
Pentium III CPU, 512 MB RAM.
190 MB (less than 100 users) 290 MB (100-500 users) 190 MB (less than 100 users) 290 MB (100-500 users)
Pentium III CPU running at 1GHz, 512 MB RAM.
Pentium III CPU running at 1GHz, 512 MB RAM.
If youre supporting more than 200 concurrent users, you should upgrade to 1 GB RAM.

2.
Meet the following software requirements:

Resource Management Console NetWare 6 Requirements ConsoleOne 1.3.6 (or later) from the ZENworks 7 Companion CD.

Table 1-2
Support Pack 4 (or later) applied. Novell eDirectory 8.6.2 (minimum), 8.7.1, or 8.7.3 (recommended). eDirectory 8.7.3 is required to implement the Middle Tier server.
JVM 1.4.1 for NetWare (minimum). LDAP congured and running. Clear text LDAP passwords are required to implement the Middle Tier server.
IP protocol stack bound and available on the server. Allow Clear Text Passwords enabled in the LDAP group object. Support Pack 1.1 (or later) applied. If you have applied Support Pack 2, the management workstation will need Novell Client 4.9 or later.
NetWare 6.5
Novell eDirectory 8.7.3. JVM 1.4.1 for NetWare (minimum). LDAP congured and running. IP protocol stack bound and available on the server. Require TLS for Simple Binds disabled in the LDAP group object.

(continued)
Table 1-2
Resource Windows 2000 Server
Requirements

Service Pack 4 or later. Novell Client 4.9 SP 1a installed and congured to use IP only, not IPX. eDirectory 8.6.2 (minimum); 8.7.1, or 8.7.3 (recommended). Installing eDirectory to a drive other than C: is not supported by the ZENworks 7 Imaging components.
LDAP congured and running. The eDirectory folder must be shared with the name of SYS. The IP protocol stack must be bound and available on the server. If connecting to a ZENworks Middle Tier server on Windows 2000, both Windows 2000 servers must be members of the Microsoft domain that is running Active Directory. If the Windows 2000 server is functioning as a Windows Terminal Server, it must be run in Remote Admin mode. Application mode is not supported. Novell Client 4.9 SP1a installed and congured to use IP only, not IPX. eDirectory 8.7.3 (minimum). LDAP congured and running. The eDirectory folder should be shared with the name of SYS. IP Protocol Stack must be bound and available on the server. If connecting to a ZENworks Middle Tier server on Windows Server 2003, both Windows Server 2003 machines must be members of the Microsoft domain that is running Active Directory.
Windows Server 2003

(continued)
Table 1-2
Resource Windows Server 2003 (continued) SUSE Linux Enterprise Server 9 SP1
Requirements
If the Windows Server 2003 is functioning as a Windows Terminal Server, it must be run in Remote Admin mode. Application mode is not supported. SUSE LINUX Enterprise Server 9 SP1. eDirectory 8.7.3 installed on the Desktop Management Server. LDAP congured and running. IP Protocol Stack must be bound and available on the server. Ensure that Samba 3.0.9-2.6 is installed, or install or upgrade it to the recommended version using YaST Online Update (YOU). Novell Open Enterprise Server Linux installed. eDirectory 8.7.3 installed on the Desktop Management Server. LDAP congured and running. IP Protocol Stack must be bound and available on the server. Ensure that Samba 3.0.9-2.6 is installed, or install or upgrade it to the recommended version using Red Carpet.
OES Linux 1.0
Novell ConsoleOne 1.3.6 and Novell eDirectory 8.7.3 are included on the Novell ZENworks 7 Companion 1 CD. ConsoleOne 1.3.6 (or later) must be installed after any NetWare Support Packs are applied. You can obtain the les necessary to create an eDirectory 8.7.x evaluation license diskette from the Novell eDirectory 8.7.x Evaluation License Download (http://www.novell.com/products/edirectory/licenses/eval_87.html) Web site.

Version 1
1-29
3.
Make sure that you have made and archived a reliable backup of the server. Make sure that the recommended version of ConsoleOne is installed on the server where you will install the ZENworks Desktop Management Server software. Make sure you have Admin or equivalent rights to eDirectory on all servers where you install the Desktop Management Server software. Make sure that you have Supervisor rights to the root of the tree where you install ZENworks to extend the directory schema. Do one of the following:
4.
5.
6.
7.
If you are installing the product on a NetWare or Windows server, make sure the workstation where you run the installation from is authenticated to the server where you are installing the product. or If you are installing the product on a Linux server, make sure you have root access on the server where you are installing the product.
8.
Before installing on a NetWare server, unload JAVA.NLM. To do this, from the server console enter java -killall, and then enter java -exit. Exit any program that uses files in Sys:\Public on any server you are installing. database process before proceeding with the installation. To do this, press Q at the Sybase Adaptive Server console screen.
9.
10. If you have a Sybase database running on the server, quit the
11. If you are installing the product on a NetWare or Windows
server, exit any Windows programs on the workstation where you are running the installation.

12. If you are installing the product on a NetWare or Windows
server, set the screen resolution on the ConsoleOne administration workstation to at least 1024 x 768.
You cant view all ConsoleOne information on the screen if the resolution is set lower than 1024 x 768.
13. For a NetWare or Windows server installation, check the
administrative workstation requirements. The following lists the software requirements for the workstation you will use to install Desktop Management Services software on a NetWare or Windows server:
Operating system. Use one of the following:

Windows 2000 Professional SP4 Windows XP Professional SP1 Windows 2000 Server SP4 Windows Server 2003 (Standard & Enterprise)
Client. Novell Client 4.9 SP1a or later. Browser. Internet Explorer 5.5 SP2 or later. You cannot use Windows 95, Windows 98, Windows Me, or Windows NT Workstation/Server to install Desktop Management. Also, you cannot use a workstation that resides on the other side of a NAT router from the server.
14. For a NetWare or Windows server installation, deploy
ConsoleOne 1.3.6 on your administrative workstation by doing the following: a. b. Insert the Novell ZENworks 7 Companion 1 CD into the CD drive of the workstation. (Conditional) If the installation program does not autorun, from the root of the CD, start Winsetup.Exe.

Version 1
1-31
c.
Select Companion Programs and Files.
d. Launch the ConsoleOne 1.3.6 installation program by selecting Novell ConsoleOne. e. Follow the prompts to install ConsoleOne.
For additional details on installation prerequisites for a Back End services installation, see Prerequisites for Installing the ZENworks Desktop Management Server on page 33 of the Novell ZENworks 7 Desktop Management Installation Guide (dm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Determine the Services You Want to Install

After performing pre-installation tasks, you should list the services that you will be using, and then determine which components to install on the server that support those services. The following are the Back End services available:

Application Management Automatic Workstation Import Imaging Remote Management (Wake-on-LAN) Workstation Inventory Inventory Database Workstation Management

Application Management lets you use eDirectory to manage the distribution of applications to users. Unlike other Back End services that have server components, eDirectory is the only Back End service of Application Management. Using Application Management, you can
Distribute Windows, Microsoft Windows Installer (MSI), web, and terminal server applications. Create application dependencies. Determine who the applications will be distributed to. Configure distributed applications to run from a workstation, network server, or terminal server. Determine how distributed applications are presented to users on their workstations. Distribute applications to newly imaged workstations as part of the imaging process. Uninstall any distributed applications.
Selecting this component places les to launch the Novell Application Launcher into the PUBLIC directory. The installation les for the Application Management Reporting servlet are placed on the server as well.
Automatic Workstation Import

Version 1
Automatic Workstation Import (AWI) creates an object in your tree that represents each workstation on your network. This provides simplied, hands-off management of workstations.
1-33
AWI includes the Automatic Workstation Removal (AWR) service and provides management of the entire lifecycle of a workstation, from the creation of its object to its removal. AWI is a one-step process. The Workstation Registration program accesses the AWI service, which registers the workstation and creates the workstation object.
Imaging
ZENworks includes an imaging component that lets you take images (a le-by-le copy of the operating system, applications, and data les) of workstations and restore those images to other workstations on the network. The image le is stored on a server that is running the imaging service. The image le is managed in eDirectory through a workstation image object which represents an image le. Workstation Imaging lets you perform the following operations:
Take an image of a workstation and store it on the same workstation (locally) or on an imaging server Create add-on images of the files you choose Customize an image Compress an image to minimize the storage space Restore an image that has been saved on a workstation (locally) or an imaging (proxy) server to a workstation manually at each workstation or automatically from ConsoleOne Make use of a workstation or server policy to define imaging operations Create a script to customize and automate how you perform imaging operations

1-34
Version 1
Restore an image to many workstations simultaneously in a multicast session View information about the partitions and storage devices on a workstation Create, delete, and activate partitions
Remote Management (Wake-on-LAN)
The Remote Management (Wake-on-LAN) component lets you manage any workstation, local or remote, from the administrator workstation. The Back End service for Remote Management is eDirectory. Using Remote Management, you can do the following:
Log information in audit records about the Remote Management sessions running on a managed workstation Remotely wake up a managed workstation at a scheduled time Assume control of a managed workstation Execute files on managed workstations Reboot a managed workstation Transfer files between the remote management console and a managed workstation Diagnose problems on a managed workstation Blank a managed workstation screen during a Remote Control session Lock keyboard and mouse controls at a managed workstation during a Remote Control session Suppress wallpaper on the desktop of a managed workstation during a Remote Control session or a Remote View session

Version 1
1-35
If you select this option during installation, the Wake-on-LAN service is also installed on the ZENworks Back End server. This service facilitates scheduled Wake-on-LAN.
ZENworks lets you gather important hardware and software inventory information for all managed workstations on your network. The information gathered by the Workstation Inventory service is stored in a database. You can query, view, or report this inventory information using ConsoleOne. ZENworks also provides a rollup (consolidation) of the inventory information stored across servers for large networks. If you choose to install Workstation Inventory, make sure you review the following guidelines:
Do not install the Workstation Inventory component of the Desktop Management Server software and the ZENworks Middle Tier server software on the same Windows 2000 server. Stop the Sybase Adaptive Server Anywhere service on your server, if it is currently running. Use top-down deployment for Inventory installation. Always begin the installation at the topmost-level server and proceed with the next lower-level servers. Make sure that the servers where you want to install the Desktop Management Inventory server and the database components have a valid DNS A record configured on the DNS server. If the servers do not have a DNS A record, you must use an IP address for the server during Desktop Management Inventory policy conguration.

1-36
Version 1
Make sure that the workstation you use for installing Desktop Management Server software is properly configured to perform DNS lookups.
Inventory Database
The database service stores information gathered by the workstation inventory and other services in a database management system (DBMS). The DBMS used by the database service is one of the following relational database management systems (RDBMSs):
Sybase Adaptive Server Anywhere v 7.0.0.313 (which ships with ZENworks) Microsoft SQL 2000 Oracle 8i or 8.0.4 databases (NetWare) or Oracle 8.1.5 (Windows NT/2000)
Sybase is the default database, and is only shipped with the database engine. The other databases are supported by shipping the database structures only.
Workstation Management
Workstation management lets you congure a workstation based on policies or the user login. You can enable or disable options on the workstation operating system menu, change the wallpaper, or install and uninstall software. You can also change settings on a workstation based on user credentials.
VIEW ONLY complexity of conguring and maintaining workstation desktops. NO PRINTING ALLOWED
Workstation management features help you reduce the cost and
Install the ZENworks 7 Desktop Management Server

When you have met the hardware and software requirements and prerequisites for installation, do the following to get the Novell ZENworks Desktop Management Server up and running on a Linux server:
1. 2.
From the Linux desktop, open a terminal window. From the shell prompt, switch to the root user by entering su and the root password. Mount the ZENworks 7 Desktop Management Linux CD and view the files on the CD: a. b. Insert the ZENworks 7 Desktop Management Linux CD. Enter su . The su command (without indicating a user name) switches you by default to the root user. Including the switches you to the environment settings for the root user. c. e. Enter the root password. List the les in the media directory by entering ls /media. You should see a subdirectory such as dvd, cdrom, or cdrecorder. This is the place in your Linux le system where you can access the les on a DVD or CD. f. Change to the /media/mount_point directory by entering cd /media/mount_point (where mount_point is a directory such as dvd, cdrom, or cdrecorder). d. Change to the /media directory by entering cd /media.
3.
g. List the les on the ZENworks 7 Desktop Management Linux CD by entering ls. You should see a setup script le.

1-38
If no les are listed, you will need to manually mount the CD by entering mount /media/mount_point.
Version 1
4.
Display the first page of the installation program by entering the following: ./setup Make sure you enter a leading period, or Linux will not nd the setup script.
x
Figure 1-1
Including a ./ (dot-slash) at the beginning of a command instructs Linux to look in the current directory for the command. If you do not include the ./, Linux will not know where to look for the command.
After unpacking and extracting the JRE and installation resources, the following introduction appears:
5.
Continue by pressing Enter. The following installation prerequisites appear:
Figure 1-2

Notice that there are keystrokes listed for moving forward and back through the installation script. From any page of the installation program, you go back to the previous page by entering back, or cancel the installation program by entering quit.
6.
Continue by pressing Enter. The rst page of the prerequisite information appears.
7.
Exit the prerequisite information by typing q. The following license agreement appears:
Figure 1-3
8.
Continue by pressing Enter.

The rst page of the license agreement appears: Figure 1-4
9.
Read and page down through the terms of the license by pressing the Spacebar several times. accept the terms by entering y. The Choose Install Set page appears:
10. When you reach the end of the license agreement, type q; then
Figure 1-5

From this page, you can install the ZENworks Desktop Management server (Back End services) or the ZENworks Middle Tier server, or install both on the same computer by selecting All Features. If you want to customize the installation parameters (such as the services installed), select Customize.
11. Select ZENworks Desktop Management Server by entering 2.
The Tree Information page appears: Figure 1-6
12. Authenticate to the eDirectory tree where you want to install and
configure the ZENworks Middle Tier services:
The name of the local host eDirectory tree (this servers tree) The eDirectory distinguished name (DN) for the Administrative user The password for the Administrative user
These elds are not case sensitive. After your credentials are validated, the ZENworks License Key page appears: Figure 1-7
13. Enter the license code that you received in an email from Novell

1-42
after you purchased Novell ZENworks.
Version 1
If you don't enter an appropriate code (or simply press the Enter key), ZENworks Desktop Management functions for only 90 days. During the 90 days, you are periodically reminded to license the product until you provide a license code. When you nish entering the license code, the Inventory Standalone Conguration page appears: Figure 1-8
The Inventory Standalone Conguration page appears if you install the Inventory Server and the Inventory Database on the same server.
14. (Conditional) If you want the installation program to
automatically create the Server Package and the Database Location policy within the Server Package, and to start the Inventory Service on the server, enter Y; then configure the settings on the Inventory Standalone Configuration page. When you nish entering the license code, the Inventory Standalone Conguration page appears: Figure 1-9
15. Enter the context for the standalone inventory server.
The Inventory Proxy Conguration page appears: Figure 1-10

16. Enter the port number you want to designate as the one to allow
XMLRPC requests to pass through to the Inventory Proxy service. If you want to change the Port 65000 default, specify a value between 0 and 65535; otherwise, accept the default value by pressing Enter. Make sure that the port number is not used by other services on the server. The SSL Conguration page appears: Figure 1-11
17. (Conditional) If you want ZENworks 7 Inventory server to
establish a secure connection with eDirectory using LDAP, enter Y, and then enter the complete path (including lename) of the SSL certificate; otherwise, enter N. The NetBIOS Conguration page appears: Figure 1-12
The NetBIOS Conguration page is displayed only if the NetBIOS name is not present in /etc/samba/smb.conf, and the Linux server name on which you run the ZENworks installation is more than 13 characters. If the NetBIOS name is not present in /etc/samba/smb.conf and the Linux server name is more than 13 characters, then the installation program generates a NetBIOS name using the rst 13 characters of the Linux server name on which you run the installation.

1-44
Version 1
This name is displayed as the default value during the ZENworks Linux installation.
18. Do one of the following:
Accept the default NetBIOS name by pressing Enter. or Enter a unique NetBIOS name.
The Pre-Installation Summary page appears: Figure 1-13
19. When you finish reviewing the summary page, begin the
installation by pressing Enter. When the installation process is complete, InstallAnywhere creates an installation log le.

Version 1
You can press Ctrl+C to abort the creation of the log le.
1-45
If the installation is successful, the View Readme page appears: Figure 1-14
View the readme le by entering 1, pressing Enter to page down, and then pressing Enter to display the Installation Complete page. or Skip to the Installation Complete page by entering 2.
The following appears: Figure 1-15
Although the Installation Complete message states that all services are installed, the proxydhcp service is not started after the ZENworks 7 Desktop Management Services on Linux installation is completed or after a reboot.

If you want this service to be started after a reboot, you can use a runlevel editor and add the daemon to the required runlevel or you can enter /etc/init.d/novell-proxydhcp install or rcnovell-proxydhcp install at a shell prompt.
21. Exit the installation program by pressing Enter.
Perform Post-Installation Conguration Tasks

After installing ZENworks Desktop Management there are several conguration changes you should make to ensure optimal support in your environment. These include the following:
Determine whether the eDirectory schema has been extended. After you install Desktop Management Services, you can use the ConsoleOne Schema Manager tool to determine whether your directory schema has been extended by the installation program. When the schema has been extended for Desktop Management Services, attributes are added to the list. Do the following:
1.
From your administrative workstation in ConsoleOne, select Tools > Schema Manager. Open the list of schema attributes by selecting Attributes. You should see the following attribute if the Desktop Management Server is installed: zenlocZFD7Installed
2.

Create and configure a search policy to reduce tree walking during the policy search process. This task is discussed in detail in Describe and Congure Search Policies on 2-8.
Configure the launcher configuration settings for the containers where users and workstations exist. This task is discussed in detail in Congure Novell Application Launcher on 7-38.
Modify your DHCP configuration if necessary. ZENworks may require DHCP modification for two reasonsspecifying a Middle Tier server and specifying that the server is both a DHCP and Proxy DHCP server. To use the Middle Tier server, the Desktop Management agents on your workstations must be congured with the IP address or DNS name of the Middle Tier server. One of the easiest ways to make this happen is to do the following in YaST to congure a DHCP option that delivers the Middle Tier servers IP address to your workstations:
1.
From your Linux servers KDE desktop, select the YaST icon. A Run as Root dialog appears.
2.
Enter the password of the root user; then select OK. The YaST Control Center appears.
3.
On the left, select Network Services; on the right, select DHCP Server.

A DHCP conguration dialog appears: Figure 1-16
4.
From the left, select Expert Settings. A dialog appears indicating that you need to know what you are doing when conguring Expert settings.
5.
Continue by selecting Yes. The following appears:
Figure 1-17
6.
Make sure Global Options is selected; then select Add. A Select Declaration Type dialog appears.

Version 1
7.
Select Host; then select Next.
1-49
8. 9.
In the Host Name field, enter ZENworks. Select Add.
10. A Selected Option dialog appears. 11. From the drop-down list, select option
domain-name-servers; then select OK. A dialog appears with an empty list of addresses.
12. In the New Address field, enter the IP address or DNS name
of your Middle Tier server; then select Add.

13. Select OK.
You are returned to the Conguration of Host with Fixed Address dialog.
14. Select OK. 15. You are returned to the DHCP Server Configuration dialog,
where a new entry is listed for the ZENworks host.

1-50
The conguration is saved and the DHCP server is restarted.
Version 1
16. Close the YaST Control Center.
Once your DHCP server is congured, the IP address of your Middle Tier server should be automatically delivered each time users boot their workstations.
Configure the ZENworks Inventory Service object and the policies that are required to create your inventory hierarchy. This task is discussed in detail in Congure the Inventory Service Object on 15-34.
Configure the ZENworks Automatic Workstation Import policy and import server location method so that workstations can be imported. This task is discussed in detail in Implement Automatic Workstation Import (AWI) on 4-8.
For additional information on performing post-installation tasks, see Post-Installation Tasks on page 237 of the Novell ZENworks 7 Desktop Management Installation Guide (dm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Verify That the ZENworks 7 Desktop Management Services are Installed on Your Linux Server
After you have completed your conguration, you should verify that all of the expected ZENworks 7 Desktop Management servicessometimes called daemons or scriptsare available in the /etc/init.d directory.

Depending on the components you have installed, you will nd one or more of the following: Table 1-3
Service or Daemon ZENworks Auto Workstation Import/Removal ZENworks Preboot Services Name novell-zdm-awsi
novell-proxydhcp novell-tftp novellzmgprebootpolicy
ZENworks Imaging Service
novell-zimgserv Note that novell-zimgserv is not a daemon in ZENworks 7 Desktop Management Services on Linux. It is loaded by Novell eDirectory and is run as a subprocess of eDirectory.
ZENworks Remote Management
novell-zdm-wol
ZENworks Middle Tier Server novell-tomcat4 apache2 novell-xregd novell-xsrvd ZENworks Inventory Service novell-zdm-sybase novell-zfs novell-zdm-inv
Many of these processes also have a .conf le or a .properties le that you can use to congure its execution. The information in the log le includes parameters you can use while running the process from the command line.

For complete information on these les, see Identifying Processes Started by the Linux Installation on page 83 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
You can manage these processes individually from a shell prompt by entering the process name, followed by start, stop, restart, or status. You need to include the full path with the process name, or precede the status name with a ./ (dot-slash) if you are currently in the /etc/init.d directory. For example, you can enter /etc/init.d/novell-zdm-wol restart or ./novell-zdm-wol restart to restart the ZENworks Remote Management process. You can also manage some processes from anywhere in the le system by preceding the command with rc, as in the following: rcnovell-zdm-wol restart You can use ./ZDMstart to start and ./ZDMstop to stop all of the ZENworks processes at once. Both of these utilities are found in the /opt/novell/zenworks/bin directory. You can also use the ./ZDMstart -status command to show the status for all of the ZENworks processes.

Version 1
1-53
You can list the version of the ZENworks components installed on your Linux server by running the version utility located in the /opt/novell/zenworks/bin directory called novell-zdm-version.
For complete information on verifying the installation of Novell ZENworks Desktop Management on NetWare or Windows, see Checking the Installation of Desktop Management Components on NetWare and Windows Servers on page 71 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Check for ZENworks 7 Desktop Management Files Installed on Your Linux Server
Besides checking for ZENworks 7 Desktop Management services on your server, you should also verify that the Desktop Management component les are installed in the following directories on your Linux server: Table 1-4
Component Imaging Location on Linux
Imaging server /usr/lib/nds-modules/libzimgserv.so.1.0.0 Imaging utilities (bootcd.iso, Image Explorer, Zimgboot) /opt/novell/zenworks/zdm/imaging/ winutils
ZEN partition /opt/novell/zenworks/preboot/imaging/ update

(continued)
Table 1-4
Component Preboot Services (PXE)
Location on Linux
Linux drivers /srv/tftp/boot/initrd Linux kernel /srv/tftp/boot/linux Linux utilities /srv/tftp/boot/root Settings.txt /srv/tftp/boot TFTP conguration /etc/opt/novell/novell-tftp.conf PDHCP conguration /etc/opt/novell/novellDTS conguration /etc/opt/novell/zenworks/preboot/ novell-zmgprebootpolicy.conf
Novell Application Launcher (NAL)
Snapshot /opt/novell/zenworks/zdm/winutils Reporting /opt/novell/zenworks/zdm/winutils Database /opt/sybase/novell/zenworks/nal/db
Inventory
Inventory conguration /etc/opt/novell/zenworks/inv Inventory startup /etc/init.d/novell-zdm-inv Sybase startup /etc/init.d/novell-zdm-sybase Database /opt/sybase/novell/zenworks/inv/db

Version 1
1-55
(continued)
Table 1-4
Component Automatic Workstation Import
Location on Linux
Service /etc/init.d/novell-zdm-awsi Library /opt/novell/zenworks/java/lib/awsi/ autowsmanagement.jar
Remote Management
WOL startup /etc/init.d/novell-zdm-wol
ZENworks for Desktops Agent Middle Tier
ZfDAgent.msi /opt/novell/zenworks/zdm/agent
Apache module/IIS lter /opt/novell/xtier/bin/novell-xsrvd Midtier conguration
my_server\Software\Novell\Xtier\Xsrv\ Conguration
For complete information on component les stored on a NetWare or Windows server, see TID# 10098622 (accessible from the Knowledgebase at http://www.novell.com).

Exercise 1-1
Install ZENworks 7 Desktop Management Back End Services

In this exercise, you install the back-end services of ZENworks Desktop Management server. This server hosts all of the services necessary to manage the workstations. You use the following Host computers and VMware virtual machines:
Figure 1-19
Host 1 WinXP Pro SP2 10.200.200.1
(crossover cable) Host 1 VMware Virtual Machines DA-ZEN OES Linux 10.200.200.250 Host 2 VMware Virtual Machines
Do the following:

Part I: Install the ZENworks 7 Back End Services Part II: Start and Configure the Proxydhcp Service Part III: Verify That the Back End Services are Running

Although this exercise and Install the ZENworks 7 Desktop Management Middle Tier Services on 1-97 require you to install ZENworks 7 Desktop Management on a Linux server, the steps are designed to help you through this experience with little or no Linux knowledge. If you are unfamiliar with Linux, you might want to review the topics in Linux Fundamentals on B-1 before starting these exercises, or use the appendix as a reference while completing the exercises.
Part I: Install the ZENworks 7 Back End Services
To install the ZENworks 7 Desktop Management Back End services on the DA-ZEN server, do the following:
1. 2.
From your Host1 computer, start VMware Workstation. (Conditional) If there is no tab page displayed for the DA-ZEN_Linux server in VMware Workstation, do the following: a. b. From the VMware Workstation menu bar, select File > Open. Browse to and select the sles.vmx le in the DA-ZEN_Linux folder; then select Open. A DA-ZEN_Linux virtual machine page appears.
3.
From the virtual machine page, select Start this virtual machine. After the DA-ZEN server starts, a SUSE Linux (DA-ZEN) login dialog appears.
4.
Enter the following:

Username: admin Password: novell

1-58
5.
Log in by selecting Login. KDE 3.2 is loaded, and the DA-ZEN desktop appears.
Version 1
6.
From the DA-ZEN desktop on the Host1 computer, open a terminal window by selecting the Terminal Program icon (monitor with a shell) from the bottom of the desktop. A Shell - Konsole window appears.
7.
From the shell prompt, switch to the root user: a. Enter su . The su command (without indicating a user name) switches you by default to the root user. Including the switches you to the environment settings for the root user. b. Enter the root password of n0v3ll (a zero and a 3).
8.
Mount the ZENworks 7 Desktop Management CD and view the files on the CD: a. b. Insert the Novell ZENworks 7 Product DVD in the Host1 DVD drive. From the terminal window, change to the /media/cdrecorder directory by entering the following: cd /media/cdrecorder c. Display the contents of the directory by entering ls. A list of ZENworks 7 product .iso les is displayed. d. Mount the ZEN7_DesktopMgmt.iso le by entering the following: mount -o loop ZEN7_DesktopMgmtLinux.iso /mnt e. f. Change to the /mnt directory by entering cd /mnt. List the les in the mnt directory by entering ls. You should see the setup script le.
9.
Start the installation by entering the following: ./setup

Version 1
Make sure you enter a leading period, or Linux will not nd the setup script.
1-59
The setup script begins extracting and unpacking the JRE, preparing to install, and then launches the Novell ZENworks 7 Linux-Based Desktop Management Installation program.
10. Continue by pressing Enter.
An Installation Prerequisites page appears.

11. Continue by pressing Enter; then exit the prerequisite page by
typing q. A License Agreement page appears.

12. Exit the license agreement text by pressing Enter; then typing q. 13. Accept the terms of the license agreement by entering y.
A Choose Install Set page appears. From this page, you can install the ZENworks Desktop Management server (Back End services), the ZENworks Middle Tier server, or install both at the same time on the same computer by selecting All Features.
14. Select ZENworks Desktop Management Server by entering 2.
A Tree Information page appears. The Current Tree is listed as DA-TREE.

15. Type admin.slc.da; then press Enter. 16. For the admin password, type novell; then press Enter.
An Inventory Standalone Conguration page appears.

If a ZENworks License Key Information page appears, you are using a DA-ZEN virtual machine other than the one provided in the 3062 student kit. You can use the use the 90 day trial license code by pressing Enter.
17. Configure Workstation Inventory as a standalone service by
entering y.
18. For the inventory server context, enter da.
An Inventory Proxy Conguration page appears.

19. Accept the default XML proxy port (65000) by pressing Enter.
An SSL Conguration page appears.

20. Skip configuring SSL by entering n.
A Pre-Installation Summary page appears with the following information:
Product Name:
ZENworks Desktop Management Application Management Remote Management Inventory Server Inventory Proxy Inventory Database NAL Database Imaging PXE Autoworkstation Import/Removal ZENworks Desktop Agent Installer
Product Components:


Version 1
1-61
ZENworks License Key:
Already installed
The Back End services begin installing. This can take several minutes. After installation is complete, a View Readme page appears.
22. Continue without viewing the readme file by entering 2.
A message appears indicating that ZENworks Desktop Management has been successfully installed in the /opt/novell/zenworks directory.
23. Exit the installation by pressing Enter.
After a few moments, you are returned to the shell prompt.

24. View the files in the /opt/novell/zenworks directory by entering
ls /opt/novell/zenworks. Notice that the following directories are listed:

Uninstall ZENworks Desktop Management bin inv java lib preboot schema zdm
You will be reviewing and using some of these directories (such as inv and zdm) throughout the course.
25. Unmount the ZENworks 7 Desktop Management for Linux .iso
file and remove the Novell ZENworks 7 Product DVD:

1-62
a.
From the terminal window prompt, change to the root directory by entering cd /.
Version 1
b.
Unmount the ZENworks 7 Desktop Management for Linux CD by entering the following: umount /mnt Notice that there is no n in the umount command.
c.
Remove the Novell ZENworks 7 Product DVD from the DVD drive.
Part II: Start and Congure the Proxydhcp Service
Although the installation complete message states that all installed ZENworks services have been started, the proxydhcp service is not started after the ZENworks 7 Desktop Management Services on Linux installation is complete or after a reboot. Do the following to start the proxydhcp service, and to make sure it runs after rebooting the DA-ZEN server:
1.
Edit the Proxy DHCP configuration file to ignore the local DHCP server (you want to use the novell-proxydhcp service): a. From the DA-ZEN server desktop, select the KDE Start menu (green ball with a red N); then select Run Command. A Run Command KDE desktop dialog appears. b. c. Enter kdesu kate; then select Run. When prompted for a password, enter a password of n0v3ll; then select OK. The Kate editor window appears. d. From the menu bar, select File > Open. An Open File - Kate dialog appears. e. In the address eld at the top of the dialog (where you currently see /root/) enter the following: /etc/opt/novell Select novell-proxydhcp.conf and then select OK.

Version 1
f.
1-63
g. Find the line LocalDHCPFlag = 0 and change the 0 to 1. h. Select File > Save. i.
2.
Close the Kate editor window.
From the terminal window on the DA-ZEN server desktop, change to the /etc/init.d directory by entering cd /etc/init.d. Check the status of the proxydhcp service by entering the following: ./novell-proxydhcp status Remember to include the leading period. A message is displayed indicating that the service is not running.
3.
4.
Start the proxydhcp service by entering the following: ./novell-proxydhcp start The proxydhcp service starts and a status of run is displayed. Besides starting the proxydhcp service, you also need to assign the service to one or more runlevels so that it starts automatically whenever you reboot the DA-ZEN server. To do this, you can use the YaST Runlevel Editor.
5. 6.
Close the terminal window by entering exit twice. From the DA-ZEN desktop, start YaST by selecting (with a single click) the YaST icon. A Run as root - KDE su dialog appears requesting the password for the root user. In order to make changes to the DA-ZEN conguration les, you need to be logged in as root.
7.
Enter a password of n0v3ll; then select OK. After a few moments the YaST Control Center dialog appears.

1-64
Version 1
On the left are several categories; on the right are YaST modules listed for the currently-selected category.
8.
Select the System category (on the left); then scroll down (on the right) and select (a single click) the Runlevel Editor module. After a few moments, the Runlevel Editor: Services dialog appears. The default runlevel for your DA-ZEN server is runlevel 5 (graphics mode). This means that every time you reboot or start the server, it launches the KDE desktop. However, you can also boot to a non-graphics mode (runlevel 3). For the purposes of the exercises in this course, we will set the novell-proxydhcp service to start in both runlevel 5 and runlevel 3 modes.
9.
From the top of the list, select the Expert Mode option (you do not need to wait for the clock icon cursor to disappear). novell-proxydhcp. Below the list are checkboxes for several runlevels.
10. Scroll down through the services list and select
11. Select (check) the 3 and 5 runlevels.
Part III: Verify That the Back End Services are Running
The nal step is to ensure that the services that should have been started are running on the ZENworks 7 server.

Do the following:
1.
From the Runlevel Editor, check the Running column to make sure that the following services are enabled and running on DA-ZEN:

ndsd novell-proxydhcp novell-tftp novell-xregd novell-xsrvd novell-zdm-awsi novell-zdm-inv novell-zdm-sybase novell-zdm-wol novell-zfs novell-zmgprebootpolicy
x
2. 3.
If a service is not running, select the service; then from the Start/Stop/Refresh drop-down list (below the Services list), select Start now.
Save the changes to the novell-proxydhcp service by selecting Finish; then select Yes. You are returned to the YaST Control Center. Close the YaST Control Center dialog by selecting Close.
You are nished with the installation and verication of the ZENworks 7 Desktop Management server.
(End of Exercise)

Objective 5
Evaluate ZENworks Desktop Management Access Methods

ZENworks Desktop Management provides several access methods and login dialogs that you can use to access the management information stored in the directory and in the le system of your ZENworks server(s). Before installing ZENworks Desktop Management you need to understand the following:

ZENworks Access Methods Login Dialogs How to Determine the Access Method and Login Dialog to Use
ZENworks Access Methods

The following access methods are available:

Traditional Client Access Method Web Services Access Method (Outside the Firewall) Web Services Access Method (Inside the Firewall)
Traditional Client Access Method
This is the traditional ZENworks method for accessing ZENworks management information. With this method, the ZENworks Desktop Management agent communicates directly with the ZENworks server and with eDirectory using the NetWare Core Protocol (NCP) protocol.

In addition, if you have Common Internet File System (CIFS) congured on your servers, the ZENworks Desktop Management agent can also use the Windows workstation service to access the les on the CIFS share. The following illustrates this traditional access method: Figure 1-20
NC
IFS P/C
toc Pr o
ol
File server storing files for app or policy distribution
ND AP
Workstation running Agent and Novell Client
ove rN
CP
eDirectory tree where users and ZENworks objects reside
This method is excellent for accessing information from ZENworks servers. However, because of its dependency on the NCP protocol, it requires the use of the Novell Client for Windows. In some environments this is seen as an adoption hurdle because of perceived problems with the Novell Client or because the client is not required for any other functionality. In addition, this method is not rewall-friendly. Remote users require the Network Control Protocol (NCP) or Server Message Block (SMB) ports to be open on the rewall to enable access to the network. To avoid potential security problems with these ports open, a Virtual Private Network (VPN) client can be congured that lets users access the network securely.

1-68
Version 1
However, most users do not understand VPN technology. As a result, you can spend a signicant amount of time supporting remote access issues.
Web Services Access Method (Outside the Firewall)
If you do not require or do not want the Novell Client for Windows installed on your workstations, you can use the Web Services Access method. Newer versions of ZENworks (since version 4) provide this type of access by using a web services architecture that enables users to authenticate through the web (using http/https) without using the Novell Client. There are 3 components in the web services architecture:

ZENworks Back End server Middle Tier server Desktop Management agents
The Back End server is also referred to as the ZENworks server. This server provides the core services of ZENworks 7 and hosts all ZENworks Back End services and files needed to implement those services. The Middle Tier server is logically placed between the ZENworks server and workstations. The Middle Tier server efciently services requests and exchanges data with clients. Middle Tier services are normally installed on a server other than the ZENworks server. This reduces the utilization of the ZENworks server. However, you can install Back End and Middle Tier services on the same server.

x
Figure 1-21
In smaller organizations, installing Middle Tier services on the ZENworks server eliminates the need for an additional server allocated for remote users only.
The following shows how the web services access method functions when the workstation is outside of the corporate rewall:
Workstation running Desktop Management Agent
F I R E WA L L
Middle Tier Server
F I R E WA L L
File server storing files for app or policy distribution
The following describes the process:

1.
When a client submits a request to the Middle Tier in the form of an XML document, the Middle Tier accepts the request and translates the request to the appropriate file or directory access protocol. The request is sent to the ZENworks Back End server. The server processes the request and sends the information back to the Middle Tier. The Middle Tier processes the request, converts the data into XML format, and sends it to the client that requested the data. Using the Middle Tier makes ZENworks 7 firewall-friendly because all XML documents are transferred using port 80 (http) or 443 (https).
2.
3.
4.

1-70
Version 1
Web Services Access Method (Inside the Firewall)
Making ZENworks services available outside the rewall is useful for providing employees with ZENworks access when they are on the road. However, in previous versions of ZENworks Desktop Management, this caused issues with extra trafc when the devices were on the inside of the rewall. Even though the workstation was able to access the ZENworks server directly, it was forced to go through the Middle Tier anytime ZENworks referenced a Uniform Naming Convention (UNC) path. In ZENworks 7 Desktop Management, the agent running on the workstation has been modied to be more intelligent by using the ZENworks Multiple UNC Provider (ZENMUP). ZENMUP is a Windows service that assists in locating network resources identied using the UNC, and lets workstations establish, on a per session basis, the fastest connection available to network policies and applications based on the customers environment and what clients they are using.
ZENMUP is automatically installed and enabled as part of the ZENworks 7 Desktop Management Agent installation. It doesnt need to be congured and cannot be disabled.

How ZENMUP works depends on the environment in which is it used, as illustrated in the following: Figure 1-22
The following provides a quick overview of how ZENMUP works in different environments: Table 1-5
Environment NetWare servers with workstations running the Novell Client Description If no rewall is present, either the NetWare Core Protocol (NCP) is used (if accessing les on a NetWare server) or a CIFS/SMB connection is used (if accessing les on a Windows server). If ZENMUP detects that a rewall is present, all communication is directed through the ZENworks Middle Tier server.

(continued)
Table 1-5
Environment NetWare servers running the CIFS protocol and workstations running the Microsoft Client and the Desktop Management agent Windows servers with workstations running the Desktop Management agent only or the Desktop Management agent and the Microsoft Client.
Description User support inside the rewall uses CIFS. Support outside the rewall uses the Middle Tier Server (HTTP). Workstation support is limited to the Middle Tier Server (HTTP). There must be a domain controller, and all workstations and users must be members of the domain with the appropriate le rights on the network share where the application and policy les are located. Inside the rewall, the Microsoft Client (CIFS) is always used. Outside the rewall, the ZENworks Middle Tier server is used to access les.
The following shows how the ZENworks agent functions with ZENMUP when the workstation is inside the rewall, without any ports being blocked: Figure 1-23
CIFS Protocol
File server storing files for app or policy distribution XML over HTTP NDAP over NCP LDAP Workstation running Desktop Management Agent Middle Tier Server

As you can see from the illustration, the web services components are still required. This means that you still need

A ZENworks server to host the ZENworks files and services A Middle Tier server to communicate with eDirectory on behalf of the workstation The ZENworks agent on the workstation
However, there are differences in the process, as indicated in the following steps:
1.
When the workstation needs to read information from eDirectory it generates an XML document and sends it to the Middle Tier server. The Middle Tier server converts the XML document into an NDAP request that it sends to the configured eDirectory server. The eDirectory server responds using NDAP over NCP. The Middle Tier server converts the NDAP data to an XML document and sends the response to the workstation. When the workstation needs to access a file from a UNC path it attempts to access the server directly using the clients installed on the workstation. If the workstation service is installed on the workstation and CIFS is installed on the server then the workstation will read files directly from the Back End server. This is the key difference between the inside and outside the rewall access methods. This signicantly reduces trafc and improves the performance of the Middle Tier server.
2.
3. 4.
5.
6.
This method is most suited for a Windows only environment where the les are being stored on a Windows server and the workstations are running the Windows workstation service.

For complete information on ZENworks Multiple UNC Provider (ZENMUP), refer to Understanding the ZENworks Multiple UNC Provider on page 49 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Login Dialogs
In order to authenticate to a network, it is necessary that the user log in with a name and password using a login dialog. This is typically the role of the GINA.DLL on a Windows workstation. The login dialog displayed depends on whether the Windows registry key HKEY_LOCAL_MACHINE\Software\Novell\NWGINA\ PassiveMode is set to 0 or 1. If the registry value is set to 0, then the Novell Client login or ZENworks Desktop Management Agent login appears. If the registry value is set to 1 then the Windows login screen appears. This corresponds to the dialog in the agent installation asking whether the login screen should be displayed or not.
x
Version 1
In order for Dynamic Local User policies to function the PassiveMode ag must be set to 0 so that a Novell login screen appears. The PassiveMode key is only read by the Novell Client for Windows 4.9 or higher.
1-75
Depending on your workstation conguration, one of the following basic login dialogs appears:

Novell Client Login Dialog ZENworks Agent Login Dialog Microsoft Windows Login Dialog
If you bypass the ZENworks Desktop Management agent login by logging in to the local workstation only, you can use the following to connect to the Middle Tier server:
Novell Security Services Login Dialog
Novell Client Login Dialog
If you have Novell Client for Windows installed on your workstation you will normally use the Novell Client login dialog to authenticate: Figure 1-24

Logging in with the Novell Client authenticates to the eDirectory tree or server you specify using NCP. If you are using a separate ZENworks tree, the Novell Client passes the username and password to the ZENworks tree so that you are authenticated to both the production tree and the ZENworks tree.
ZENworks Agent Login Dialog
If you do not have the Novell Client for Windows installed on your workstation, but you have installed the ZENworks Desktop Management agent, you might see the ZENworks Desktop Management Agent login dialog: Figure 1-25
This dialog lets you log in to the Windows workstation as well as pass credentials to the Middle Tier server by identifying the server in the Middle Tier eld. When you authenticate with this login dialog, you are logged in to the tree that the Middle Tier server is congured to use as its authentication domain.

Version 1
1-77
Microsoft Windows Login Dialog
If the PassiveMode value is set to 1 in the registry you receive the normal Windows login. This is the default login screen for Windows when you do not have any Novell Client or ZENworks agent. When the Windows login screen is used, the authentication sequence is reversed with the Windows local or domain authentication happening rst, followed by pass through authentication to the eDirectory tree or the Middle Tier server. This type of login is best suited for Windows-only login, where the login needs to be as unobtrusive as possible.
Novell Security Services Login Dialog
If you bypass the Desktop Management Agent login by logging in to the local workstation only, you still need to authenticate to eDirectory to access applications. If the Application Explorer icon is displayed on your desktop or system tray (installed with the Desktop Management Agent), you have the option (by right-clicking the icon) to log in to the ZENworks Middle Tier server with the Novell Security Services login dialog: Figure 1-26

When you enter your user name and password, they are given to the Middle Tier server, which passes them to eDirectory for authentication. This login dialog uses the same authentication process used by the ZENworks Desktop Management Agent login dialog.
For complete information on authenticating to eDirectory from a ZENworks workstation, refer to Process Flow in ZENworks Desktop Management on page 53 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
How to Determine the Access Method and Login Dialog to Use

Use the following guidelines when determining which access method and login dialog to use:
Traditional client access with the Novell Client. If you are in an environment where the majority of your files are hosted on NetWare servers, and everyone already has the Novell Client for Windows you should use the traditional client access method. This will give you the best performance. Additionally, you should use the traditional access method if you require any of the features only provided by the Novell Client for Windows. This includes eDirectory login scripts, non-iPrint printing, and the ability to support NCP-based applications such as ConsoleOne.

Novell Client not deployed or access outside the firewall. If you have not yet deployed the Novell Client for Windows or you have workstations that are often outside the firewall, you should use the Web services access method. This method lets users receive their policies and applications regardless of their current location, as long as a Middle Tier server can be reached. To support workstations running this conguration make sure that you install a Middle Tier server. This may also require changes to your rewall conguration to allow access to the Middle Tier server. Use the ZENworks Desktop Management Agent login screen if you require Dynamic Local User to create local accounts on the Windows workstation with this method. This is required only if the workstation is not a member of a Windows domain.
Windows only environment. If you are in a Windows only environment where the majority of your computers do not have the Novell Client for Windows and the majority of your files are on Windows servers, use the Web services model. To support workstations running this conguration make sure that you install a Middle Tier server. This may also require changes to your rewall conguration to allow access to the Middle Tier server. If the workstation is a member of a domain and the user needs to authenticate to the domain, you can deselect the ZENworks Desktop Management Agent login during the agent installation. This means that users will continue to see their normal login dialog with all of the ZENworks functionality available with the exception of Dynamic Local User (which you should not use in a domain environment).

Objective 6
Install ZENworks 7 Desktop Management Middle Tier Services

To congure ZENworks 7 Desktop Management to support workstations that do not have the Novell Client for Windows or that are outside the rewall you need to install the ZENworks Middle Tier server. You can install the ZENworks Middle Tier server on NetWare 6, NetWare 6.5, Windows 2000 server, Windows Server 2003, Novell Open Enterprise Server (OES) Linux 1.0, and SUSE Linux Enterprise Server 9 Support Pack 1 (SP1). In this course, we focus on installing the ZENworks Middle Tier server on Novell Open Enterprise Server Linux. For details on installing the ZENworks Middle Tier server on NetWare, seeNovell ZENworks 7 Desktop Management NetWare Server Installation on A-1.
For complete information on installing the ZENworks Middle Tier server, see the Novell ZENworks 7 Desktop Management Installation Guide (dm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
To install the ZENworks 7 Middle Tier server on a Linux server, do the following:

Verify and Implement Pre-Installation Requirements Gather the Information Necessary for the Installation Install the ZENworks Middle Tier Server on Linux Configure Security (Optional) Verify That the Middle Tier Server Works Properly

Version 1
1-81
Verify and Implement Pre-Installation Requirements

To install the ZENworks Middle Tier server, you need to rst ensure that your server meets the following requirements: Table 1-6
Item Middle Tier Operating System Pre-Installation Requirement One of the following:

NetWare 6 Support Pack 5 Netware 6.5 Support Pack 2 Windows 2000 Server Service Pack 4 Windows 2003 Novell Open Enterprise Server (OES) Linux 1.0 SUSE LINUX Enterprise Server Support Pack 1 (SP1)
Web Server Platform
Internet Information 5 or 6 (Windows) Apache or Apache2 (Netware and Linux)
CPU
Pentium III or later (NetWare and Windows) Pentium III or later, 1 GHz or faster (Linux)
Hard Disk Space
160 MB (NetWare and Windows) 10 MB (Linux, less than 100 users) 25 MB (Linux, 100-500 users)
Memory
512 MB RAM. Upgrade to 1 GB of RAM if the Middle Tier Server will support more than 200 concurrent users.

(continued)
Table 1-6
Item Back End Server LDAP Conguration
Pre-Installation Requirement The server that you specify as the Back End server for authentication must allow clear text password authentication via LDAP. This is used to perform the LDAP lookup for the users context. The password that will be sent in clear text is that of the Middle Tier proxy account user. To enable clear text password support you must do the following:
1. From an administrative workstation, access iManager. 2. Expand the eDirectory Administration role; then select Modify Object. 3. In the Object Name eld, browse to and select your servers LDAP Group object. 4. Select OK. 5. Make sure that Require TLS for Simple Binds with Password is not selected. 6. Select OK.
eDirectory Schema Extension
Before you can congure ZENworks services, you need to extend the eDirectory schema. To extend the eDirectory schema:
1. Insert the ZENworks 7 Desktop Management CD. 2. From the ZENworks 7 Install dialog, select Desktop Management > your language > Schema Extension and Product Licensing. 3. Accept the software license, select Extend schema, enter a license code; then extend the schema by selecting Finish.

Version 1
1-83
(continued)
Table 1-6
Item Middle Tier Proxy User Account
Pre-Installation Requirement This account is used by the Middle Tier server when doing tasks such as performing LDAP contextless login searches. You can create this account using ConsoleOne (or iManager). The proxy user must have read rights to the CN attribute and write rights to the zendmWSNetworkAddress attribute for the context you specify as the user context. In addition, these rights should be congured as inheritable.
For additional information on ZENworks 7 Middle Tier server installation requirements, see Prerequisites for Installing the ZENworks Middle Tier Server on page 53 of the Novell ZENworks 7 Desktop Management Installation Guide (dm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Gather the Information Necessary for the Installation

Before you can install the ZENworks Middle Tier server, you need to gather the following information:

1-84
IP address and/or DNS name of the Back End authentication server. During the installation of the Middle Tier you are prompted for the DNS name or IP Address of a server that will be used to authenticate the users that are logging in through the Middle Tier.
Version 1
This server must be a NetWare, Windows, or Linux server running Novell eDirectory.
Context where users to be managed exist. When users authenticate through the Middle Tier server they typically use only a username with no context required. To allow contextless logins, the Middle Tier server performs an LDAP search at a container you specify to determine the location of the user in the tree. You will need to know the parent container where the users that you want to access ZENworks services reside.
Middle tier proxy user account information. The Middle Tier proxy user is used to perform the LDAP lookup. Type of servers you expect ZENworks application and policy files to be stored on. The platforms that you are planning to store your application and policy files on determine the platform(s) you can use for your Middle Tier. If you have only NetWare servers that are being used as a le storage location, then your Middle Tier server can be either Windows or NetWare. If you plan to access les on Windows servers or Linux Samba servers then you must use a Windows Middle Tier server.
Install the ZENworks Middle Tier Server on Linux

After you have met the pre-installation requirements and have gathered the necessary information, you can install the Middle Tier server on Linux by doing the following:
1. 2.
From the Linux desktop, open a terminal window. From the shell prompt, switch to the root user by entering su and the root password.

Version 1
1-85
3.
Mount the ZENworks 7 Desktop Management CD and view the files on the CD: a. b. Insert the ZENworks 7 Desktop Management CD. Enter su . The su command (without indicating a user name) switches you by default to the root user. Including the switches you to the environment settings for the root user. c. e. Enter the root password. List the les in the media directory by entering ls /media. You should see a subdirectory such as dvd, cdrom, or cdrecorder. This is the place in your Linux le system where you can access the les on a DVD or CD. f. Change to the /media/mount_point directory by entering cd /media/mount_point (where mount_point is a directory such as dvd, cdrom, or cdrecorder). d. Change to the /media directory by entering cd /media.
g. List the les on the ZENworks 7 Desktop Management CD by entering ls. You should see a setup script le.
x
4.
If no les are listed, you will need to manually mount the CD by entering mount /media/mount_point.
Display the first page of the installation program by entering the following: ./setup Make sure you enter a leading period, or Linux will not nd the setup script.

x
Figure 1-27
After unpacking and extracting the Java Runtime Environment (JRE) and installation resources, the following introduction appears:
5.
Continue by pressing Enter. The following installation prerequisites appear:
Figure 1-28
Notice that there are keystrokes listed for moving forward and back through the installation script.

From any page of the installation program, you go back to the previous page by entering back, or cancel the installation program by entering quit.
6.
Continue by pressing Enter. The rst page of the prerequisite information appears.
7.
Exit the prerequisite information by typing q. The following license agreement appears:
Figure 1-29
8.
Continue by pressing Enter.

The rst page of the license agreement appears: Figure 1-30
9.
Read and page down through the terms of the license by pressing the Spacebar several times. accept the terms by entering y. The Choose Install Set page appears:
10. When you reach the end of the license agreement, type q; then
Figure 1-31

From this page, you can install the ZENworks Desktop Management server (Back End services) or the ZENworks Middle Tier server, or install both on the same computer by selecting All Features. If you want to customize the installation parameters (such as the services installed), select Customize.
11. Select ZENworks Middle Tier Server by entering 3.
A Middle Tier Server Conguration Information page appears: Figure 1-32
12. Enter the following information:
Server name/IP address. Enter the DNS name or IP address of the server where eDirectory is installed. Proxy User (admin.myCompany). Enter the fully-qualied distinguished username of the Middle Tier proxy user account (for example, midtier-proxy.org-unit.org). To ensure that these credentials remain secure, you can set up an arbitrary user with specic administrative rights.
Password. Enter the eDirectory password for the Middle Tier proxy user.

13. Enter the eDirectory context where the Middle Tier Server can
look for user objects that will be using Desktop Management. This value is passed to the ZENworks Middle Tier server, which uses it as a starting point when searching for a user. For this reason, you should use the context of the highest-level container in your tree below which user objects reside. For example, if users exist in many subcontainers, specify the context of the container that holds all of those subcontainers. When a user logs in through the ZENworks Middle Tier server, the server begins searching for a user in the designated eDirectory container, then search subcontainers in that container until the correct user is found. The installation program veries the existence of the context (that is, the directory container) before continuing.

The Pre-Installation Summary page appears: Figure 1-34
14. When you finish reviewing the summary page, begin the
installation by pressing Enter. The following progress page appears: Figure 1-35
When the installation process is complete, InstallAnywhere creates an installation log le.
x
1-92
You can press Ctrl+C to abort the creation of the log le.
Version 1
If the installation is successful, the View Readme page appears: Figure 1-36
View the readme le by entering 1, pressing Enter to page down, and then pressing Enter to display the Installation Complete page. Skip to the Installation Complete page by entering 2.
Notice that most of the ZENworks les have been stored in /opt/novell/zenworks. However, the installation log le is stored in /var/log, and the ZENworks daemons (services) are stored in /etc/init.d.
16. Exit the installation program by pressing Enter.

Congure Security (Optional)

If you will be placing the Middle Tier in the DMZ and using it to support users on the Internet, we recommended that you congure the Middle Tier to support HTTPS connections. To congure HTTPS connection support, do the following:
1.
Create a certificate signing request and then send the request to a Certificate Authority. This could be either a trusted CA or your own organizational CA. Use NSADMIN to ensure that the certificate used by the Middle Tier is the one issued for this purpose. If the certificate was not issued by a trusted CA make sure that you distribute the trusted root certificate to the Computer Store on each workstation that needs to communicate with the Middle Tier in a secure fashion.
2.
3.
Verify That the Middle Tier Server Works Properly

To make sure that the Middle Tier is running and functioning properly, try accessing the following URLs from a web browser:
http://Middle_Tier_Server_DNS_or_IP/oneNet/xtier-stats

If the Middle Tier is running. then the URL displays a web page with server statistics similar to the following: Figure 1-38
http://Middle_Tier_Server_DNS_or_IP/oneNet/xtier-login If the Middle Tier is functioning properly, entering this URL prompts you for credentials:
Figure 1-39

Version 1
Enter your eDirectory username and password.
1-95
When you select OK, you should see an XML document with an error code of 0 and the fully distinguished name of the user, such as the following: Figure 1-40
http://Middle_Tier_Server_DNS_or_IP/oneNet/zen If the ZENworks components of the Middle Tier are functional, entering this URL displays a web page message indicating that ZENworks is running on the Middle Tier.
http://Middle_Tier_Server_DNS_or_IP/oneNet/wsimport If the ZENworks components of the Middle Tier are functional, entering this URL displays a web page message indicating that XWSIMPORT is running on the Middle Tier.

Exercise 1-2
Install the ZENworks 7 Desktop Management Middle Tier Services

Most of the workstations at the Digital Airlines ofce in Salt Lake City run Windows XP with the Novell Client for Windows. However, some Windows XP workstations do not have the Novell Client installed. To support ZENworks 7 services on workstations without the Novell Client installed, you need to install and congure a ZENworks Middle Tier server. In this exercise, you use the following Host computers and VMware virtual machines:
Figure 1-41
Do the following:

Part I: Extend the eDirectory Schema Part II: Prepare for the Middle Tier Installation Part III: Install the Middle Tier Server Part IV: Verify That the Middle Tier Server Works

Version 1
1-97
At the end of this exercise, you should have a ZENworks Middle Tier server that can be used to provide ZENworks services to workstations without a Novell Client.
Part I: Extend the eDirectory Schema
Before you can congure ZENworks services, you need to extend the eDirectory schema. As part of the schema extension, you also license the ZENworks 7 product. In order to provide you with a licensed copy of ZENworks 7 (and avoid the frequent reminder message that you have installed a 90 day evaluation license), the DA-ZEN virtual machine already has the schema extended with a valid license code. However, to provide you with the chance to see how to extend the schema, do the following:
1.
Make sure that the DA-ZEN server is running under VMware and that you are logged in as admin with a password of novell. With the DA-ZEN server running, and logged in as admin, you are ready to create users and administer rights on the master replica of eDirectory running on DA-ZEN.
2.
On your Host2 computer, right-click the red N in the system tray; then select NetWare Login. The Novell Client 4.91 login dialog appears.
3.
Select the Advanced button; then enter the following:

Username: admin Password: novell Tree: DA-TREE Context: slc.da Server: da-zen

1-98
When you finish, select OK.
Version 1
You are logged in to the DA-ZEN server.

5.
Insert the Novell ZENworks 7 Product DVD in the Host2 DVD drive. From Windows Explorer, display the contents of the DVD. Right-click ZEN7_DesktopMgmt.iso; then select Daemon-Tools > Mount to E:. The ZENworks 7 Install dialog appears.
6. 7.
8.
(Conditional) If the installation program does not autorun, from Windows Explorer, display the contents of (E:); then double-click winsetup.exe. From the ZENworks 7 Install dialog, select Desktop Management. Licensing. After a few moments, the ZENworks 7 Software License Agreement page appears.
9.
10. Select your language > Schema Extension and Product
11. Select Accept; then continue by selecting Next.
The eDirectory Tree for Creating Objects page appears.

12. In the Tree field, enter DA-TREE. 13. Make sure that the Extend schema option is selected; then
continue by selecting Next. A Schema Extension dialog appears letting you know that the schema has already been extended and asking if you would like to re-extend the schema.
14. Re-extend the schema by selecting Yes.
Make sure that the selected tree is DA-TREE, the tree schema will be extended, and that the ZENworks licensing is already installed.

Version 1
Begin extending the schema by selecting Finish.
1-99
A dialog appears indicating that the schema extension was successful.

16. Skip viewing the log file by selecting OK.
A second dialog appears indicating the schema extension and licensing was successful.
17. Close the dialog by selecting OK. 18. Close the ZENworks 7 Install window. 19. Remove the Novell ZENworks 7 Product DVD from the DVD
drive.
Part II: Prepare for the Middle Tier Installation
Prior to installing the Middle Tier services you must do the following:
Determine the platform that ZENworks files will be located on. In the Digital Airlines network environment this is exclusively on OES Linux or NetWare servers.
Determine the context of the users in the tree that should be able to access resources through the Middle Tier. In the Digital Airlines environment this is all of the users in the tree.
Create an account that can be used by the Middle Tier when performing LDAP contextless login searches and when updating the network address information on the user object at login time.
In this part of the exercise, you create a user that can be used by the Middle Tier installation, and you grant rights to BWayne to administer the Middle Tier.

Do the following:
1.
From your Host2 computer desktop, start ConsoleOne by selecting the ConsoleOne icon. Browse to and right-click the ZEN.da container; then select New > User. Enter the following:

2.
3.
Username: ZDMMidTierUser Surname: ZENworks
4.
When you finish, select OK. A Set Password dialog appears.
5.
Enter a password of n0v3ll (a zero and a three) twice; then select Set Password. Right-click the da container object; then select Trustees of this Object. A Properties of da dialog appears.
6.
7. 8.
Select Add Trustee. Browse to and select the ZDMMidTierUser.ZEN.da user object; then select OK. Select [All Attribute Rights]; then select the Delete Property button.
9.
10. Select Yes. 11. Select [Entry Rights]; then select the Supervisor right and
make sure Inheritable is selected.

12. Select Add Property; then select the Show all properties check
box.
13. Scroll down to and select the CN attribute; then select OK.

Version 1
14. Select the Inheritable check box (leave default properties
checked); then select Add Property.
1-101
15. Select the Show all properties check box. 16. Scroll down to and select the zendmWSNetworkAddress
attribute; then select OK.

17. Select the following additional attributes (leaving default
Compare and Read properties checked):

Write Inheritable
18. Select OK twice. 19. Right-click ZDMMidTierUser.ZEN.da; then select Trustees
of this Object.
20. Select Add Trustee. 21. Browse to and select BWayne.Users.slc.da; then select OK. 22. Select Add Property. 23. Scroll down to and select Equivalent to Me; then select OK. 24. Select the Write check box (leave the Compare and Read
defaults checked); then select OK twice. BWayne now has rights to administer the Middle Tier because he is security equivalent to the user that the Middle Tier is authenticating as.
25. Close ConsoleOne.
You now have everything you need to successfully install the ZENworks Middle Tier server.

Part III: Install the Middle Tier Server
With the information gathered and the pre-requisites met you are now ready to install the ZENworks Middle Tier server. For this course, you use the DA-ZEN virtual server as both the Middle Tier and Back End server. To install the ZENworks Middle Tier server on DA-ZEN, do the following:
1.
From the DA-ZEN desktop on the Host1 computer, open a terminal window by selecting the Terminal Program icon (a monitor with a shell) from the bottom of the screen. A Shell - Konsole window appears.
2.
From the shell prompt, switch to the root user: a. b. Enter su . Enter the root password of n0v3ll (a zero and a three).
3.
Mount the ZENworks 7 Desktop Management for Linux CD .iso file and view the files on the CD: a. b. Insert the Novell ZENworks 7 Product DVD in the Host1 DVD drive. From the terminal window, change to the /media/cdrecorder directory by entering the following: cd /media/cdrecorder c. Display the contents of the directory by entering ls. A list of ZENworks 7 product .iso les is displayed. d. Mount the ZEN7_DesktopMgmtLinux.iso le by entering the following: mount -o loop ZEN7_DesktopMgmtLinux.iso /mnt e. Change to the /mnt directory by entering cd /mnt.

f.
List the les in the mnt directory by entering ls. Because you have mounted the ZEN7_DesktopMgmtLinux.iso at /mnt, you can view and access all the les on the ZENworks 7 Desktop Management Linux CD. You should see a setup script le.
4.
Start the installation by entering the following: ./setup Make sure you enter a leading period, or Linux will not nd the setup script. The setup script begins extracting and unpacking the JRE, preparing to install, and then launches the Novell ZENworks 7 Linux-Based Desktop Management Installation program.
5.
Continue by pressing Enter. An Installation Prerequisites page appears.
6.
Continue by pressing Enter; then exit the prerequisite page by typing q. A License Agreement page appears.
7. 8.
Exit the license agreement text by pressing Enter; then typing q. Accept the terms of the license agreement by entering y. A Choose Install Set page appears. From this page, you can install the ZENworks Desktop Management server (Back End services), the ZENworks Middle Tier server, or install both at the same time on the same computer by selecting All Features.
9.
Select ZENworks Middle Tier Server by entering 3. You are asked for the name or IP address and administrative credentials for an eDirectory server.

1-104
Version 1
10. Accept the default (DA-ZEN) for the Server Name/IP Address
by pressing Enter.
The default setting at each prompt is enclosed in parentheses (). You can accept the default and continue with the installation by pressing Enter. You can also move back one page in the installation script by entering back, or exit the installation by entering quit.
You are prompted for the Proxy User.

11. Type ZDMMidTierUser.ZEN.da; then press Enter. 12. For the proxy password, type n0v3ll; then press Enter. 13. For the users context, type da; then press Enter.
A Pre-Installation Summary page appears with the following information:

Product Name: ZENworks Desktop Management Product Components: Middle Tier
The Middle Tier components begin installing. This can take several minutes. After installation is complete, a View Readme page appears.
After a few moments, you are returned to the shell prompt.

17. View the contents of the installation log file by entering the
following (all on one line with a space after more): more /var/log/ZENworks_Desktop_Management_InstallLog.log
18. Scroll through the installation log by pressing the Spacebar.
Note the Status: messages. You should see SUCCESSFUL for each component installed.
19. When you finish, exit the log by typing q (or press Enter until
you exit).
20. Unmount the ZENworks 7 Desktop Management for Linux .iso
file and remove the Novell ZENworks 7 Product DVD: a. b. From the terminal window prompt, change to the root directory by entering cd /. Unmount the ZENworks 7 Desktop Management for Linux CD by entering the following: umount /mnt Notice that there is no n in the umount command. c. Remove the Novell ZENworks 7 Product DVD from the DVD drive.
21. Close the terminal window by entering exit twice. 22. Restart the DA-ZEN server:
a.
At the bottom of the screen, select the KDE menu icon (green circle with red N); then select Logout. An End Session for admin dialog appears. Select Logout. After a few moments, the GUI login dialog appears. From the Menu drop-down list, select Shutdown.
b. c.

1-106
d. Select Restart computer; then enter a password of n0v3ll (a zero and a three). e. Restart DA-ZEN by selecting OK.
Version 1
23. When the GUI login dialog appears (after the computer restarts),
log in as admin with a password of novell.
Part IV: Verify That the Middle Tier Server Works
Before continuing, it is important that you verify that the Middle Tier server is functioning properly. Do the following:
1. 2.
From your Host2 computer, start Internet Explorer. Enter the following URL: http://midtier.digitalairlines.com/oneNet/xtier-stats A table with statistical information about the Middle Tier appears.
3.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/xtier-login A login dialog appears.
4.
Log in by entering the following and selecting OK:

User Name: BWayne Password: novell
An XML document with the fully distinguished name for BWayne appears.
5.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/nsadmin The Netstorage Administration page appears.
6.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/zen

Version 1
A page appears indicating that XZEN is running in the Middle Tier.
1-107
7.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/wsimport A page appears indicating that XWSIMPORT is running.
8.
Close Internet Explorer.
If the appropriate pages appear, you have a functional Middle Tier server.
(End of Exercise)

Objective 7
Install the ZENworks Desktop Management Agent

After installing ZENworks 7 Desktop Management, you must install the Desktop Management agent on each workstation whether you use the Novell Client or not. The agent enables the workstation to communicate with the Back End server and the Middle Tier server.
The Desktop Management Agent installation removes the ZENworks features that were previously installed by the Novell Client and replaces them with selected ZENworks workstation features.
The agent is installed using an MSI-based application installation and is fairly transparent to the user, unless you use a Dynamic Local User (DLU) policy. If you use DLU, replace GINA (a graphical identication and authentication DLL) so the ZENworks agents can authenticate to eDirectory and create a local Windows NT/2000/XP account. GINA implements the authentication policy of the interactive login model and performs all user identication and authentication interactions in NT/2000/XP systems. The standard GINA that ships with NT/2000/XP is MSGINA.DLL. Novell has written its own GINA, NWGINA.DLL, which replaces MSGINA.DLL to perform authentication to eDirectory. NWGINA.DLL ships with the Novell Client for Windows and the ZENworks Desktop Management agent. To enable management of workstations, you need to do the following:
Verify That Workstations Meet Prerequisites Determine the Services You Want to Install Install the ZENworks Desktop Management Agent

Version 1
1-109
Verify That the ZENworks Desktop Management Agent Installation Works Properly
Verify That Workstations Meet Prerequisites

ZENworks Desktop Management is designed to work in a clientless environment. The end user's workstation does not rely on the Novell Client to communicate with the Desktop Management Server software. This does not mean that the Novell Client cannot be present. In fact, users can continue to use the Novell Client versions 3.34/4.9 or later even when the newer workstation functionality of ZENworks Desktop Management is installed with the Desktop Management agent. ZENworks Desktop Management has been extensively tested on the following desktop platforms:

Windows 2000 Professional with Service Pack 4 applied Windows XP Professional with Service Pack 1 (minimum) applied Windows 98 SE
For full functionality and performance, workstations managed by ZENworks Desktop Management require the following to support the Desktop Management agent:

CPU: Pentium Pro 200 MHz or faster Free Disk Space: 20 MB (minimum) Memory: 64 MB (minimum) NIC: PXE-enabled (only if Preboot Services is installed) Browser: Internet Explorer 5.5 SP2 or later with 128-bit encryption. If youre using Internet Explorer 6.0, be sure to configure it to accept cookies.

1-110
Version 1
Microsoft Windows Installer: MSI 2.0 or later Novell Client (optional): If you choose to use the Novell Client for authentication, you must use version 4.9 SP1a or later.
Determine the Services You Want to Install

When you install the ZENworks 6.5 Desktop Management agent the following components are installed:

Novell Application Launcher (NAL) Workstation Manager Workstation Inventory Remote Management Workstation Imaging
Novell Application Launcher (NAL)
Novell Application LauncherTM (NAL) is a service through which applications are distributed to users. Application Launcher shows only the application objects that the user or workstation is associated with. Application Launcher provides the following features:
Distributing an application. You can distribute and manage applications to associated users and Windows 98/NT/2000/XP workstations. Uninstalling an application. Any applications, including MSI-based applications, that are distributed through Application Launcher can be uninstalled. All les, INI entries, and registry entries associated with the applications are deleted when the application is uninstalled.

Version 1
1-111
Provides complete management of the application. This allows you to configure settings that should be applied each time the user launches the application from Application Launcher, and includes features such as application chaining, licensing, and metering.
Workstation Manager
Workstation Manager provides the ability to apply user and workstation associated policies. This service is also a foundation for any workstation based service including imaging, inventory, and remote management.
Workstation Inventory enables inventory management in a workstation. The Workstation Inventory agent collects hardware and software inventory information from scanned workstations and stores it in a centralized database. You can query the database for inventory information from ConsoleOne.
Remote Management
The Remote Management agent is installed on workstations to allow you to remotely manage those workstations. The Remote Management agent starts when the workstation boots.

Workstation Imaging
The Workstation Imaging agent allows workstations to track unique workstation information, such as workstation name, between imaging sessions. ZENworks provides tools for customizing such images and for making images available to auto-imaging operations through eDirectory. Workstation imaging can be used in all types of workstation management situations where workstations have to be kept running or you need to quickly restore a workstation from failure.

If the workstation meets the necessary prerequisites, you can install the agent using one of the following methods (depending on your environment):

Agent Distributor Utility MSI based NAL Application Login Script Web Site Manual Installation
b
Version 1
For complete information on installing the Desktop Management Agent, see Installing and Conguring the Desktop Management Agent on page 97 of the Novell ZENworks 7 Desktop Management Installation Guide (dm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
1-113
Agent Distributor Utility
The Agent Distributor utility is available in ConsoleOne and lets you perform an automatic installation of the agent in an environment that includes a Windows domain or Active Directory Services. For the Agent Distributor utility to work, you must make sure that
You are running ConsoleOne from a workstation that is a member of the domain. You are logged into the domain as a Domain Administrator. The workstation on which you want to install the agent is a member of the domain.
If these conditions are met, do the following:

1.
From the ConsoleOne menu bar, select Tools > ZENworks Utilities > Install Agents. The following appears:
Figure 1-42

2.
To the right of the ZENworks Desktop Management Agent ZfDAgent.msi) field, select Browse. A ZENworks Desktop Management Agent Location dialog appears.
3.
Browse to and select the directory where the ZfDAgent.msi file is located; then select Open. The path to the agent appears in the Agent Location eld.
4.
To the right of the Remote execution command line field, select Configure Agent. A Congure ZENworks Desktop Management Agent dialog appears.
5.
At the top of the dialog, select Install. All the features of the ZENworks Desktop Management Agent are selected for installation:
Figure 1-43

The following are available:
Features. Select the features you want installed or uninstalled. If you select Uninstall and select all of the features, the ZENworks Desktop Management agent is uninstalled. Middle Tier Address and HTTP Port. If you are using a ZENworks Middle Tier server, specify the DNS name or IP address of the ZENworks Middle Tier server that the Desktop Management Agent will be connecting to; then specify the HTTP or HTTPS port number that the Apache Web Server (NetWare) or the IIS Web Server (Windows) will use to listen for the agent login. If you are using the Novell Client, no Middle Tier address is required. If no Middle Tier address is specied, the Agent Distributor veries at installation time that a Novell Client is installed. The Agent Distributor does not install the agent if the Middle Tier has not been specied.
Login Settings. These settings determine the ZENworks Middle Tier server login options that are available in Workstation Manager:
Display Novell Login. Select this option to enable Middle Tier server login to be displayed by the Workstation Manager. Editable Middle Tier Address. Select this option to enable users to edit the Middle Tier server address during login.
Application Launcher Settings. These settings apply to the Novell Application Launcher:

1-116
Limit Application Launcher to One Tree. Select this option to limit the Novell Application Launcher access to applications in one tree only. Specify the tree in the ZENworks for Desktops Tree field.
Version 1
Launch on Windows Startup. Select the Novell Application Launcher view (Application Explorer or Application Window) that is added to the Windows Startup folder and launched when Windows starts.
If you dont want to use the Windows Startup folder to start Novell Application Launcher, dont select either view.
Tree Settings. Use this eld to specify the eDirectory tree to be used as the ZENworks tree. If Workstation Manager is installed, this tree becomes the tree where it looks for policies. If Limit Application Launcher to One Tree has been selected and Application Launcher is installed, this tree becomes the tree where it looks for applications.
6.
When you finish, select OK. You are returned to the Agent Distribution Utility dialog.
7.
Below the Target Workstations - Workstation (Domain) list, select Add. The following appears:
Figure 1-44

Enter information in the following elds:
IP Address(es). Enter the IP Address for each target workstation where you want to deploy the Desktop Management Agent. You can delimit this list with commas. You can also enter a range of IP addresses as a single item in the list.
Username. Enter the username of the workgroup administrator. Password. Enter the password of the workgroup administrator. Reenter Password. Re-enter the password to verify it as the workgroup administrators password.
x
8. 9.
Any target workstation you specify in the IP Addresses eld must use the same credentials (that is, username and password).
Save the list of target workstations by selecting OK. From the Agent Distributor Utility dialog, select Deploy Agent. The Remote Procedure Call (RPC) connection is used to deploy the agent.

The Distributing ZENworks Desktop Management Agents to Target Workstations dialog box appears: Figure 1-45
The dialog box displays deployment successes and failures. You can save a failure event to a project le (.pad) and open it from the File menu after you have corrected the problems with the failed workstations.
10. When the deployment is complete, close the Distributing
ZENworks Desktop Management Agents to Target Workstations dialog box by selecting Close.
MSI based NAL Application
If you are currently using a previous version of ZENworks, you can create a new MSI based application object to distribute the agent.

The process for deploying a new version of the agent with a previous version of ZENworks is described in the ZENworks 7 Desktop Management Installation Guide (dm7install.pdf).
You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Login Script
If you are deploying the agent in an environment where users are members of the administrators group, and the Novell Client for Windows is installed, you can use an eDirectory login script to install the agent. To do this, simply add the following to the login script (on one line): msiexec.exe /i \\server\sys\public\zenworks\zfdagent\english\zfdagent.msi If you want to add conguration information, you can add public properties on the command line. These public properties are variables that can be used during the installation. Several of the important properties are listed below: Table 1-7
Property Name LOGIN_PASSIVE_MODE Description Species which login screen should be shown. If the value is set to 0 then the Novell login screen is displayed. If the value is set to 1 then the Microsoft login screen is displayed. Species the name of the tree where ZENworks policies exist.
ZENWORKS_TREE

1-120
Version 1
(continued)
Table 1-7
Property Name NAL_SINGLE_TREE
Description If this value is non-zero then the application management components of ZENworks will only look for applications in the tree specied by the ZENWORKS_TREE value. Species that the install should place a shortcut to NAL Explorer in the Windows startup group. Species that the install should place a shortcut to NAL Window in the Windows startup group. Species the DNS name or IP address of the Middle Tier server. Species the port that should be used to communicate with the Middle Tier.
STARTUP_APPEXPLORER
STARTUP_APPLAUNCHER
MT_SERVER_ADDRESS
HTTP_PORT
A full list of the properties available for use during the agent installation can be found in the online documentation.
Web Site
For those in your organization who travel frequently or work remotely, you can deliver an installation of the Desktop Management agent through a web site. This requires the following:
Building an installation (.exe) file using software such as PackageForTheWeb 4. Placing the installation file on an accessible web site. Making sure that the user has administrative rights on the workstation to install software.

Version 1
1-121
On a Linux server, you can place the installation le in the /srv/www/htdocs directory, and then have users point to http://server_IP_address_or_DNS_name/install.exe (where server_IP_address_or_DN_name refers to the Linux server, and install.exe is the name of the installation le) to start the installation.
Manual Installation
To install the Desktop Management agent on an individual workstation using the Novell ZENworks 7 Desktop Management CD, do the following:
1.
At the workstation, insert the Novell ZENworks 7 Desktop Management CD into the CD drive. The Winsetup.exe program will autorun. If it does not autorun, launch the program from the root of the CD.
2. 3. 4.
Select Desktop Management. Select your language. Select Desktop Management Agents.

5.
In the Welcome screen, select Next. The following appears:
Figure 1-47

6. 7.
Read the License Agreement. Select I Accept the Terms in the License Agreement; then select Next. The following appears:
Figure 1-48
8.
On the Custom Setup page, select the features that you want to install on the workstation. The options you can install include the following:
Application Management. Uses the Novell Application Launcher to provide users access to workstation applications that you can install and then manage. Application Management is installed by default, even if it is not selected, to accommodate future updates to the Desktop Management Agent.
Workstation Manager. Lets you congure and manage workstations by using eDirectory. Workstation Inventory. Helps you collect hardware and software inventory information from scanned workstations.

1-124
Version 1
Remote Management. Lets you manage remote workstations from a management console. Mirror Driver. Provides video adapter independence and co-existence with other remote control solutions. If this feature is selected, the MSI installation overrides video driver checks and suppresses any Windows messages. If you do not want this driver, you can deselect it (optimization will be disabled).
Workstation Imaging. Lets you take an image of a workstation's hard drive and put it on other workstations.
9.
When you finish, select Next. The following appears:
Figure 1-49
10. (Optional) Specify the DNS name or IP address of the
ZENworks Middle Tier server that the agent will be connecting to (if youve installed the Middle Tier server).

11. (Optional) Specify the HTTP or HTTPS port number that the
Apache web server (NetWare) or the IIS web server (Windows) will use to listen for the Agent login. This only applies if youve installed the Middle Tier server. The IP address or DNS name and the port number let the workstation access the Apache web server running alongside the Middle Tier, which will pass on the authentication credentials to the Desktop Management Server. The IP address or DNS name is optional if the Novell Client is installed.
12. Select Next.
If you are installing to a workstation that does not have the Novell Client installed, the Workstation Manager Settings page appears.
13. (Conditional) Customize the settings for the Workstation
Manager feature by selecting either Display ZENworks Middle Tier Server Authentication Dialog or Allow Users to Change Middle Tier Server Address.
14. Select Next. 15. Select Next again to display the Novell Application
Launcher/Windows Startup Options page.

16. Choose to launch either Application Explorer or Application
Window on startup.
17. Select Next.
If you are installing the Workstation Manager or the Application Launcher, the ZENworks Tree page appears.
18. (Conditional) If you want to limit the user of the workstation to
accessing applications available only in the eDirectory tree you designate, select Limit Application Launcher to One Tree Only.

19. (Conditional) If you selected the above option, specify the name
of the eDirectory tree in the ZENworks Directory Tree field. If you did not select Limit Application Launcher to One Tree Only, you can still specify the name of a tree in the ZENworks Tree eld. This tree is recognized by Workstation Manager as the tree where policies reside.
20. Select Next. 21. Select Install to launch the installation program.
Wait while the product is installed.

22. When prompted that the installation is complete, select Finish.
If you decide to add components after the initial installation of the Agent, you can run the installation program again and select the Modify option.
Verify That the ZENworks Desktop Management Agent Installation Works Properly
Do the following to verify that the ZENworks Desktop Management Agent installed properly:

Check the Add/Remove Programs Control Panel for the Agent. Make sure that the following services are running:

Workstation Manager Novell Application Launcher ZENworks Remote Management
Make sure that Application Launcher starts. Make sure that you can run ZISWIN.

Exercise 1-3

Now that you have installed a ZENworks Desktop Management server environment with a Middle Tier server, you are ready to test deploying the ZENworks Desktop Management agent. You decide to use a WS1 workstation running the Novell Client, and a WS2 workstation without the Novell Client installed. Both computers have Windows XP Professional installed. In this exercise, you deploy the ZENworks Desktop Management Agent to the WS1 workstation using a Novell Client login script, and deploy the agent to the WS2 workstation using the Agent Distributor Utility. Do the following:

Part I: Start the WS1 and WS2 Workstations Part II: Install the ZENworks Desktop Management Agent on WS1 from a Login Script Part III: Distribute the ZENworks for Desktops Management Agent With the Agent Distributor Utility

Part I: Start the WS1 and WS2 Workstations
In this exercise, you use the following VMware virtual machines: Figure 1-50
(crossover cable) Host 1 VMware Virtual Machines DA-ZEN OES Linux 10.200.200.250 Host 2 VMware Virtual Machines WS1 WinXP Pro XP2 10.200.200.11
WS2 WinXP Pro XP2 10.200.200.12
1.
Make sure the DA-ZEN server is running, and that you are logged in as admin with a password of novell. From VMware Workstation on the Host2 computer, start the WS1 workstation by selecting the WS1 tab. From the WS1 tab page, select Start this virtual machine. After the WS1 workstation starts, a Novell Client 4.91 login dialog appears. You use this dialog later in the exercise.
2.
3.
4. 5.
Leave the dialog displayed; then start the WS2 workstation. When the Windows login screen appears, log in as Student with a password of novell. When the Windows XP desktop appears, you are ready to use the WS1 and WS2 workstations for this exercise.

Version 1
1-129
We recommend that you always have WS1 and WS2 running while working through the exercises in the course, as you frequently use the workstations to verify that your ZENworks 7 conguration is working properly.
Part II: Install the ZENworks Desktop Management Agent on WS1 from a Login Script
If you are currently using the Novell Client, the easiest way to deploy the ZENworks Desktop Management agent is to simply call the installation from the container login script. In this exercise, you congure the login script to execute the ZfDAgent.msi application, which installs the agent on the WS1 virtual workstation. Do the following:
1.
Copy the exist.exe file on your 3062 Course CD to /usr/novell/sys/PUBLIC on your DA-ZEN virtual server: a. b. c. Insert the 3062 Course CD in the Host1 computer. From the DA-ZEN desktop, open a terminal window. Switch to root user by entering su -; then enter a password of n0v3ll.
d. Change to the /media/cdrecorder/exercises directory by entering cd /media/cdrecorder/exercises. e. Copy the exist.exe le to /usr/novell/sys/PUBLIC by entering the following: cp exist.exe /usr/novell/sys/PUBLIC f. Make sure the le copied by entering the following: ls /usr/novell/sys/PUBLIC The le is listed with several other .exe and .ovl les.

1-130
g. Change to the root directory by entering cd /. h. Remove the 3062 Course CD from the drive.
Version 1
2.
Copy the ZfDAgent.msi application to the /usr/novell/sys/PUBLIC/zenworks/zfdagent/english directory: a. Change to the /usr/novell/sys/PUBLIC directory by entering the following: cd /usr/novell/sys/PUBLIC b. Create the /usr/novell/sys/PUBLIC/zenworks/zfdagent/english directory by entering the following: mkdir -p zenworks/zfdagent/english c. Change to the /usr/novell/sys/PUBLIC/zenworks/zfdagent/english directory by entering the following: cd zenworks/zfdagent/english d. Copy the ZFDAGENT.MSI application by entering the following (all on one line with a space after cp): cp /opt/novell/zenworks/zdm/agent/English/ZfDAgent.msi . Make sure you include a space and a period at the end of the command line to copy the le to the local directory.
3.
Modify the login script to distribute the ZENworks Desktop Management Agent: a. From your Host2 computer desktop in the system tray, right-click the red N; then select NetWare Login. A Novell Client for Windows login dialog appears. b. c. Log in as admin with a password of novell. From the Host2 computer desktop, start ConsoleOne.
d. Expand the DA-TREE and right-click Users.slc.da; then select Properties. e. Select the Login Script tab. An empty Login Script eld is displayed. f. Insert the 3062 Course CD in the Host2 computer CD drive.

Version 1
1-131
g. From Windows Explorer on the Host2 desktop, double-click the D:\exercises\agent_script.txt le to open it in Notepad. The script for installing the ZENworks Desktop Management agent is displayed. h. Copy the script; then paste the script in the ConsoleOne Login Script eld by pressing Ctrl+V. The script looks similar to the following: #\\DA-ZEN\sys\PUBLIC\exist C:\program les\novell\ZENworks\NALdesk.exe if ERROR_LEVEL !=0 then begin @MSIEXEC.EXE /i \\DA-ZEN\sys\PUBLIC\ zenworks\zfdagent\english\ZfDAgent.msi STARTUP_APPEXPLORER=1 LOGIN_PASSIVE_MODE=0 NAL_SINGLE_TREE=1 ZENWORKS_TREE=DA-TREE /qb+! end The script includes the following lines:
\\DA-ZEN\sys\PUBLIC\exist C:\program files... The script uses the exist.exe program on the DA-ZEN server to look for the Application Launcher program (NALdesk.exe) on the local machine. If the NALdesk.exe program exists, then the ZENworks agent has been installed, and the script ends.
if ERROR_LEVEL !=0 then begin If the NALdesk.exe program cannot be found (0) then whatever follows this line of the script should be executed.

1-132
Version 1
@MSIEXEC.EXE /i \\DA-ZEN\sys\PUBLIC\... This line starts the ZfDAgent.msi application on DA-ZEN, which launches the installation of the ZENworks agent on the local machine.
In order for the script to work properly, you need to replace the quotation marks around 0 with those typed from your keyboard. i. j. In the Login Script eld, delete the double quotation mark characters around 0 and type new double quotation marks. When you nish typing the new double quotation mark characters and reviewing the script, close the Notepad window.
k. Remove the 3062 Course CD from the CD drive.

4.
Assign additional rights to PUBLIC volume SYS on the DA-ZEN server for the users in the Users.slc.da container: a. b. c. From the Properties of Users dialog, scroll to the right and select the Rights to Files and Folders tab. To the right of the Volumes list, select Show. A Select Object dialog appears. Select the DA-ZEN_SYS.slc.da volume; then select OK, A DA-ZEN_SYS.slc.da entry appears in the Volumes list. d. To the right of the Files and Folders list, select Add. A Select Object dialog appears. e. f. Double-click the DA-ZEN_SYS.slc.da volume; then select PUBLIC. Select OK. A /PUBLIC entry appears in the Files and Folders list.

g. At the bottom of the dialog under the Rights heading, select the following rights:

Create File Scan Read Write Modify
h. When you nish, select OK.

5.
From the WS1 virtual workstation Novell Client dialog, deselect Workstation only; then log in with the following parameters:

Username: CKent Password: novell Tree: DA-TREE Context: users.slc.da Server: da-zen
After accessing the ZfDAgent.msi application, ZENworks Desktop Management Agent begins installing.
6.
When the installation is finished, reboot the WS1 virtual workstation by selecting Yes. When the Novell Client dialog appears, log in as CKent with a password of novell. Notice that ZENworks agent starts and an Application Explorer shortcut appears on the WS2 desktop. You have successfully distributed the ZENworks Desktop Management agent to a workstation using a Novell login script.
7.

Part III: Distribute the ZENworks for Desktops Management Agent With the Agent Distributor Utility
If you are distributing the agent to workstations inside a corporate rewall that do not have the Novell Client installed, you might want to use the Agent Distributor utility to push the agent installation out to these workstations. To distribute the ZENworks agent to the WS2 workstation using the Agent Distributor utility, do the following:
1.
On the WS2 workstation, turn off simple file sharing: In order for some ZENworks services to run properly on a workstation, you need to turn off simple le sharing. Do the following: a. b. From the WS2 workstation, open Windows Explorer. From the Windows Explorer menu bar, select Tools > Folder Options. A Folder Options dialog appears. c. Select the View tab. d. From the View tab page, scroll to the bottom of the Advanced settings list; then deselect (uncheck) Use simple le sharing (Recommended). e. f. Select OK. Close Windows Explorer.
2.
From the Host2 workstation using the Novell Client, log in as admin: a. Right-click the red N in the system bar; then select NetWare Login. The Novell Login dialog appears.

b.

Username: admin Password: novell Tree: DA-TREE Context: slc.da Server: da-zen
c.
3.
When you nish, log in by selecting OK.
From the Host2 desktop, select the ConsoleOne icon. The Novell ConsoleOne window appears.
4. 5.
Select DA-TREE. From the ConsoleOne menu bar, select Tools > ZENworks Utilities > Install Agents. A ZENworks Desktop Management - Agent Distributor Utility dialog appears.
6.
To the right of the ZENworks Desktop Management Agent ZfDAgent.msi) field, select Browse. A ZENworks Desktop Management Agent Location dialog appears.
7.
Browse to \\Da-zen\SYS\PUBLIC\zenworks\zfdagent\ english directory and select ZfDAgent.msi; then select Open. The UNC path to the agent appears in the Agent Location eld.
8.
To the right of the Remote execution command line field, select Configure Agent. A Congure ZENworks Desktop Management Agent dialog appears.
9.
At the top of the dialog, select Install (make sure Reboot is also selected). All the features of the ZENworks Desktop Management Agent are selected for installation.

1-136
Version 1
In addition, several other elds and options are available.

10. Enter the following:

Middle Tier Address: da-zen.digitalairlines.com ZENworks Tree: DA-TREE Display Novell Login Editable Middle Tier address Limit Application Launcher to one Tree Application Explorer
11. Select the following options:

12. When you finish, select OK.
You are returned to the Agent Distribution Utility dialog.

13. Below the Target Workstations - Workstation (Domain) list,
select Add. A Select IP Target Workstations dialog appears.


IP Address(es): 10.200.200.12 Username: Student Password: novell Reenter Password: novell
The WS2 IP address is added to the Workstation (Domain) list.

16. From the Host2 computer, make sure that the WS2 workstation
desktop is visible.
17. From the Agent Distributor Utility dialog on Host2, select
Deploy Agent.

Version 1
A Distributing ZENworks Desktop Management Agents to Target Workstations dialog appears.
1-137
The Agent Distributor Utility begins silently installing the ZENworks Desktop Management Agent on WS2. This can take several minutes. When the agent is installed, the WS2 workstation automatically reboots, and a Successful message appears in the Target Workstations dialog. Notice that a ZENworks Desktop Management login dialog appears on the WS2 workstation.
18. From the ZENworks Desktop Management login dialog, select
the Options button. Notice that information such as the Local username (Student) and the Middle Tier server (da-zen.digitalairlines.com) have been provided as part of the installation.
19. Log in as BWayne with a password of novell.
After a few moments, you are logged in as the BWayne eDirectory user (through the Mid Tier server) and the workstation desktop appears.
If the login fails, try logging in to Workstation only as Student with a password of novell, running the Middle Tier server tests in Internet Explorer (such as entering http://midtier.digitalairlines.com/oneNet/xtier-stats), and then logging off and logging in again as BWayne.
You have successfully distributed the ZENworks Desktop Management Agent to WS2 using the Agent Distributor utility.
20. From the Host2 computer, close the Target Workstations dialog
by selecting Close.
21. Close the Agent Distributor Utility by selecting File > Exit; then
select No.


(End of Exercise)

Summary
The following is a summary of the objectives.
Objective
1. Describe the
ZENworks 7 Suite Features
What You Learned Novell ZENworks makes it easy to deploy, manage and maintain IT resources in today's diverse IT environments. To help you understand how the ZENworks 7 Desktop Management components play a role in the overall ZENworks 7 Suite, you learned about the following suite features:

Desktop management Server management Handheld management Linux management Asset inventory Data management Instant messenger Software packaging Personality migration Patch management
2. Describe the New

Features of ZENworks 7 Desktop Management
Novell ZENworks 7 Desktop Management is one of the core components of the ZENworks 7 Suite. It uses policy-driven automation to reduce and in some cases eliminate desktop management tasks such as software distribution, software repair, desktop conguration, workstation imaging, remote management, and workstation inventory throughout the life cycle of the device.

Objective
2. Describe the New
Features of ZENworks 7 Desktop Management (continued)
What You Learned To describe the new features of ZENworks 7 Desktop Management, you need to know the following:
ZENworks 7 Desktop Management components:
Automatic Workstation Import and Removal Workstation management Application management Workstation imaging Remote management Workstation inventory Sybase Asset inventory ZENworks Asset Management Patch management Personality migration Software packaging
ZENworks 7 components:

The following briey describes whats new in Novell ZENworks 7 Desktop Management since the release of ZENworks 6.5 Desktop Management Support Pack 1:
General changes:

Support for Linux servers Support for Tablet PCs New products and updated products bundled with desktop management:
ZENworks Asset Inventory component of ZENworks 7 Asset Management Instant Messenger Identity Manager 2.02 Bundle Edition

Version 1
1-141
Objective
2. Describe the New
Features of ZENworks 7 Desktop Management (continued)
What You Learned

Novell iManager 2.5 Updated products such as ZENworks Data Management powered by Novell iFolder 2.1.5
Application management:
Support added for recognition of the fourth component of an OS version Support added for deploying the desktop management agent to workstations in a windows workgroup
Workstation imaging The Linux kernel in the imaging engine has been upgraded to version 2.6, providing a wider variety of hardware and network card support.
Workstation inventory (such as the following):
You can now set up the Oracle9i Inventory database on a UNIX server. You can now set up the Oracle10g R1 Inventory database on Windows or UNIX servers.
3. Implement
eDirectory Design Guidelines for ZENworks
An efcient eDirectory design allows ZENworks to quickly nd and access eDirectory objects, which results in better network performance, regardless of the number of objects in your tree. Because eDirectory is a cross-platform solution, the design guidelines are different for various operating systems and applications. You need to know the following when designing an eDirectory tree for ZENworks:

General eDirectory design guidelines eDirectory design guidelines for ZENworks:

Objective
3. Implement
eDirectory Design Guidelines for ZENworks (continued)
What You Learned

To use ZENworks efciently, you must be aware of design guidelines that apply to the following:

Application and application folders Group objects Workstation objects
Using a separate tree for ZENworks ZENworks 6.5 and later versions let you install ZENworks into a tree separate from your production environment. With this type of installation, you can keep the administration of the ZENworks product family independent of the production eDirectory environment.
4. Install ZENworks 7
Desktop Management Back End Services
To install the Back End services on Linux, do the following:

Perform pre-Installation tasks Determine the services you want to install Install the ZENworks 7 Desktop Management server Perform post-Installation conguration tasks Verify that the ZENworks 7 Desktop Management services are installed on your Linux server
5. Evaluate
ZENworks Desktop Management Access Methods
ZENworks 7 Desktop Management provides several access methods and login dialogs that you can use to access the management information stored in the directory and in the le system of your ZENworks server(s).

Objective
5. Evaluate
ZENworks Desktop Management Access Methods (continued)
What You Learned Before installing ZENworks 7 Desktop Management you need to understand the following:
ZENworks access methods: The following access methods are available:

Traditional client access method Web services access method (outside the rewall) Web services access method (inside the rewall)
Login dialogs Depending on your workstation conguration, one of the following basic login dialogs appears:

Novell Client login dialog ZENworks Agent login dialog Microsoft Windows Login Dialog
How to determine the access method and login dialog to use
6. Install ZENworks 7
Desktop Management Middle Tier Services
To install the ZENworks 7 Middle Tier server on Linux, you do the following:
Verify and implement pre-installation requirements Gather the information necessary for the installation Install the ZENworks Middle Tier server on Linux Congure security (optional) Verify that the Middle Tier server works properly

Objective
7. Install the
ZENworks Desktop Management Agent
What You Learned To enable management of workstations with the ZENworks Desktop Management agent, you need to do the following:

Verify that workstations meet prerequisites Determine the services you want to install Install the ZENworks Desktop Management agent Verify that the ZENworks Desktop Management agent installation works properly


ZENworks Desktop Management Policy Management
SECTION 2
In this section, you learn about policy management and how policies work, you implement a search policy, and you identify effective policies.
Objectives
1. 2. 3. 4. 5. 6.
Describe Policy Management Describe Policy Packages Describe and Configure Search Policies Describe How Policies Work Describe Effective Policies Describe Policy Package Copy and Policy Reporting

Introduction
Policy management is the process of using policies (a set of rules that dene how eDirectory objects can be congured and controlled) to manage an identity in the directory. Policies let you restrict the user from doing something, or let you distribute items such as software to workstations. You can effectively manage both user and workstation objects by knowing how policies work and how these policies are applied.

Objective 1
Describe Policy Management

To effectively manage policies, you need to know the following:

What Policies Do Benefits of Policies
What Policies Do
Policy management is the process of creating, conguring, associating, and applying a set of rules and preferences using ZENworks Desktop Management to administer workstation environments. ZENworks lets you create and administer Windows 98/2000/XP policies. Policies are stored in eDirectory and replicated throughout your tree. This replication lets you manage and control user environments at the user or workstation object level. For ease of management, the policies (or rules) are grouped into policy packages according to functional areas: container, server, service location, user, and workstation. Policies dene behavior that should be implemented on a device. Some of the policies in ZENworks Desktop Management let you
Enable the use of a custom workstation environment by creating desktop preferences. Allow users to print regardless of the printers location by establishing dynamic printer definitions. Set up events at specified times on a workstation by enabling event and action scheduling. Allow container administrators to manage server, user, and workstation configurations. Search for policies that are applied to objects in the tree.

Version 1
2-3
Set parameters for collecting hardware and software inventory information. Set parameters to remotely control a workstation.
All of the ZENworks suite products feature some kind of policy management functionality that let you manage the various types of objects in a similar fashion.
Benets of Policies
The following are benets of policies in ZENworks:
ZENworks accommodates multi-platform environments by creating a single interface that lets you apply platform-specific policies. This means you can apply policies to Windows 98/2000/XP workstations using the same interface. ZENworks provides you with an interface to configure policies that control the workstation environments of Windows users. This helps implement corporate workstation standards (such as a desktop theme or wallpaper) and prevents user-generated problems.
ZENworks uses scheduled action policies. Scheduled action policies let you specify actions you want to implement on different schedules using the same type of policy. For example, you can schedule an antivirus scan on all workstations at a specied time each day. You can also schedule a notication for users to update the project status at the end of each day.
ZENworks provides user policies that let you provide services to users on a workstation or user login basis. For example, the iPrint policy lets you specify that certain printers must be deployed based on workstation or user login.

2-4
Version 1
Another method of user control is the Dynamic Local User policy. This policy lets you provide the user with a single user name and password for eDirectory and Windows NT/2000/XP workstations.
User policies are stored in the eDirectory tree. As a result, users can use any workstation in the network and maintain their settings. Policies are applied to their workstation no matter where they are.
You can import workstations into eDirectory using ZENworks. This lets you establish workstation policies that provide functionality such as screen savers, le sharing, and printer sharing on all workstations, regardless of the person accessing the workstation.
For complete information on ZENworks policies, refer to Understanding Workstation Management on page 101 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Objective 2
Describe Policy Packages

ZENworks Desktop Management groups policies that can be applied to the same type of object into an object known as a policy package. The policy package is an object that contains the actual policies that you want to apply to users. These packages typically contain one or more policies that can be applied to objects running one of several different operating systems. Many of the policies found within a policy package are platform independent, while others can only be applied to certain platforms. ZENworks Desktop Management includes the following types of policy packages:
Server policy package. A Server policy package contains policies that are specific to ZENworks Desktop Management servers. These policies affect the services running on the server such as Inventory, Automatic Workstation Import, and Imaging.
Server policy packages are covered in detail in Section 3 Implement Server Package Policies on 3-1.
User policy package. A User policy package contains policies that are user specific. These are read and applied by the ZENworks Desktop Management agent on the workstation. The policy package lets policies be applied to all platforms or to specic platforms. This include Windows XP, Windows 2000, Windows 98 and Windows Terminal Server.

2-6
User policy packages are covered in detail in Section 5,Implement User Package Policies on 5-1.
Version 1
Workstation policy package. A Workstation policy package contains policies that are workstation specific. These are read and applied by the ZENworks Desktop Management agent on the workstation. The policy package lets policies be applied to all platforms or to specic platforms. This includes Windows XP, Windows 2000, and Windows 98.
Workstation policy packages are covered in detail in Section 6, Implement Workstation Package Policies on 6-1.
Service Location policy package. A Service Location policy package contains policies that are container specific. These policies are typically read by the ZENworks application management components to determine the location where reporting information should be sent.
Service Location policy packages are covered in detail in Section 10, Application Auditing and Reporting on 10-1.
Container policy package. Container packages store the Search Policy which is used to limit how the policy search process works.
Each of these policy packages have an Associations tab which lets you list the object(s) in the tree that the policy should be applied to. When ZENworks Desktop Management searches for policies it is these associations that determine the policy applied.

Objective 3
Describe and Congure Search Policies

The initial and most important policy that you will congure in a ZENworks environment is the ZENworks search policy. This policy controls how ZENworks attempts to locate and apply the other policies that can be used in a ZENworks environment. In a large organization, the process of determining effective policies can result in a great deal of network trafc as Desktop Management walks the eDirectory tree. While this trafc might not present a problem for smaller organizations, a large organization with many eDirectory partitions and replicas separated by WAN links will probably nd this undesirable. Even in small organizations there might be a need for certain departments or groups of objects not to apply certain policies. This can be accomplished by using search policies to modify the way the search happens. In this objective, you learn the following about how to reduce tree walking using search policies and prevent objects from nding unexpected policies:

What a Search Policy Is How to Configure a Search Policy How to Configure a Search Policy Search Order and Priority
What a Search Policy Is

Search policies are used to limit how far up the tree ZENworks Desktop Management walks while determining effective policies. They are also used to determine the types of objects ZENworks checks for associated policies.

2-8
Version 1
Search policies are housed in container packages. Container packages contain only the search policy and can only be associated with container objects. Search policies provide the following benets:

Improved security The ability to reorder a search Better search performance by limiting the search levels traversed in Novell eDirectory and by avoiding unnecessary LAN traffic
How to Congure a Search Policy

You can set up as many search policies as you need to help minimize network trafc or make policies work the way you need them to function. To congure a search policy, do the following:
1.
Create a container to store your policies packages: a. In ConsoleOne, right-click the container where you want to create a container to store your policies packages; then select New > Organizational Unit. Enter a short name for the new container; then select OK. Because you can have ZENworks Desktop Management, ZENworks Handheld Management, and ZENworks Server Management policies in the same tree, make sure you use a name that distinguishes your Desktop Management policies container, such as Desktop Policies.
b.
2.
Create a container package: a. Right-click the new container for storing your policy packages; then select New > Policy Package.

Version 1
2-9
To see a list of policies that are contained in each policy package, from the Policy Packages list on the left select the desired policy package to display the available policies on the right. b. c.
3.
Select Container Package; then select Next. Enter a short name for the package; then select Next.
d. Select Finish. In ConsoleOne, right-click the container package you want to configure a search policy for; then select Properties.

4. 5.
To the left of the search policy name, select Enabled. Display the Search Level Page by selecting Properties.

6.
From the Search for policies up to drop-down list, select one of the following levels to search up to:

[Root]. Searches from the object up to the root of the tree. Object Container. Searches up to the parent container of the server, user, or workstation object. Associated Container. Searches up to the container that the search policy is associated with. The associated container level replaces the Partition option found in earlier versions of ZENworks for Desktops. If you are upgrading from a previous version, and you have used Partition in your search policies, ensure that the container package is associated only with the partition root container.

2-12
Selected Container. Searches from the object up to a specied container. If you choose Selected Container, browse to and select the container where you want the search to stop.
Version 1
x
7.
It is important to remember that when specifying the search ceiling the location of the policy package object is irrelevant. It is the association specied in the policy package that matters. The policy must be associated to the container listed as the ceiling or in a child container of the container that is in the users context tree.
To limit searching in either direction, specify a number in the Search Level box. You can specify any number between -25 and 25.
8.
Select the Search Order tab. The following appears:
Figure 2-4
9.
Specify the policy searching order using the arrow buttons.

Version 1
11. Select the Associations tab.
2-13
12. Select Add; then browse to and select the container object you
want to associate with the search policy.

Container Associations and Searching

To make a search policy effective, you must associate it with a particular container. You can also use the search policy to specify the number of levels above or below the associated container to begin the search.

The following are some example level values: Table 2-1

Value 0 Behavior Limits the search to the container specied as the search ceiling. Limits the search to one container above the container specied as the search ceiling. Limits the search to one container below the container specied as the search ceiling. This container cannot be below the object or it will result in the object walking to the root of the tree.
-1
You can use any value between 25 and -25. Without a search policy in effect, ZENworks default behavior is to search from the parent container of the object for whom effective policies are being calculated all the way to the root of the eDirectory tree. With a search policy in place the behavior is similar to the following: Figure 2-6

The following describes the illustrated container packages:
The Reg Container Package has the effective Search Policy for users and workstation objects in the FLTOPS.SLC.DigitalAir branch of the tree. The SLC Container Package has the effective Search Policy for users and workstation objects in the IS.SLC.DigitalAir branch of the tree.
Policy associations must be somewhere between the object using the search policy and the root of the eDirectory tree.
Search Order and Priority

The default search policy gives priority to a policy package associated with a user or workstation object before packages associated to groups or containers where the object resides. The following is the default search order:

Object Group Container Root
The rst enabled policy package found takes precedence. This means that the policy package that is associated to the container closest to the object searching for policies will be used. This search order can be reordered and can be congured to include as few as one of the items in this list. For example, you could exclude group objects by setting the search order to Object > Container.

It can be useful to exclude group objects when you have situations where a user is a member of two different groups that have conicting policies associated with them. If your eDirectory tree has implemented a large number of groups, excluding groups from the search policy can also increase performance.

Exercise 2-1
Congure a Search Policy

In this exercise, you congure 2 search policies; one for the SLC container and one for the DIA container. Both search policies need to be congured so that the searching stops at the objects container level and groups are removed from the policy search order. In this exercise, you use the following Host computers and VMware virtual machines:
Figure 2-7
Do the following:
1.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin.slc.da with a password of novell. Create a container package for SLC: a. b. From your Host2 computer, start ConsoleOne. Expand DA-TREE and select Policies.slc.da. From the button bar at the top of ConsoleOne, select the Create Policy Package button.
2.

2-18
c.
Version 1
The Policy Package Wizard dialog appears. d. Select Container Package; then select Next. e. In the Policy package name eld, enter SLC Container Package; then select Next. A Summary page appears. f. Select Dene additional properties; then select Finish. A Properties of SLC Container Package dialog appears. g. Enable the Search Policy (select the check box); then select Properties. h. In the Search for policies up to drop-down list, select Object container. i. j. Make sure the Search Level is set to 0. Select the Search Order tab. A Policy search order list appears. k. From the list select Group; then select Remove. l. Save the changes by selecting OK. You are returned to the Properties of SLC Container Package dialog. m. Select the Associations tab. An Associations list appears. n. Select Add. o. From the Look in drop-down eld, select da; then select slc. p. Select OK. The slc.da container is added to the Associations list. q. Save all changes by selecting OK. You have created a Search policy for the DA container.

3.
Create a container package for DIA: a. b. From ConsoleOne, select Policies.DIA.da. From the button bar at the top of ConsoleOne, select the Create Policy Package button. The Policy Package Wizard dialog appears. c. Select Container Package; then select Next. d. In the Policy package name eld, enter DIA Container Package; then select Next. A Summary page appears. e. f. Select Dene additional properties; then select Finish. A Properties of DIA Container Package dialog appears. Enable the Search Policy (select the check box); then select Properties.
g. In the Search for policies up to drop-down list, select Object container. h. Make sure the Search Level is set to 0. i. j. Select the Search Order tab. A Policy search order list appears. From the list select Group; then select Remove. You are returned to the Properties of DIA Container Package dialog. l. Select the Associations tab. An Associations list appears. m. Select Add. n. From the Look in eld, select da; then select DIA. o. Select OK. The DIA.da container is added to the Associations list. k. Save the changes by selecting OK.

2-20
p. Save all changes by selecting OK.
Version 1
You have created a Search policy for the DIA container.

4.
Close ConsoleOne.
(End of Exercise)

Objective 4
Describe How Policies Work

To manage ZENworks Desktop Management policies effectively, you need to know the following:

The Process for Applying Policies Components Used for Implementing Policies
The Process for Applying Policies

The following describes the process that ZENworks uses to apply policies after a workstation starts but before a user authenticates: Figure 2-8
1
JCorry RWeight JCorry BJones JCorry
3 4
Heres how it works:

1.
ZENworks recognizes the workstation and finds the workstation object in the tree.
Workstation policies are applied rst because users dont need to be authenticated.
x
2. 3.
ZENworks locates a search policy that is part of the container package. This policy is used to search for policies to be applied to an eDirectory object. Using the search rules defined in the search policy, ZENworks finds all workstation policies to be applied.

2-22
Version 1
4.
ZENworks finds the schedule for each workstation policy and applies all workstation policies as scheduled.
After the workstation boots and the user logs in, the policies are applied as described below: Figure 2-9
1
RWeight JCorry BJones
3
JCorry
1.
When a user logs in, ZENworks determines the user object context. ZENworks locates the corresponding search policy. Using the search rules defined in the search policy, ZENworks finds all user policies to be applied. ZENworks finds the schedules for all user policies. ZENworks applies all user policies that are found, as scheduled.
2.
3. 4.
Components Used for Implementing Policies

The following are the components used to implement policies:

Workstation Manager Scheduler
Workstation Manager

Version 1
Workstation Manager is the agent component that enables policies to apply to workstations using eDirectory. Workstation Manager authenticates as the workstation object to the tree and processes the policies using policy helper DLLs.
2-23
Workstation Manager is installed as part of ZENworks Desktop Management agent installation. During the installation, workstation-resident modules are installed with Workstation Manager. Workstation-resident modules are agents that authenticate a user to the workstation (in Windows 2000/XP) and the network. These modules also transfer conguration information to and from the Directory. An example of a workstation-resident module is the workstation registration agent used to establish workstation objects in the eDirectory tree. Under Windows 2000/XP, Workstation Manager runs with Administrator rights that let it dynamically create and delete user accounts. Even if you are running Workstation Manager as part of the Novell client, you must install the agents to allow the workstation to process new packages.
Scheduler
The scheduler lets you view the policies that have been read by Workstation Manager and lets you set up different actions to run on a workstation. In previous versions of ZENworks, the Scheduler was displayed in the system tray on the Windows taskbar. However, because many network administrators dont want users to access the Scheduler, it is no longer displayed there. Now, the Scheduler (C:\Program Files\Novell\Zenworks \Wmsched.exe) is installed as part of workstation client installation.

You can schedule actions on a workstation or from a scheduled action policy. An action is an object that contains a list of one or more action items. An action item can be an EXE, DLL, ActiveX, or JavaScript le. If you congure the action locally then action applies only to the workstation where you run the workstation scheduler. If you use a scheduled action policy you can have the action deployed to all of your workstations. You can prioritize a particular action and action item. You can also specify the sequence of implementing different actions or action items. You can schedule actions to run randomly, at a specic time, or when a workstation event occurs. You determine the time period for each action or action item to complete. If an action cannot occur at the specied time, you can indicate whether to discontinue it, retry it every minute, or reschedule it. If the action completes, you can specify that the action not run again. From a workstation you can view and edit details or properties associated with an action if it was locally scheduled. If the action was added through a policy then it can only viewed, not modied. You can also delete an action, disable or enable an action, or run an action immediately even if it was scheduled to run at a later date or time or upon the occurrence of a given event.
x
Version 1
To view or modify the workstations environment, you must have the appropriate workstation access rights. The user must be a member of the local Administrators group to modify the workstations environment.
2-25
For complete information on workstation scheduler, refer to Workstation Scheduler on page 177 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Objective 5
Describe Effective Policies

To determine which policies are effective, you must understand the following:

How Policies Are Applied What Effective Policies Are
How Policies Are Applied

The policies inside of policy packages can be categorized into the following types:
Singular Policies. Let you have only one effective policy at one time. Most policies offered in ZENworks are singular policies. The rst policy found is brought into effect. Examples of singular policies include iPrint, Windows Desktop Preferences, and Dynamic Local User policies. Most policies in ZENworks Desktop Management fall into this category.
Plural Policies. Let you have multiple policies per policy package. Plural policies are rare. Examples of a plural policy include the wake-on-LAN and scheduled action policies. You can tell that a policy is a plural policy if you have to select the Add button in the package for it to show up.
Cumulative Policies (Windows Group Policies). Let you have multiple policies be effective when multiple policy packages are associated with the object, group, and container. However, unlike plural policies, these settings may have conicting settings. When cumulative policies have conicting settings, the policy associated closest to the object is used.

Version 1
2-27
The only cumulative policies in ZENworks Desktop Management are Windows Group Policies. These policies are cumulative with the exception of the Security Settings.
Group policies are covered in detail in Section 5, Windows Group Policy on 5-36.
Users and workstations can be directly or indirectly associated with the policy package object. In a direct association, an object is associated explicitly with the package. In an indirect association, a parent container of the object or a group the object is a member of is associated with the package object. As a result, the object inherits the association through the container. The following shows indirect and direct associations: Figure 2-10
Indirect Association Direct Association
IS
IS
Admin Larry
Admin Larry
WSAdmin WSLarry PolicyPackage
WSAdmin WSLarry PolicyPackage

Just as eDirectory rights ow down the tree, so do policy package associations: Figure 2-11
1 IS
1 1 1
DEV Admin Larry
ISUSER WSDEV WSLarry
By default, a package associated directly with an individual object takes precedence over a package associated with a group object, which takes precedence over a package associated with a container.

You can modify this behavior by changing the search order in the search policy. The following shows how the package associated with an individual object overrides the package associated with a group object: Figure 2-12
IS Nancy Members = Larry Ron
DEV Admin
Nancy Larry Ron
NancyUSER ISUSER DEVUSER
NancyUSER DEVUSER ISUSER
If no policies are enabled in the package associated explicitly with an object, the enabled policies in packages associated with group or container objects affecting the object are applied.
When a single policy in a package associated with an object is not enabled, the next enabled policy up the tree of its type is applied.

The following shows that polices applied to a group object are also applied to the individual object: Figure 2-13
DEV DEVUSER ... Admin TECHUSER Nancy User Extensible Policies NancyUSER ... = DEVUSER Novell iPrint Policy ISUSER
User Extensible Policies Novell iPrint Policy
For example, the iPrint policy is not enabled in a user package associated explicitly with a user object. However, the iPrint policy is enabled in the user package associated with the container where the user object resides. The result is that the enabled iPrint policy is effective for the user object.
The level that ZENworks searches for all applied polices is determined by the search policy. For singular policies, the workstation manager looks up the tree (from the object) until it nds a policy. The workstation manager takes the rst policy it nds.
Consider the case where policies are enabled in various policy packages and associated with container, group, and user objects. Here, the enabled policies of similar types in each package down the tree replace the enabled policy in the package up the tree.

For example, in the following gure, the enabled iPrint policy in the ISUSER package is replaced by the enabled iPrint policy in the DEVUSER package: Figure 2-14
IS ISUSER Desktop Preferences Admin Nancy Larry Ron DEV ... ... ISUSER
User Extensible Policies Novell iPrint Policy User Extensible Policies
N/A N/A Policy not enabled
?
DEVUSER Desktop Preferences DEVUSER
User Extensible Policies Novell iPrint Policy User Extensible Policies
N/A N/A Policy not enabled
DEVWS
This happens only for users who are members of the DEV user group. The DEVUSER package is associated with the DEV user group in the IS container. The ISUSER package is associated with the IS container. The iPrint policy set up in ISUSER and DEVUSER is not cumulative for the users in DEV. The rule is that policies are replaced by similar policies enabled down the tree. The exception to the rule is when multiple cumulative policies are applied. When these types of policies are enabled in a package associated with a container, a group, and individual objects, all settings are cumulatively applied down the tree.

2-32
We recommend that you do not associate policies with group objects. Problems can arise if a user is a member of 2 or more groups with conicting policies.
Version 1
In the case of a cumulative policy, 2 or more instances of the same policy can be applied to an individual object. In the following gure, the enabled computer extensible policies in the ISWS package specify that a virus scan application must run on workstations in IS at user login: Figure 2-15
IS ISWS 2k Computer Printer 2k Novell Client Configu... 2k RAS Configuration Admin Nancy Larry Ron AdminWS NancyWS LarryWS RonWS DEV DEVWS 2k Computer Printer WSDEV Enable File Sharing 2k Novell Client Configu... 2k RAS Configuration Computer Extensible Po... Remote Management P... Restrict login ... Policy not enabled. Policy not enabled. Policy not enabled. Policy not enabled. N/A N/A WSDEV ISWS Run Virus Scan Application Computer Extensible Po... Remote Management P... Restrict login ... Policy not enabled. Policy not enabled. Policy not enabled. Policy not enabled. N/A N/A
The enabled computer extensible policies in the WSDEV package enable le sharing for workstations that are members of the DEVWS group. Workstations that are members of the DEVWS group are affected by computer extensible policies in both ISWS and WSDEV packages.

Version 1
Other workstations in the IS container are only affected by computer extensible policies in the ISWS package.
2-33
After you enable policies and associate packages with eDirectory objects, you sometimes need to disable those policies to meet changing requirements. You might also need to disable policies to correct a problem faced by users or workstations. You must understand how workstations apply system policy states so you can troubleshoot problems related to enabled policies.
What Effective Policies Are

Effective policies are the sum of all enabled policies in all policy packages associated directly or indirectly with an object. Just as the effective rights in eDirectory ow down the tree, policy package associations ow down the tree, unless there is an explicit association of an object with a policy package. When the system calculates the effective policies for an object, it starts with all policy packages assigned with that object. It then scans the tree for associations made with the user, the user group, the user container, the workstation, the workstation group, and the workstation container.

Exercise 2-2
Determine Effective Policies

Use the following eDirectory tree to determine the effect of policies enabled inside various policy package objects.
Figure 2-16
Digitalair
Syd
Search_Policy Syd_User Syd_WS Marketing_User Custsvc_User CUSTSVC MARKETING Admin_User Admin SARA VWILLIAM LABSO LAB_WS AdminWSXP LABWS2K01 LABWS2K02 SaraWSXP VWilliamWS98

Version 1
The gure shows the relationship between a package and the associated eDirectory object by using a dotted line arrow.
2-35
Following are the names of the policy package objects and how they are congured:
Search_Policy. This is a container policy package object associated with the SYD.DIGITALAIR container. The search policy within the package is enabled and is set to allow for the searching of policies up to SYD.DIGITALAIR and no higher. Syd_User. This is a user policy package associated with SYD.DIGITALAIR. This package implements policies for Windows users that do the following:

Set Cologo01.bmp as the wallpaper Hide Network Neighborhood Remove the Run command from the Start menu Remove the Shutdown command from the Start menu
Syd_WS. This workstation policy package is associated with SYD.DIGITALAIR. For Windows 2000/XP workstations, this package implements policies that do the following:

Disable le sharing Run Scandisk.exe when users log in
Marketing_User. This user policy package is associated with the MARKETING user group object. This package implements policies for Windows users that do the following:

Remove the Run command from the Start menu Set Cologo02.bmp as wallpaper
Custsvc_User. This user policy package is associated with the CUSTSVC user group object. This package implements policies for Windows users to enable the remote management policy and require the user to give permission for remote sessions.

2-36
LAB_WS. This workstation policy package is associated with the LABSO workstation group.
Version 1
For Windows 2000/XP workstations, this package implements a policy to display a login banner that warns that a security camera is active.
Admin_User. This user policy package is associated with the Admin user object. This package implements policies for Windows users that do the following:

Set Cologo02.bmp as wallpaper Not save settings when exiting
Scenario 1
User Admin logs in to the network from her Windows XP workstation. Admin is not a member of a user group, nor is Admins workstation a member of a workstation group. Identify the effects of user or workstation packages that affect Admin: Table 2-2
Name of Package Effect of Policy

Scenario 2
VWilliam uses his own Windows 98 workstation to log in to the network. VWilliam is a member of the Marketing user group. Identify the effects of user or workstation packages that affect VWilliam: Table 2-3

Scenario 3
Sara logs in to the network using a Windows XP workstation that is a member of the LAB_SO workstation group. Sara is also a member of the Custsvc user group. Identify the effects of user or workstation packages that affect Sara: Table 2-4
(End of Exercise)

Objective 6
Describe Policy Package Copy and Policy Reporting

The following features help you manage your ZENworks policies:

Policy Package Copy Policy Reports
Policy Package Copy

Novell ZENworks Desktop Management provides a utility to help you copy policy packages from one directory container to another. You can run the Copy Policy Packages utility by doing one of the following:

Use the ConsoleOne Copy Policy Packages Utility Use the Windows Copy Policy Packages Utility
Use the ConsoleOne Copy Policy Packages Utility
The Copy Policy Packages utility can be run through a ConsoleOne snap-in (zencopypol.jar and zencopypolreg.jar les). To run the Copy Policy Packages utility from ConsoleOne, do the following:
1.
From ConsoleOne, select Tools > ZENworks Utilities > Copy Policy Packages. Browse to and select a policy package or container that contains policy packages. Browse to and select a container where you want to copy this policy package.
2.
3.

4.
Add the container to the Selected Container list by selecting Add.

To copy the policy package or container to multiple containers, repeat Step 3 and Step 4.
x
5.
Select OK.
Use the Windows Copy Policy Packages Utility
The Windows-based Copy Policy Packages utility is found in the windows_drive\sys\public\mgmt\consoleone\1.2\bin directory. To run the Copy Policy Packages utility from Windows, do the following:
1. 2.
Double-click copypol.exe. Enter the name of a policy package or container that contains policy packages that you want to copy from one Novell eDirectory container to another. Enter a container name. Add the container name to the Selected Container list by selecting Add.
To copy the policy package or container to multiple containers, repeat Step 3 and Step 4.
3. 4.
x
5.
Select OK.
You can also run the Windows-based Copy Policy Packages utility from the Windows command line.

From the command line, you can copy a policy package from one container to another or you can copy all of the policy packages from one container to another container. To copy a policy package from one container to another, use the following syntax: copypol policy_package_DN /d destination_container To copy all of the policy packages from one container to a different container, use the following syntax: copypol container_DN /d destination_container You can use the following command line switches: Table 2-5
Switch /d Description Species the destination container where the policy packages will be copied to.
/h /r
Runs the Copy Policy Packages utility in hidden mode. Replaces the policy package in the destination container if a policy package with the same name already exists in that container. Species the tree to copy the policy packages to. Lets you view a log le to verify the results of the copy process.
/t /v

Policy Reports
Novell ZENworks Desktop Management provides two predened reports through ConsoleOne for effective policies and policy package associations:

Effective Policies Report Package Associations Report
You can run either report based on a selected container, and you can include its subcontainers. Report results are automatically displayed in Notepad and are saved as text les in the \temp directory of the workstation where you are running ConsoleOne.
Effective Policies Report
The Effective Policies report shows which policies are currently in effect for the listed objects. It provides the following information:

Version Tree Container Object DN Platform Effective Policy DN
To run a report on the effective policies, do the following:

1.
From ConsoleOne, select Tools > ZENworks Utilities > Report Policies and Packages. In the Report From field, browse to and select a context for the report.
2.

Version 1
2-43
3.
To include all subcontainers in that context, select Include Subcontainers. Select Effective Policies Report, then select OK.
4.
The report results are displayed in Notepad and are automatically saved to \temp\effectivepolicies.txt on the users workstation.
Package Associations Report
The Package Associations report shows which policy packages are associated with the listed containers, subcontainers, and objects. It provides the following information:

Tree Container Package DN Association
To run a report on policy package associations, do the following:

1.
From ConsoleOne, select Tools > ZENworks Utilities > Report Policies and Packages. In the Report From field, browse to and select a context for the report. To include all subcontainers in that context, select Include Subcontainers. Select Package Association Report, then select OK.
2.
3.
4.
The report results are displayed in Notepad and are automatically saved to \temp\packageassociations.txt on the users workstation.

Summary
Objective
1. Describe Policy
Management
What You Learned To effectively manage policies, you need to know the following:
What policies do: Policy management is the process of creating, conguring, associating, and applying a set of rules and preferences using ZENworks Desktop Management to administer workstation environments. Some of the policies in ZENworks Desktop Management let you
Enable the use of a custom workstation environment by creating desktop preferences. Allow users to print regardless of the printers location by establishing dynamic printer denitions. Set up events at specied times on a workstation by enabling event and action scheduling. You can apply policies to Windows 98/2000/XP workstations using the same interface. You can congure policies that control the workstation environments of Windows users. You can congure scheduled action policies. You can congure user policies. You can import workstations into eDirectory using ZENworks.
Benets of policies:

Version 1
2-45
Objective
2. Describe Policy
Packages
What You Learned ZENworks Desktop Management includes the following types of policy packages:

Server policy package User policy package Workstation policy package Service Location policy package Container policy package
3. Describe and
Congure Search Policies
In this objective, you learned how to reduce tree walking using search policies and prevent objects from nding unexpected policies by learning about the following:

What search policies are Container associations and searching Search order and priority How to congure a search policy
4. Describe How
Policies Work
To manage ZENworks Desktop Management policies effectively, you need to know the following:

The process for applying policies Components used for implementing policies: The following are the components used to implement policies:

Workstation Manager Scheduler

Objective
5. Describe Effective
Policies
What You Learned To determine which policies are effective, you must understand the following:
How policies are applied: The policies inside of policy packages can be categorized into the following types:

Singular policies Plural policies Cumulative policies
What effective policies are Effective policies are the sum of all enabled policies in all policy packages associated directly or indirectly with an object.
6. Describe Policy
Package Copy and Policy Reporting
The following policy features help you manage your ZENworks 7 policies:
Policy Package Copy This utility can be run from ConsoleOne or Windows, and provides a utility to help you copy policy packages from one directory container to another.
Policy Reports Novell ZENworks Desktop Management provides two predened reports through ConsoleOne for effective policies and policy package associations:

Effective Policies report Package Associations report

Exercise Answers
Following are the exercise answers.
Exercise 2-2. Determine Effective Policies

Scenario 1 Name of Package Syd_WS Syd_WS Syd_User Syd_User Effect of Policy File sharing is disabled Scandisk.exe is run. Network Neighborhood is hidden. The RUN command is removed from the Start menu. The SHUTDOWN command is removed from the Start menu. Cologo02.bmp appears as the wallpaper. Settings are not saved on exit.
Syd_User
Admin_User Admin_User
Scenario 2 Name of Package Marketing_User Marketing_User Effect of Policy Cologo02.bmp appears as the wallpaper. The RUN command is removed from the Start Menu. Network Neighborhood is hidden. The SHUTDOWN command is removed from the Start menu.
Syd_User
VIEW ONLY Syd_User NO PRINTING ALLOWED

2-48
Version 1
Name of Package Syd_WS Syd_WS
Effect of Policy Scandisk.exe is run. File sharing is disabled.
Scenario 3 Name of Package LAB_WS Effect of Policy A banner stating that a security camera is active appears. Remote Management is enabled with users permission. The RUN command is removed from the Start Menu. The SHUTDOWN command is removed from the Start Menu. Network Neighborhood is hidden. Cologo01.bmp appears as the wallpaper. Scandisk.exe is run. File sharing is disabled.
Custsvc_User
Syd_User
Syd_User
Syd_User Syd_User Syd_WS Syd_WS


Implement Server Package Policies
SECTION 3
In this section, you learn about the purpose of Server package polices and learn how to deploy a Server package.
Objectives
1. 2. 3.
Create and Associate a Server Package Describe the Purpose of Each Server Package Policy Plan Server Package Deployment

Introduction
A server package is an eDirectory object that contains a collection of policies. These policies let you perform hands-off management of server and client processes. Server package policies help manage server functions such as imaging workstations, collecting inventory information, and automatically importing and removing workstations from eDirectory. To implement server package policies, you associate the server package with servers, server groups, or container objects and congure the policies contained in the server package.

Objective 1
Create and Associate a Server Package

To implement a server package, you do the following:

Create a Server Package Associate the Server Package
Create a Server Package

To create a server package, do the following:
1. 2.
Start ConsoleOne. Browse to the container where you want to create a server package. Right-click the container and select New > Policy Package. The Policy Package Wizard dialog appears:
3.
Figure 3-1

This dialog lets you choose the type of policy package to be created. The left pane of the Policy Package Wizard dialog displays policy packages. The right pane displays policies in the selected policy package.
4.
In the left pane, select Server Package. A list of policies in the server package appears in the Policies box:
Figure 3-2
The Policies box simply provides information that lets you see what type of policies are available in the selected package type. All listed policies are installed with the package. After the package is installed, you can use Properties dialog to enable and congure selected policies.
5.
Continue creating the server package by selecting Next.

The next page of the Policy Package Wizard appears: Figure 3-3
This page lets you enter a name for the server package and specify the container for the server package.
6.
In the Policy Package Name field, enter a server package name. Because you can have multiple copies of the same package type, we recommend that you assign a unique and descriptive name for the policy packages you create.
7.
Continue creating the server policy package by selecting Next. The Summary page appears.
8.
To complete the process of creating the server package, select Finish.

Associate the Server Package

To associate the server package, do the following:
1.
Right-click the server package and select Properties. The Properties dialog for the server package appears:
Figure 3-4
The Properties dialog lists the server package policies. From this dialog you can congure server package policies by enabling the policies and setting the properties for each policy. The Policies dialog contains the following tabbed pages:
General (default). Use this page to congure policies that can be applied to any server you associate the server package with. The policies congured on this page apply to all platforms. You can congure the same policy on a specic platform page. The policy congured on a specic platform page overrides policies congured on the General page.

3-6
Version 1
Following are the options you can use to congure server package policies: Table 3-1
Option Properties Effect Use to modify the properties of a policy. The policy must be enabled before you can modify it. Use to reset a policys properties to default values. Use to add a plural policy associated with the server package. Use to remove a plural policy you added to the server package. Use to modify a package schedule.
Reset
Add
Remove
Edit
Windows. Use to congure policies that can be applied to any Windows NT/2000 server that you associate the server package with. NetWare. Use to congure policies that can be applied to any NetWare server that you associate the server package with.
2. 3.
Select the Associations tab. Specify the server or container object by selecting Add. The Select Objects dialog appears.
4.
Select the server or container object that the policy package needs to be associated with and select OK.

After a policy package is associated with the server or container object, all enabled policies included in the package are applied. If the package is associated with a container object, such as a country, locality, organization, or organizational unit, the policies are applied to all objects in the container that are valid types for the package. If the package is associated with a server object, the policies are applied to all objects in the server that are valid types for the package.
5.
Close the Properties dialog by selecting OK.

Objective 2
Describe the Purpose of Each Server Package Policy

You can enable and congure the following policies in a Server package:

Dictionary Update Policy Imaging Server Policy Workstation Import Policy Workstation Removal Policy Inventory Roll-Up Policy ZENworks Database Policy Wake-On-LAN Policy
Dictionary Update Policy

The Dictionary Update policy lets you congure your inventory servers to retrieve their software dictionary from another ZENworks inventory server. You can specify the server, the proxy server, and the schedule for updating the policy. The software dictionary and this policy are discussed in greater detail in Section 15, Congure the Dictionary Update Policy on 15-45.
Imaging Server Policy

The Imaging Server policy controls the behavior of the ZENworks imaging server. This includes controlling where images can be written and whether images can be overwritten.

Version 1
3-9
The Imaging Server policy is found in Server and Workstation policy packages. You use the Imaging Server policy in a Server policy package when workstations are not imported.
The imaging server policy is discussed in greater detail in Section 13, Image Workstations with ZENworks 7 on 13-1.
Workstation Import Policy

The Workstation Import policy controls how workstations that register with the Automatic Workstation Import server are created in the eDirectory tree. The conguration information includes the workstation object name, where it is created, and the limits on the workstation import process.
The Workstation Import policy is discussed in greater detail in Section 4, Automatically Import and Remove Workstations on 4-1.
Workstation Removal Policy

The Workstation Removal policy controls the behavior of the workstation removal service. This service lets you automate the deletion of workstation objects that are not active for more than a specied number of days.
b
3-10
The conguration of this policy is discussed in greater detail in Section 4, Automatically Import and Remove Workstations on 4-1.
Version 1
Inventory Roll-Up Policy

You use the Inventory Roll-Up policy to congure the inventory hierarchy links. This policy controls where an inventory server rolls up its inventory scan information. The Inventory Roll-Up Policy is discussed in greater detail in Section 15, Congure the Roll-Up Policy on 15-39.
ZENworks Database Policy

You use the ZENworks Database policy to congure the location where the ZENworks inventory server should store its data. The ZENworks database policy also exists in a Service Location package.
The properties of the ZENworks Database policy are discussed in greater detail in Section 10, Database Location Policy on 10-8.
Wake-On-LAN Policy
You use the Wake-On-LAN policy to congure the scheduled Wake-on-LAN behavior. This policy controls which workstations need to be awakened and when.
b
Version 1
The properties of this policy are discussed in greater detail in Section 14, How to Congure a Scheduled Remote Wake Up Using the Wake-on-LAN Policy on 14-38.
3-11
Objective 3
Plan Server Package Deployment

Before you implement any server package policies, you must determine how to deploy the policies in your environment. To plan server package deployment, do the following:

Identify Possible Solutions to Meet Environment Needs Identify the Effect of the Policy on Associated Objects
Identify Possible Solutions to Meet Environment Needs

Before using ZENworks to meet your needs, you must identify environmental factors that affect how your users function. Factors include the political, economic, competitive, regulatory, and cultural factors in the organization, and the hardware and software used by employees in the organization. Different organizations operate in different environments. For example, the Digital Airlines environment can be classied as having IBM machines, Dell machines, Windows 2000/XP, NetWare 6, ZENworks Desktop Management, and MS Ofce applications. The environment for Digital Airlines also includes installing or upgrading the operating system, collecting inventory information, tracking active workstations, and distributing patches at off-peak hours. Digital Airlines can use server package policies within ZENworks to meet these needs. The following are situations where you can use server package policies:

3-12
Install the OS. Digital Airlines has purchased 50 Dell machines and 50 IBM machines. It plans to deploy Windows XP on both the Dell machines and IBM machines.
Version 1
As a network administrator of Digital Airlines, you need to install the operating system on the machines. To do this, you can create one Windows XP image, and then deploy the image on the Dell machines and IBM machines using an Imaging Server policy.
Collect inventory information. As a network administrator of Digital Airlines, you need to maintain accurate inventory information. You need to record the number and type of hardware and software being used within the organization. In this situation, use the Workstation Removal policy and the Inventory Roll-Up policy. The Workstation Removal policy ensures that workstation objects not being used are removed from eDirectory. The Inventory Roll-Up policy lets you track hardware and software used at Digital Airlines.
Identify the Effect of the Policy on Associated Objects

The effect of the policy on objects varies based on the level at which a policy is implemented. Policy package associations ow down the tree in eDirectory. A given object will apply all of the policies in any of the packages that are effective. However, in most cases, if the same type of policy is congured in each more than one package, then the one closest to the user, workstation, or server is the only one in effect. In the Digital Airlines environment, two server packages have been congured, both with a Workstation Removal policy enabled.

Because the policy inside each package is the same, the following shows the effective policy for CS and MKT: Figure 3-6
The Workstation Removal policy applied at the lower level overrides the Workstation Removal policy applied at a higher level. For example, Digital Airlines has purchased machines for the Salt Lake City ofce. These machines must be imported into eDirectory using Automatic Workstation Import (AWI).
b
3-14
For details on Automatic Workstation Import (AWI), see Section 4, Describe Automatic Workstation Import (AWI) on 4-3.
Version 1
The old workstations must be removed from eDirectory. You can remove the workstations from all other departments in Salt Lake City except IS within 10 days. The users can make backups of their data within this time period. The old workstations in the Salt Lake City IS department must be removed within 20 days because of the annual audit. To remove the workstations in Salt Lake City, you create a Server package (SRVSLC10) and congure the Workstation Removal policy for 10 days. You then associate SRVSLC10 with the SLC container. To avoid removing IS workstations, you create another Server package (SRVIS20) and congure the Workstation Removal policy for 20 days. You also need to associate SRVIS20 with the IS container in SLC. This ensures that specied workstations are removed in 20 days.

As a result, the Server package SRVIS20 at the lower-level in the tree overrides Server package SRVSLC10 at the higher level, as shown in the following: Figure 3-7

Exercise 3-1
Congure a Server Policy Package

In this exercise, you congure a server policy package for the DA-ZEN server. You then enable the policies as you need them throughout the rest of the exercises in the course. You use the following Host computers and VMware virtual machines:
Figure 3-8
Do the following:
1.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin.slc.da with a password of novell. From your Host2 computer desktop, start ConsoleOne. Expand the DA-TREE; then select Policies.slc.da. From the menu bar at the top of ConsoleOne, select the Create Policy Package button. The Policy Package Wizard dialog appears.
2. 3. 4.

Version 1
Select Server Package; then select Next.
3-17
6.
In the Policy package name field, enter DA-ZEN Server Package; then select Next. A Summary page appears.
7.
Select Define Additional Properties; then select Finish. A Properties of DA-ZEN Server Package dialog appears. Notice that none of the policies in the server package are currently enabled.
8.
Select the Associations tab. An empty Associations list appears.
9.
Select Add. DA-ZEN server object.
10. From the Look in drop-down list, select slc; then select the 11. Select OK. 12. (Conditional) If a message appears indicating that an associated
policy package of this type already exists, replace the package by selecting Yes. You are returned to the Properties of DA-ZEN Server Package dialog.
13. Save all changes by selecting OK.
You have created a server policy package for the DA-ZEN server.
(End of Exercise)

Summary
Objective
1. Create and Associate a Server Package
What You Learned To implement a Server package, you do the following:

Create a Server package Associate the Server package
2. Describe the Purpose of Each Server Package Policy
In this objective, you learned the purpose of the following policies available in a Server package:

Dictionary Update policy Imaging Server policy Workstation Import policy Workstation Removal policy Inventory Roll-Up policy ZENworks Database policy Wake-On-LAN policy
Each policy is used to congure a different service on the ZENworks backend server.

Objective
3. Plan Server Package Deployment
What You Learned Before you implement any Server package policies, you must determine how to deploy the policies in your environment. To plan server package deployment, you do the following:
Identify possible solutions to meet environment needs Before using ZENworks to meet your needs, you must identify environmental factors that affect how your users function. Factors include the political, economic, competitive, regulatory, and cultural factors in the organization, and the hardware and software used by employees in the organization.
Identify the effect of the policy on associated objects The effect of the policy on objects varies based on the level at which a policy is implemented. Policy associations ow down the tree in eDirectory. A given object will apply all of the policies in any of the packages that are effective.

Automatically Import and Remove Workstations
SECTION 4
In this section, you learn how to import a workstation into
eDirectory and how to remove a workstation object from eDirectory.
Objectives
1. 2. 3. 4.
Describe Automatic Workstation Import (AWI) Implement Automatic Workstation Import (AWI) Describe Automatic Workstation Removal (AWR) Implement Automatic Workstation Removal (AWR)

Introduction
Automatic Workstation Import (AWI) creates eDirectory objects in your tree representing each workstation attached to your network. AWI includes the Automatic Workstation Removal (AWR) service and provides management of the entire lifecycle of a workstation, from the creation of its object to its removal. A workstation object gives you more control over workstations. You can associate policies with the workstation objects and apply various levels of security to them. In this section, you learn about AWI and how it works. You also learn how to import workstations automatically into eDirectory.

Objective 1
Describe Automatic Workstation Import (AWI)

Automatic Workstation Import (AWI) provides simplied, hands-off management of workstations. When a workstation is imported, a corresponding workstation object is created in eDirectory. In most cases, introducing these objects doubles the number of objects in the tree. As a result, if users have their own workstations, you might have to manage both the user objects and their workstation objects. With the increase in the number of objects, the effort to manage the objects also increases. You can overcome this challenge by implementing the eDirectory design guidelines discussed in Chapter 1, Implement eDirectory Design Guidelines for ZENworks on 1-18. Another challenge is to make sure workstations import properly. At times, a workstation might not import properly because of incorrect conguration on the workstation or a nonexistent Registry key. To describer AWI, you need to know the following:

AWI Terminology How AWI Works

AWI Terminology
AWI uses the following terms:

Import Server AWI Service Workstation Import Policy Workstation Registration
Import Server
An import server is the server where you installed ZENworks Desktop Management. To congure an import server, you select the Import option during installation.
AWI Service
The AWI service creates and registers a workstation object in eDirectory and is used in the following situations:
When the Workstation Manager service doesnt have a specified workstation object name. This is normally the first time the workstation is registered. AWI initially creates a workstation object in the tree, populates the object with default values, and updates the properties of the workstation object with the current registration information.
When the Workstation Manager service has a workstation object name but the object has been moved or renamed. A registration program (Zwsreg.exe) on the workstation calls the import service to synchronize the workstation with its workstation object. You execute this program manually from a workstation. Workstation Manager calls Zenwsreg.dll to nd and import a workstation.

4-4
Version 1
Workstation Import Policy
You use the Workstation Import policy in the Server package to congure rules that automatically import physical workstations (represented as objects) to eDirectory. Only Windows workstations can be imported into eDirectory. You can use the Workstation Import policy to set parameters to determine where the workstation object is created and how it is named.
Workstation Registration
A workstation is registered after it is imported as an object in eDirectory. The workstation must register each time it logs in to or out of the tree. Workstation registration is performed by a registration program that updates the workstations registration time, network address, name of the preferred server, and information about the user who logged in from the workstation. The registration program updates the workstation object when one of the following occurs:

When Workstation Manager starts When a user logs in to the tree When a user logs out When the workstation shuts down

How AWI Works

The following shows how ZENworks imports workstation objects into eDirectory: Figure 4-1
EMA-TREE DNS Server
2
ZENWSIMPORT 192.168.1.10
5
NYC
4
CORP Import Server
Admin
KHerd
3
KHerd
1
Server Package
6
Workstation Object
Heres how it works:

1.
The administrator configures and enables the Workstation Import policy in the Server package. The administrator does one of the following to resolve the hostname ZENWSIMPORT to the IP address of the import server:

2.
Creates an A record in DNS Creates a Hosts le entry Distributes Registry keys with an application object

4-6
Version 1
3.
The Workstation Manager service starts on the workstation and searches for the import server running AWI. When the workstation is outside the rewall, the workstation uses the Desktop Management agent to access the Middle Tier server. The Middle Tier server then acts as a proxy to pass the request to AWI. When a user logs in from a workstation inside a rewall, the workstation uses Workstation Manager to access the import service by resolving the host name ZENWSIMPORT to the import server.
4.
The workstation information is directed by DNS to the import server. AWI running on the import server creates the workstation object, if no user information was required, and adds all the required attributes. If the workstation was not created at boot up, when the user logs in to eDirectory from a workstation the same process happens. However, this time the user login information is included in the request.
5.
6.

Objective 2
Implement Automatic Workstation Import (AWI)

To implement Automatic Workstation Import (AWI), you need to do the following:

Verify that AWI is Working Configure the AWI Policy Enable Workstations to Find the Import Server Configure AWI Logging Register Workstations
Verify that AWI is Working

The rst task in implementing AWI is to make sure the AWI service is running. Without this service, you cant create workstation objects. To verify that AWI is working on a NetWare server, do the following:
1.
From the server console, enter JAVA -SHOW. If the service is running, you see this statement:
com.novell.application.zenworks.autowsmanagement. wsimport
If you do not see the statement, you need to reinstall ZENworks with the Import/Removal option selected (as mentioned earlier).
2.
Start the automatic import and removal logging service by doing the following: a. b. Using a text editor, open Sys:\System\Zenwsimp.ncf. Locate the -Dloglelevel parameter and change the value to 3 (default: 1).

4-8
Version 1
This allows real-time logging to a new screen for tracing workstation import. c. Save the NCF le. d. Restart ZENworks on the server at the server console by entering zfdstop and then zfdstart. The new screen used by the logging service appears blank until import activities occur. To verify that AWI is working on a Linux server, do the following:
1.
From the desktop, open a terminal window; then switch to the root user by entering su - and the root password. or From the desktop, switch to a virtual console by pressing Ctrl+Alt+F3; then enter root and the root password. After you verify that AWI is working, you can switch back to the desktop by pressing Ctrl+Alt+F7.
2.
From the shell prompt, change to the /etc/init.d directory by entering cd /etc/init.d. Check to see if the AWI service is running by entering the following: ./novell-zdm-awsi status (dont forget the leading period) If the service is running, you see a message similar to the following:
Novell ZENworks Autoworkstation Import daemon (pid 3995) is running Novell ZENworks Autoworkstation Removal daemon (pid 4040) is running
3.
If you do not see the statement, you need to reinstall ZENworks with the Import/Removal option selected (as mentioned earlier).

4.
(Conditional) If the AWI service is not running, you can do one of the following:
Try stopping and starting ZENworks Desktop Management by entering the following 2 commands: /opt/novell/zenworks/bin/ZDMstop /opt/novell/zenworks/bin/ZDMstart or
Try stopping and starting Automatic Workstation Import by entering the following command: /etc/init-d/novell-zdm-awsi restart
5.
When you finish, close the terminal window or return to the desktop from the virtual console by pressing Ctrl+Alt+F7.
Congure the AWI Policy

To enable and congure an AWI policy, do the following:
1.
From ConsoleOne, right-click your server package; then select Properties. Enable the Workstation Import Policy. Select Properties. The Properties page appears.
2. 3.
4.
Configure the policy using the following options:
Containers. Use the Containers tab page to specify the containers where rights are needed for creating workstation objects. Platforms. Use the Platforms tab page to congure settings for each platform (Windows 9x, Windows NT/2000, or Windows XP) you want to import into your eDirectory tree. You can also congure the location where you want the workstation object to be created and the naming standard for the workstation object.

4-10
Version 1
The Platforms page includes the following tabs:
Location. Use to specify where workstation objects will be created. The following shows the options listed in the Location tab on the Platforms page:
Figure 4-2
You can congure the following options on the Location tab: Table 4-1
Option Allow importing of workstations Effect Use to allow registered workstations to be imported.

(continued)
Table 4-1
Option Create workstation objects in
Effect Use to specify the container you want to create workstation objects in. You can create a workstation object in any of the following:
Selected container. The workstation object is created in the container specied in the Path eld. Server container. The workstation object is created in the same container as the server running the import service. User container. The workstation object is created in the container where the user object resides. Selecting this creates the workstation object in the user container when the user logs in.
Associated objects container. The workstation object is created in the container associated with the AWI policy.

(continued)
Table 4-1
Option Path
Effect You can enter a relative path in the Path eld only if you dont choose the Selected Container option in the Create workstation objects in eld. The Path eld species a relative path from a container. Each period at the end of the path indicates moving up by one level in eDirectory to create workstation objects. Consider the following examples:
IS.. (2 trailing periods). Creates the workstation object 2 levels above the selection in the Create workstation objects in eld. IS (no trailing periods). Creates the workstation object at the same level as the container selected in the Create workstation objects in eld.
Enable platform settings to override general settings
Select this option to override general settings with settings from Windows 9x, Windows NT/2000, or Windows XP pages.

Naming. Use this tab to determine how workstations associated with this policy are recognized and named. The following shows the Naming tab on the Platforms page:
Figure 4-3
In the Workstation Name eld, you see the workstation naming convention. You dene the convention in the Add name eld and place them in the order list. If there is a possibility of conict in naming, the system appends a 3-digit number to the end of the name that is entered. Workstation objects are named in the same order as the options displayed in the list. You need at least one option for a name. By default, Computer and MAC Address are specied in the list.

You can add the following options to a workstation name: Table 4-2
Option Explanation
<User Dened> You can specify values that are specic to your environment. For example, you might want workstation objects to have a common prex followed by the other name options. You can position this value anywhere in the naming convention by selecting the Up or Down button. Computer The name given to the Windows workstation during installation. The container where the user object resides. The type of processor used in the workstation (for example, a 386, a 486, or a Pentium). The DNS name that is logically related to the IP address. The workstations IP address. The workstations MAC address. The workstations operating system (Windows 95/98, Windows XP, or Windows NT/2000). The workstations preferred server or middle tier. The name of the user who logged in. When included as part of the naming convention of a workstation object, this option requires a user to log in for a successful workstation import.
Container
CPU
DNS
IP Address MAC Address OS
Server
User

Version 1
4-15
Groups. Use to manage a group of workstations by using policies that have common administrative needs. The following shows the Groups tab on the Platforms page:
Figure 4-4
For example, suppose the Customer Service department of Digital Airlines handles queries from clients. The employees of this department perform the same set of tasks using commonly used hardware and software. This means that they have common administrative needs. The best way you can manage these workstations is by having common policies and grouping of workstations. You can select Add to browse and select a workstation group object. To remove a workstation group object from the list, select the object and then select Remove.

4-16
Version 1
Clear a list of workstation group objects by selecting Remove All.
Limits. Use to set limits for automatically importing workstations. The following shows the Limits page:
Figure 4-5
You can specify the following to balance the workload on the server:
To set the number of times a user logs in before importing workstation objects into eDirectory, specify a number in the User Login Number field. You can specify a number between 1 and 250. To restrict the number of workstations imported into eDirectory, enable Limit number of workstations imported.

To set a limit for the number of workstation objects to be created per hour, specify a number in the Workstations Created Per Hour field. You can specify a value between 1 and 99,999.
5. 6.
Select OK. Close the Server Package properties page by selecting OK.
After you create the AWI policy, you associate the policy with the import server object or the container where it resides. This is a prerequisite for the workstation object to be created using the options specied in the policy.
Enable Workstations to Find the Import Server

To import a workstation automatically, the Workstation Manager component must be able to access the import server running the AWI service. To enable workstations to locate the import server, use one of the following methods:

Configure DNS Resolution Add an Entry to the Hosts File Configure Registry Keys
Congure DNS Resolution
Creating a DNS entry enables a workstation to locate the import server using the host name and access the AWI service running on it.

You can create a DNS entry by specifying an A record called ZENWSIMPORT that resolves to the import servers IP address by doing the following:

Create a ZENWSIMPORT Record for NetWare Create a ZENWSIMPORT Record for Linux
Create a ZENWSIMPORT Record for NetWare
To create a ZENWSIMPORT record for ZENworks Desktop Management running on a NetWare server, do the following:
1.
From a browser, access iManager by entering the following URL: https://server_DNS_name/nps/iManager
2.
From the iManager login page, authenticate to eDirectory as the Admin user. In the left frame, expand DNS. Configure the DNS/DHCP scope: a. b. c. In the left frame, expand DHCP. In the left frame, select DNS/DHCP Scope Settings. In the Context of DNS/DHCP Locator Object eld, browse to and select the container where your locator objects reside.
3. 4.
d. In the Administrative Scope eld, browse to and select the container where your locator objects reside. e. f.
5.
Select OK. When prompted that the request succeeded, select OK. Under the DNS role, select Resource Record Management. In the drop-down list, select Create Resource Record; then select OK.
Create the A record: a.

Version 1
b.
4-19
c.
In the Select Domain Name drop-down list, select the domain where you want to add the resource record; then select Create. In the Enter IP Address elds, enter the IP address of your import server; then select Create. When prompted that the request was successful, select OK > Done.
d. In the Owner Name eld, enter ZENWSIMPORT. e. f.
A ZENWSIMPORT A record that points to the import server is created in DNS.

Create a ZENWSIMPORT Record for Linux
To create a ZENWSIMPORT record for ZENworks Desktop Management running on a Linux server, do the following:
1.
From the Linux desktop, select the YaST icon. A Run as root dialog appears.
2.
Enter the root user password; then select OK. The YaST Control Center appears.
3.
From the left, select Network Services; from the right, select DNS Server. After a few moments, the DNS Server Conguration dialog appears.
4.
From the left, select DNS Zones. A DNS Server - DNS Zone page appears on the right.
5.
Select the zone you want to add the A record to (such as digitalairlines.com); then select Edit Zone. A Zone Editor page appears.
VIEW ONLY 6. NO PRINTING 7. ALLOWED

4-20
From the Zone Editor page, select the Records tab. In the Record Key field, enter ZENWSIMPORT.
Version 1
8.
From the Type drop-down list, select A - Domain Name Translation. In the Value field, enter the IP address of the ZENworks server.
9.
10. When you finish, select Add.
The record is added to the Congured Resource Records list.

11. Save the changes by selecting OK; then select Finish.
A ZENWSIMPORT A record that points to the import server is created in DNS, and the DNS server is restarted.
12. Close the YaST Control Center.
Add an Entry to the Hosts File
If you dont have a DNS server, you can still congure workstations to resolve the ZENWSIMPORT hostname to the IP address of your import server. You can do this by adding the following entry in the Hosts le on each workstation: IP_address_of_the_import_server ZENWSIMPORT The Hosts le in a Windows 2000/XP system is located in System32\Drivers\Etc. On a Windows 98 system, the Hosts le is in the Windows folder. You must add the same entry in the Hosts le on all workstations. Because of the cumbersome nature of this task, we do not recommend this option for most organizations. To verify that the workstation can resolve the import service hostname, open a command prompt on the workstation and enter ping ZENWSIMPORT.

If the workstation is outside the rewall, the workstation cant contact the import server directly. Instead, it creates an XML document and sends it to the Middle Tier server. After receiving this request, the Middle Tier server looks up ZENWSIMPORT using either the Hosts le or DNS.
Congure Registry Keys
You can also import workstations by conguring a workstation registry key. This strategy is very useful in situations where you have implemented multiple import servers in your network and you want workstations to register with a specic server. This is a task that cant be accomplished with the DNS resolution method discussed earlier, unless you have subdivided your DNS zone. This is because a DNS A record can resolve only one IP address, making the use of multiple import servers impossible. By using a registry key value you can specify a different import server for each workstation on your network. The registry key that contains the values that can be used during the import process is zenwsreg in HKEY_LOCAL_MACHINE\Software\Novell\ ZENworks\. To control the import server that the workstation communicates with, you create a new string value called ImportServer in the zenwsreg key, and set its value to the IP address or DNS name of the import server. An easy way to distribute this registry key to a group of workstations is to create a ZENworks application object. An application object is an object in the eDirectory tree that represents the installation tasks and launch tasks that need to be performed when running an application from ZENworks.

4-22
Version 1
You create and congure application objects using ConsoleOne.
Application objects are discussed in greater detail in Chapter 9, Identify Application Object Conguration Options on 9-3.
To create an application object that distributes the import server registry key, do the following:
1.
During the installation of the ZENworks agent, choose to automatically launch Application Window or Application Explorer. Create an application object that runs only the first time a user logs in: a. b. c. Right-click the container where you want to create the application object. Select New > Application. Select A simple application (no .AOT/.AXT/.MSI); then select Next.
2.
d. In the Object eld, type a descriptive name for the application object; then select Next. e. f. Select Next. From the System Requirements screen, select Next.
g. From the Associations screen, select Add. h. Select the users, group, or container of users that you want to associate with this application object. i. j. Select OK. Force the application to run by selecting the Force Run check box.
Force Cache is not required to modify a workstations Registry.
x
Version 1
k. Deselect the App Launcher check box.
4-23
l.
Select Next.
m. Select the Display details after creation check box. n. Select Finish.
3.
Configure the application to distribute the registry settings to locate the import server: a. b. c. e. f. Select Distribution Options > Registry. Under Registry Settings, select HKEY_LOCAL_MACHINE. Select Add > Key. With the Software key selected, select Add > Key. Name the key Novell.
d. Name the key Software.
g. With the Novell key selected, select Add > Key. h. Name the key ZENworks. i. j. l. With the ZENworks key selected, select Add > Key. Name the key zenwsreg. In the Value Name eld, enter ImportServer.
k. With the zenwsreg key selected, select Add > String. m. In the Value Data eld, enter your servers IP address or DNS name; then select OK. n. Select the Availability > Distribution Rules tab. o. Select Add > Registry. p. For the key enter the following: HKEY_LOCAL_MACHINE\Software\Novell\ZENwor ks\zenwsreg q. For the value name enter ImportServer. r. Select OK twice.
4.

4-24
Reboot the workstation and login.
Version 1
5.
After logging in, either the Application Window or Application Explorer will run the application.
When the Registry method is used, the user has to either reboot the workstation or log out and back in to the workstation.
Congure AWI Logging

In addition to the IP address of the import server, you can also deliver Registry keys that enable AWI logging to troubleshoot a workstation that you cant import. To congure AWI logging, do the following:
1.
In your application object, within the HKEY_LOCAL_MACHINE Software\Novell\ZENworks\ zenwsreg Registry key, create a DWORD value called LogLevel. Set the LogLevel value to one of the following:

2.
For standard logging, use the value 1. For verbose logging, use the value 2.
3.
Redistribute the application; then run zwsreg.exe manually or perform one of the above-mentioned events. On the workstation being imported, navigate to C:\Program Files\Novell\Zenworks\ and open Zenwsreg.log to view logged information.
4.

Register Workstations
The registration of workstations involves the following les: Table 4-3
File zenwsreg.dll Purpose Performs workstation registration tasks. Typically this is executed by Workstation Manager or zwsreg.exe. If executed, calls Zenwsreg.dll. This executable can be used to manually kick off the registration process. Contains strings used by Zenwsreg.dll. Location %*ProgramFiles% \Novell \Zenworks\
zwsreg.exe
%*ProgramFiles% \Novell \Zenworks\
zenwsrgr.dll
%*ProgramFiles% \Novell \Zenworks \Nls\English\
You can manually register workstations by running ZWSREG with the following options: Table 4-4
Option -importserver server_ip_address Description Species the IP address of the import server. This overrides the IP address contained in the Registry or that resolved by ZENWSIMPORT host name. Species the DN of the workstation import policy that the server should use to import the workstation. Using this option overrides the effective policy of the server.
-importpolicy policy_DN

(continued)
Table 4-4
Option -importws new_workstation_DN
Description Species the DN of the workstation object that the import server should create. Using this option overrides the effective policy of the server.
-unreg
Removes the registry keys that contain the workstations identication information. This option should be used prior to making your base image or when you need to re-import the workstation.

Objective 3
Describe Automatic Workstation Removal (AWR)

After importing a workstation object into the eDirectory tree, the workstation associated with the object is updated on a regular basis. This update provides information (such as the machines IP address) that is necessary for managing the workstation. AWI includes the Automatic Workstation Removal (AWR) service and provides management of the entire lifecycle of a workstation, from the creation of its object to its removal. To describe AWR, you need to know the following:

What AWR Is How AWR Works
What AWR Is
If a workstation is removed from the network, the workstation object will be unaware of this change. Automatic Workstation Removal (AWR) lets you congure a server service to automatically determine the last time the workstation was updated and then remove it if that time is greater than a specic number of days. Another important reason to implement automatic workstation removal is to ensure that duplicate workstations are removed. While ZENworks provides several built-in methods for preventing duplicate workstations, there are times when you may end up with two workstation objects in the tree that represent the same physical workstation. physical workstation will update one VIEW ONLY Theunused workstation object only be removed.workstation object; the will NO PRINTING ALLOWED
How AWR Works

The following describes the process of how AWR works:
1.
The AWR service loads when the server starts. This is typically done on a NetWare server as part of the zfdstart.ncf le, and on a Linux server as part of the /opt/novell/zenworks/bin/ZDMstart daemon.
2.
When the AWR service loads, it finds its effective Workstation Removal policy. The schedule is read to determine when the automatic removal process should be run. Until that time the AWR service is running in a dormant state.
3.
4.
When the schedule is triggered the AWR service reads the Last Registered Time value in each workstation object in the container(s) specified in the policy. If the Last Registered Time value is older than the number of days specified in the Workstation Removal policy, then the workstation object is deleted.
5.

Objective 4
Implement Automatic Workstation Removal (AWR)

To implement Automatic Workstation Removal (AWR) on the Back End server, do the following:
1.
Install the AWR service. You do this as part of the ZENworks server installation.
2.
At a console prompt, verify that the AWR service is running by doing one of the following:
Enter JAVA -SHOW (NetWare) or Enter /etc/init.d/novell-zdm-awsi status (Linux)
3.
In the server package associated with the workstation removal server, enable the Workstation Removal policy. Display the properties of the workstation removal policy by selecting Properties.
4.

The Properties dialog lets you change values on the following tab pages:
Containers. The Containers tab page lets you congure the following:
Workstation Containers. Specify the containers that the AWR service will remove workstations from. Remove workstations from subcontainers. When you select this option, AWR looks for workstations in the specified containers and all subcontainers of those containers.

Limits. When you select the Limits tab, the following appears:
Figure 4-7
Specify the number of days since the last registration to indicate when a workstation object should be deleted.
Schedule. When you select the Schedule tab, the following appears:
Figure 4-8

From this tab page, you can specify how frequently and for how long the AWR service reads the workstation objects and deletes those objects that have not been updated inside the limits.
5. 6. 7.
When you finish, save the changes to the policy by selecting OK. Save the changes to the policy package by selecting OK. Unload and reload the AWR service on the server. This causes the service to read the policy and then apply it.
8.
After the first time that the schedule is reached, check the zenwsrem.log file to see which workstations were removed by the AWR service.
The following are guidelines you can use when configuring the Workstation Removal policy:
Configure a schedule that causes the service to run when the server is not being heavily used. Configure a threshold of days that meets the needs of your organization. Configure the server to remove workstations from all local replicas.

Exercise 4-1
Import Workstation Objects into the Tree

In this exercise, you create and congure a workstation import policy to import workstation objects into the workstations container using a the zenwsreg registry key to locate the import server. You also edit the Host le on DA1 to enable the middle tier server to locate the import server for the workstation. You use the following Host computers and VMware virtual machines:
Figure 4-9
WS2 WinXP Pro XP2 10.200.200.12
To import the WS1 and WS2 workstation objects into DA-TREE, do the following:
Part I: Add a ZENWSIMPORT Entry to the Hosts file on WS1 and WS2 Part II: Enable and Configure the Workstation Import Policy

4-34
Version 1
Part III: Create an Application Object to Distribute Workstation Import Registry Keys Part IV: Verify that Importing Workstation Objects Works
Part I: Add a ZENWSIMPORT Entry to the Hosts le on WS1 and WS2
Before importing a workstation into eDirectory, you need to make sure that the ZENworks workstation import service (ZENWSIMPORT) resolves to the IP address of your ZENworks Desktop Management server. Although you can create a DNS record on the ZENworks server (in this case, DA-ZEN) to resolve ZENWSIMPORT for all workstations on the network, you can also modify the Hosts le on each workstation to perform the same task. In this exercise, you modify the Hosts le on WS1 and WS2 by doing the following:
1.
Make sure you are logged in to the WS1 workstation as Student (Workstation only) with a password of novell. From Windows Explorer on the WS1 desktop, open the following file in Notepad: C:\WINDOWS\system32\drivers\etc\hosts
2.
3.
Under the 127.0.0.1 entry for localhost, enter the following: 10.200.200.250 zenwsimport
Make sure you have an empty line following the entry by pressing Enter.
4.
When you finish, select File > Exit; then save the changes by selecting Yes. Select Start > Run; then enter cmd and select OK.

Version 1
5.
4-35
6.
Test the Hosts file entry by entering the following: ping zenwsimport You should receive a reply from 10.200.200.250.
x
7. 8.
If you receive an error message such as Request timed out, check the Hosts le to make sure you typed the entry correctly.
Close the command prompt window. Repeat Steps 1-6 for WS2.
Part II: Enable and Congure the Workstation Import Policy
Do the following:
1.
Verify that the AWI service is running on DA-ZEN: a. From the Host1 computer on the DA-ZEN desktop, open a terminal window (select the icon with a monitor and a seashell). From the shell prompt, switch to the root user by entering su - and a password of n0v3ll. Enter the following: /etc/init.d/novell-zdm-awsi status A message appears indicating that both the Import daemon and the Removal daemon are running. d. Close the terminal window by entering exit twice.
b. c.
2.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin.slc.da with a password of novell. From your Host2 computer desktop, start ConsoleOne. Right-click DA-ZEN Server Package.Policies.slc.da; then select Properties.
3.

4-36
Version 1
The Properties of DA-ZEN Server Package dialog appears.

5. 6.
Enable the Workstation Import policy (select the check box). Select Properties. A Properties dialog for Workstation Import appears.
7. 8.
Make sure the Containers tab is selected; then select Add. Browse to and select slc.da; then select OK. The slc.da container is added to the Workstation containers list.
9.
Select the Platforms tab; then make sure that the General page is selected. Selected Container.
10. From the Create workstation object drop-down list, select 11. Select the button to the right of the Path field.
A Select Object dialog appears.

12. Browse to and select Workstations.slc.da; then select OK. 13. On the Platforms > General page, select the Naming tab. 14. From the Add name field list, select MAC Address; then select
Remove.
15. Select Add.
An Add Name Field dialog appears.

16. From the Name fields list, select <User Defined>; then select
OK. An Add String dialog appears.

17. In the Add String field, enter --; then select OK. 18. Select Add. 19. Scroll down and select OS; then select OK.
VIEW ONLY 20. NO PRINTING 21. ALLOWED

Version 1
Select the Limits tab. In the User login number field, change the setting to 1.
4-37
22. Select OK.
You are returned to the Properties of DA-ZEN Server Package dialog.

23. Save the changes by selecting OK.
Part III: Create an Application Object to Distribute Workstation Import Registry Keys
In this part of the exercise, you create an application object that delivers the zenwsreg Registry keys to the users in the Users.slc.da container. Do the following:
1.
From ConsoleOne on your Host2 computer, right-click Apps.slc.da; then select New > Application. A New Application Object dialog appears.
2.
Make sure that A simple application (no .AOT/.AXT/.MSI file) is selected; then select Next. In the Object Name field, enter WS Import; then select Next. From the Path to file page, select Next. From the Add rules to control availability of this application page, select Next. From the Add user and workstation associations page, select Add. Browse to and select Users.slc.da; then select OK. An Add Container Associations dialog appears.
3. 4. 5.
6.
7.
8.
Make sure that Users within this Container is selected; then select OK. An entry for Users.slc.da is added to the list.

4-38
Version 1
Notice that there are several icons you can enable (check) for the Users.slc.da entry. As you move your cursor over an icon, the icon name is displayed below the list (Column Name).
9.
Force the application to run by selecting the Force Run icon (the first icon to the left); then select Next. A summary page appears listing the settings for the application object.
10. Select Display details after creation; then select Finish.
A Properties of WS Import dialog appears.

11. Create a Registry key for ImportServer:
a. b. c. e. f.
Select the Distribution Options > Registry tab page. Under Registry Settings, select HKEY_LOCAL_MACHINE; then select Add > Key. Name the key Software. Name the key Novell. With the Novell key selected, select Add > Key.
d. With the Software key selected, select Add > Key.
g. Name the key ZENworks. h. With the ZENworks key selected, select Add > Key. i. j. Name the key zenwsreg. With the zenwsreg key selected, select Add > String.

k. Enter the following: Value Name: ImportServer Value Data field: da-zen.digitalairlines.com
l.
When you nish, select OK.

The following is displayed in Registry Settings: Figure 4-10
12. Select the Availability > Distribution Rules tab page. 13. Select Add; then select Registry.
A Registry Rule dialog appears.

14. In the Key field, enter the following (case-sensitive; all on one
line): HKEY_LOCAL_MACHINE\Software\Novell\ZENworks\ zenwsreg

15. Make sure Key exists is selected. 16. In the Name field, enter ImportServer. 17. Make sure Value does not exist is selected; then select OK. 18. Save the changes to the WS Import object by selecting OK.

Part IV: Verify that Importing Workstation Objects Works
Do the following:
1.
From your WS1 workstation on the Host2 computer, use the Novell Client to log in as CKent with a password of novell. After authenticating, run regedit and verify that the zenwsreg key you created in Part III was delivered to WS1: a. b. c. From the WS1 workstation desktop, select Start > Run. In the Open eld, enter regedit; then select OK. The Registry Editor dialog appears. Browse to and expand the zenwsreg key: HKEY_LOCAL_MACHINE SOFTWARE Novell ZENworks zenwsreg d. Make sure the following value is included in the zenwsreg key:
2.
ImportServer: da-zen.digitalairlines.com
e.
3.
When you nish, close the Registry Editor.
From a Command Prompt window, import the workstation into eDirectory by entering zwsreg. After a few moments, a message appears indicating that WS1--WINXP was successfully imported into workstations.slc.da. If an error message appears with an error code of 0, the workstation was successfully imported when you logged in to WS1.

Version 1
You could have also imported the workstation automatically by simply rebooting the workstation.
4-41
4. 5.
From the WS1 desktop, close all open windows. From the WS2 virtual workstation, log off; then log in using the ZENworks Desktop Management login dialog (without the Novell Client) as BWayne with a password of novell. After authenticating, run regedit and verify that the zenwsreg key you created in Part III was delivered to WS2: a. b. c. From the WS2 workstation desktop, select Start > Run. In the Open eld, enter regedit. The Registry Editor dialog appears. Browse to and expand the zenwsreg key: HKEY_LOCAL_MACHINE SOFTWARE Novell ZENworks zenwsreg d. Make sure the following value is included in the zenwsreg key:
6.
ImportServer: da-zen.digitalairlines.com
e.
7.
When you nish, close the Registry Editor.
Open a Command Prompt window; then import the workstation into eDirectory by entering zwsreg. After a few moments, a message appears indicating that WS2--WINXP was successfully imported into workstations.slc.da. If an error message appears with an error code of 0, the workstation was successfully imported when you logged in to WS2.
x
4-42
You could have also imported the workstation automatically by simply rebooting the workstation.
Version 1
8. 9.
From the WS2 desktop, close all open windows. Verify that the workstations were imported into DA-TREE: a. From your Host2 computer in ConsoleOne, navigate to and open Workstations.SLC.DA. The WS1 - WINXP and WS2 - WINXP workstation objects are displayed. b. Close ConsoleOne.
(End of Exercise)

Summary
Objective
1. Describe
Automatic Workstation Import (AWI)
What You Learned Automatic Workstation Import (AWI) provides simplied, hands-off management of workstations. When a workstation is imported, a corresponding workstation object is created in eDirectory. To understand AWI, you need to know the following:
AWI terminology:

Import server AWI service Workstation Import policy
How AWI works

Objective
2. Implement
Automatic Workstation Import (AWI)
What You Learned To implement Automatic Workstation Import (AWI), you need to do the following:
Verify that AWI is working The rst task in implementing AWI is to make sure the AWI service is running. Without this service, you cant create workstation objects.
Congure the AWI policy Enable workstations to nd the import server To import a workstation automatically, the Workstation Manager component must be able to access the import server running the AWI service.
Congure AWI logging In addition to the IP address of the import server, you can also deliver Registry keys that enable AWI logging to troubleshoot a workstation that you cant import.
Register workstations You can manually register workstations by running ZWSREG.
3. Describe
Automatic Workstation Removal (AWR)
AWI includes the Automatic Workstation Removal (AWR) service and provides management of the entire lifecycle of a workstation, from the creation of its object to its removal. To describe AWR, you need to know the following:
What AWR is Automatic Workstation Removal (AWR) lets you congure a server service to automatically determine the last time the workstation was updated and then remove it if that time is greater than a specic number of days.

Version 1
How AWR works
4-45
Objective
4. Implement
Automatic Workstation Removal (AWR)
What You Learned To implement Automatic Workstation Removal (AWR) on the backend server, you do the following:
1. Install the AWR service. 2. At a console prompt, verify that the AWR service is running. 3. In the server package associated with the workstation removal server, enable the Workstation Removal policy. 4. Display and congure the properties of the workstation removal policy by selecting Properties. 5. Unload and reload the AWR service on the server.

Implement User Package Policies
SECTION 5
In this section, you learn how to implement User package policies.
Objectives
1. 2. 3. 4.
Create and Associate a User Policy Package Enable and Configure User Package Policies Identify Common Configurations Set Through User Policies Plan User Policy Package Deployment

Introduction
ZENworks provides policies to customize a workstation to meet user requirements. These policies are stored in a User package. You customize a workstation environment by installing iPrint printers, conguring desktop settings, controlling a workstation remotely, scheduling actions, and controlling thin-client server session settings. A User policy package is an eDirectory object that can be associated with users, user groups, or container objects in eDirectory.
For complete information on User package policies, refer to Setting Up User and Workstation Package Policies on page 135 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Objective 1
Create and Associate a User Policy Package

To customize a workstation environment, you create and associate a User policy package in eDirectory with a user or container object. To do this, you need to know how to do the following:

Create a User Policy Package Associate the User Policy Package
Create a User Policy Package

To create a User package, do the following:
1. 2.
Start ConsoleOne. Right-click the container where you want to create a user policy package and select New > Policy Package. From the left pane, select User Package.
3.

A list of policies in the User package appears: Figure 5-1
4. 5.
Select Next. In the Policy Package Name field, enter a user package name; then select Next. From the Summary page of the Policy Package wizard select Finish.
6.
Associate the User Policy Package

To associate the user policy package, do the following:
1.
Display the properties of your User policy package.

The Policies page tab appears, as in the following. Figure 5-2
The Policies tab page includes the following tabbed pages: Table 5-1
Page General Description Use to congure policies for all workstations regardless of operating system. Use to congure policies for Windows 98 workstations. If you dont want to treat Windows NT/2000/XP workstations as separate platforms, use this page to congure policies for Windows NT/2000/XP workstations. You can use this page to set policies for workstations by using earlier versions of ZENworks.
Windows 9x
Windows NT-2000-XP

Version 1
5-5
(continued)
Table 5-1
Page Windows NT
Description Use to congure policies for Windows NT computers. Use to congure policies for Windows 2000 workstations. Use to congure policies for Windows XP workstations. Use to congure policies for Windows 2000 or Windows 2003 Terminal Servers. Note that Terminal Servers do not support Remote Control policies. NOTE: You must be running the Desktop Management Agent to congure and enable policies for Terminal Servers. You should use this page if you want to set policies that apply to both platforms. If you want to treat Windows 2000 and Windows 2003 Terminal Servers as separate platforms, use one of the specic platform pages. Because earlier versions of ZENworks did not support Terminal Servers, policies enabled on this page are applied only on workstations that have been upgraded to ZENworks for Desktops 4 or later.
Windows 2000
Windows XP
Windows 2000-2003 Terminal Server
Windows 2000-2003 Terminal Server (continued)
NOTE: Terminal Servers support only the following policies: Novell iPrint, Windows Desktop Preferences, Windows group, User Extensible policies, Dynamic Local User, and Windows Terminal Servers.

(continued)
Table 5-1
Page Windows 2000 Terminal Server
Description Use to congure policies for Windows 2000 Terminal Servers. Terminal Servers do not support Remote Control policies. Because earlier versions of ZENworks did not support Terminal Servers, policies enabled on this page are applied only on workstations that have been upgraded to ZENworks for Desktops 4 or later.
Windows 2003 Terminal Server
Use to congure policies for Windows 2003 Terminal Servers. Terminal Servers do not support Remote Control policies. Because earlier versions of ZENworks did not support Terminal Servers, policies enabled on this page are applied only on workstations that have been upgraded to ZENworks for Desktops 4 or later.
2.
To associate the User policy package with an object, do the following: a. b. c. From the properties dialog, select the Associations tab. Select Add. Select the object that the policy package is to be associated with; then select OK.
3.

Objective 2
Enable and Congure User Package Policies

Before conguring User package policies, you need to understand the various types of policies and their functions. You can enable and congure the following policies in a User package to customize the workstation environment:

Dynamic Local User Policy Novell iPrint Policy Remote Control Policy Scheduled Action Policy User Extensible Policy Windows Desktop Preferences Policy Windows Group Policy
Dynamic Local User Policy

You can use the Dynamic Local User policy to create an account on a Windows NT/2000/XP workstation when a user authenticates to eDirectory. You can congure users created on Windows NT/2000/XP workstations and Terminal Servers. The new account is stored in the workstations Security Access Manager (SAM). SAM is a database on the local workstation that stores information about local users logging in to the workstation. As a result, users do not need to remember passwords to individual workstations. The Dynamic Local User policy lets you restrict dynamic local user access to specic workstations and containers. You need to list the workstations and containers that a user can or cannot access.

5-8
Version 1
You can congure the Dynamic Local User policy to use either of the following:
A local nonvolatile account. If a user accesses only one workstation, you can configure the Dynamic Local User policy to create a local account that should not be deleted. The les you create or modify while working on the workstation are stored on the workstations local drive and are associated with the security identier (SID). A SID is a unique identier given by Windows when a user account is dynamically created on a workstation upon login. In Windows NT/2000/XP, the SID is a unique alphanumeric string that identies each operating system and each user on a network of Windows NT/2000 systems. Using the local account lets you save les on the local hard drive and access the les later.
A local volatile account. You can configure the Dynamic Local User policy to create a local volatile account. A volatile account is created upon user login and is deleted when the user logs out. This prevents the SAM database from becoming large and cluttered. If you congure a policy to use a volatile account, the account and its unique SID are deleted when the user logs out. If you are a volatile user, you are assigned a SID at the next login. Roaming proles can be used in conjunction with volatile users so users obtain customized settings, regardless of the workstation they log in to. This also restricts the size of the SAM database.
x
Version 1
To properly manage group priorities, do not allow users associated with dynamic local users to be members of multiple groups.
5-9
To congure the dynamic local user policy, do the following:

1. 2.
Display the properties of your User policy package. Specify the platform in the Properties Of User Policy Package dialog by selecting Policies > your operating system. Enable the dynamic local user policy by selecting Enabled next to Dynamic Local User. Display the properties of the Dynamic Local User policy by selecting Properties. The Properties dialog appears with the Dynamic Local User page displayed:
3.
4.
Figure 5-3

5-10
Use this page to congure users who have authenticated to eDirectory. You can also congure users on the Windows workstation after logging in to the workstation.
Version 1
The following are conguration options and their effects: Table 5-2
Option Enable Dynamic Local User Effect Enables creation of a user object that resides either temporarily or permanently in the workstation's Security Access Manager (SAM) database. NWGINA requires that you specify whether a local user is to be created. If the Enable Dynamic Local User check box is selected, NWGINA gets the user name from the conguration object and queries the local SAM to see if the user name already exists. If the user name does exist, NWGINA authenticates the user to the workstation or Terminal Server and access is granted. If it does not exist, NWGINA creates the user in the SAM on the local workstation or Terminal Server. NOTE: If password restriction policies are set on the local workstation or Terminal Server, the Dynamic Local User is not used. The password that dynamic local user uses for the local account must meet local workstation password restrictions.

(continued)
Table 5-2
Option Manage existing user account (if any)
Effect Allows management through the existing user account. Enable this option if the user object you want to manage already exists. Workstation group assignments specied by Workstation Management are implemented, including changing the account from nonvolatile to volatile when the user logs in to the account. The account is also removed from the workstation after the user logs out. If this option and the Volatile User option are both selected, and the user has a permanent local account that uses the same credentials specied in eDirectory, the permanent account is changed to a volatile (temporary) account. The account is managed, but is removed when the volatile user cache age is reached or the user logs out. Any settings you change here overwrite the current account settings at the workstation or Terminal Server. If this option is not enabled, Workstation Management cannot manage the existing user object.

(continued)
Table 5-2
Option Use eDirectory credentials
Effect Enables logging in through the user's eDirectory credentials instead of Windows NT/2000/XP credentials. When creating the user account, NWGINA can use either the same credential set used for eDirectory authentication or a predetermined credential set specied in the Conguration object. When using eDirectory credentials to create the workstation user account, NWGINA queries the user's eDirectory account for the login name, full name, and description. The password for the Windows NT/2000/XP user account is the same as that for the eDirectory user account. If eDirectory credentials are not used, the account is always volatile and is not accessible. Full Name and Description can also be included to provide a complete user description. If you don't use eDirectory credentials and the user account does not already exist (as indicated by the Manage Existing User Accounts check box), the user account is created as a volatile user account, which means that the user account is automatically deleted at logout. This is apparent because the Volatile User check box is automatically enabled if the Use eDirectory Credentials check box is not enabled.

(continued)
Table 5-2
Option Volatile user (Remove user after logout)
Effect Species the use of a volatile user account for login. The user account that NWGINA creates on the local workstation can be either a volatile or a nonvolatile account. Be aware that if you select both the Volatile User (Remove User After Logout) and Manage Existing User Account (If Any) check boxes, the volatile user account is removed when the user logs out, even if the account existed before the user logged in using the Dynamic Local User policy.
User name
The NT/2000/XP user name. The user name (not including the context) must contain fewer than 20 characters for a dynamic local user to log in. The user's full name. Enter any additional information that helps you to further identify this user account. Lists the groups where this user has membership. When NWGINA creates the workstation user, it can provide group membership to any user groups. The groups that the user is added to are listed in the Members Of list. The default conguration is for the user to be added to the Users group. Other groups can be added by selecting the group and selecting Add.
Full name Description
Member Of
Not Member Of
Lists available groups where this user has not been assigned as a member. Use to add groups to the Member Of list. Use to remove groups from the Member Of list.
Add

5-14
Remove
Version 1
The Dynamic Local User tab also contains two other pages:
Restrictions. Lets you list the workstations or containers that the Dynamic Local User policy should work on. File Rights. Lets you list specic NTFS le system rights for paths on the workstation to dynamically grant the new dynamic user rights to the workstations le system.
5.
Close the properties dialog by selecting OK.
Novell iPrint Policy

The Novell iPrint policy lets you distribute a Novell iPrint client that can be placed on workstations. Using the Novell iPrint client, users can print to iPrint printers across the Internet just like any other printer, regardless of the printer's physical location. The Novell iPrint policy also lets you push printers to the user or workstation. The Novell iPrint policy is contained in both the User package and in the Workstation package. The information in this topic applies to both packages; however, there are differences between the two. When you congure the Novell iPrint policy contained in the User package, the policy applies to all associated users regardless of the workstation they use. When you congure the Novell iPrint policy contained in the Workstation package, the policy applies to all users who log in to an associated workstation.
x
Version 1
Unless you are running NetWare 6.5 SP2 or later, you must download the latest Novell iPrint utility le from TID 2969590.
5-15
Before conguring the Novell iPrint policy, you need to be aware of the following:
NetWare server. To use the iPrint client, you must have at least one NetWare server or Linux server in your system. If you choose to not use the iPrint client, you can still use your existing Microsoft printing setup outside of Desktop Management. Desktop Management Agent. You must also install the Desktop Management agent on each workstation that you want to run the iPrint client on; the policy will not run on a workstation that uses only the Novell Client. Using the Novell iPrint Policy for the Windows NT/2000/XP platforms contained in the User package (iPrint.ini). If you configure the Novell iPrint policy as part of a User package to be pushed to Windows NT/2000/XP workstations, you must change the AllowUserPrinters value in the Iprint.ini file from the default value of 0 to 1. Using the Novell iPrint Policy in conjunction with the Dynamic Local User or Windows Desktop Preferences policies (DLU). If you are managing user profiles using the Dynamic Local User or Windows Desktop Preferences policy, you must rename the native Microsoft Internet Print Provider (inetpp.dll) registry reference. Renaming this registry reference ensures that user proles are properly closed or deleted when users log out. If user proles remain open, when users log back in to workstations, the prole remains locked, causing multiple user accounts to be created. To prevent this situation, you should change the following registry value:
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Contro l\Print\Providers\Internet Print Provider\Name

5-16
from Inetpp.dll to Inetpp.old.
Version 1
Using the Novell iPrint policy on Windows 2000 Terminal Servers. When you push a Novell iPrint secure printer to a Windows 2000 Terminal Server user's thin-client session using the Novell iPrint policy contained in the user package, the user must be authenticated to the printer. If you observe that the iPrint secure printer did not get pushed down, there might be an authentication problem. If this is the case, an authentication dialog box displays on the Terminal Server's console and you must then authenticate the user.
To congure the iPrint policy, do the following:

1. 2.
Display the properties of your User policy package. Specify the platform by selecting Policies > your operating system in the Properties of User Policy Package dialog. Enable the Novell iPrint policy by selecting Enabled next to Novell iPrint Policy. Display the properties of the Novell iPrint policy by selecting Properties.
3.
4.

The Properties dialog appears with the Client Install page of the Novell iPrint tab displayed: Figure 5-4
The following are the available conguration options: Table 5-3

Option Path to the Novell iPrint Client Install Description Use to specify the path to the iPrint client setup le. The iPrint client setup les can be extracted from the nipp.exe le in the following directories on your iPrint server:
sys:\login\ippdocs or sys:\apache2\htdocs (NetWare) /var/opt/novell/iprint/htdocs (Linux)

5-18
Language
Use to specify the language.
Version 1
(continued)
Table 5-3
Option Version
Description Use to specify the version number. The number you enter in this eld is not the version number of the iPrint client. To force a new iPrint policy, you upgrade the version number. Enable this option to reinstall the iPrint client if the iPrint client listed in the Path to the Novell iPrint Client Install is newer than the one installed on the workstation. Use to reboot each workstation after installing the iPrint client. Enable this option if you are performing an installation after working hours.
Re-install client if higher version
Force Reboot
5.
Specify the path to the iPrint client file by selecting the Browse button. From the Language drop-down list, select your language. Reboot each workstation after installing the iPrint client by selecting Force Reboot. Select Novell iPrint Policy > Settings.
6. 7.
8.

The Settings page appears: Figure 5-5

Option Printers to be install (default printer on top) Description Lists the iPrint printers that will be installed on the workstation. Depending on users' driver signing settings, user workstations might display a This driver is not digitally signed message when the printer is installed. If you do not want users to see this message, you can change this setting in the Control Panel of each workstation (System > Hardware > Driver Signing) or you can change this setting using a Windows group policy in Desktop Management.

5-20
Version 1
(continued)
Table 5-4
Option Add
Description Use this button to browse to a printer to add to the Printer list. The rst printer in the list is the default printer. You can change the default printer to any printer in the list by selecting the printer and by selecting the Set as Default option.
Remove
Use to remove printers from the list of printers. Use to set a printer as the default printer on the workstation. Use to force a specic default printer every time the Novell iPrint policy runs. If a user changes the default printer, the default printer that you choose is set as the default each time this policy is run. Any iPrint printers that were pushed to the workstation by a previous version of the Novell iPrint policy are removed, unless they are listed in the Printers to Be Installed list box.
Set as Default
Force Default
Remove Any Installed iPrint Printer That Is Not Included in This List of Printers
Windows 2000/XP and Windows 2000/2003 Terminal Servers. If you are conguring the Novell iPrint policy contained in the user package, enabling this option removes only those iPrint printers that were pushed to the workstation or Terminal Server using the Novell iPrint policy in the User package.

(continued)
Table 5-4
Option Remove Any Installed iPrint Printer That Is Not Included in This List of Printers (continued)
Description
Windows 2000/XP. If you are conguring the Novell iPrint policy contained in the Workstation package, enabling this option removes only those iPrint printers that were pushed to the workstation using the Novell iPrint policy in the Workstation package. Additionally, if you enable this option in the Novell iPrint policy contained in the Workstation package, and the user of that workstation is locked down, that user will not have sufcient rights for that iPrint printer to be removed.
Windows 98. If you are conguring the Novell iPrint policy contained in either the Workstation package or the User package, the printers are installed as workstation printers, regardless of which type of package they were installed from. Enabling this option removes any iPrint printers that were pushed to the workstation using the Novell iPrint policy in either package.
Address for Printing Outside the Firewall
If you have workstations that are physically located outside the rewall, specify the proxy, rewall, or Network Address Translation (NAT) router address followed by a colon (:) and the port number, if necessary. If you have workstations outside of the rewall that use Novell iPrint printers, you must open port 631. If you have workstations outside of the rewall that use secure printers that are not Novell iPrint printers, you must open port 443 (the standard port number for secure printers coming through a rewall).

5-22
If workstations are not located outside of the rewall, you should leave this eld empty.
Version 1
(continued)
Table 5-4
Option Address for Printing Outside the Firewall (continued) 9.
Description If you are using NetWare 6.5 and have workstations outside of the rewall, you must have a server proxy set up in order to use the Novell iPrint policy.
Add a printer to the list by selecting Add. Set as default.
10. Specify the default printer by selecting the printer and selecting 11. Close the Properties dialog by selecting OK.
Remote Control Policy

You use the remote control policy to set parameters to perform remote management operations on a managed workstation.
This policy is covered in detail in Section 14, Congure Remote Management Policies on 14-14.
Scheduled Action Policy

The Scheduled Action policy sets up schedules for specic actions that you specify. As many as 15 items can be placed in an action. The Scheduled Action policy is contained in both the User package and in the Workstation package. When you congure the Scheduled Action policy contained in the User package, the policy applies to all associated users regardless of the workstation they use. The Scheduled Action policy is a plural policy, meaning it can be added many times to the policy package. Plural policies let you have multiple instances of the same policy type within the same policy package.

Version 1
5-23
Because you can have several different actions that you might want to run on different schedules, when you add a Scheduled Action policy to the policy package you should name it to reect the action being scheduled. The Scheduled Action policy is available for each of the platform pages.
Because scheduled actions do not apply to Terminal Server sessions, the Add button has been disabled on the Windows 2000-2003 Terminal Server, Windows 2000 Terminal Server, and Windows 2003 Terminal Server platform pages. Only those policies that are run before the Terminal Server's desktop is started apply to Terminal Server sessions.
To congure the Scheduled Action policy, do the following:

1. 2.
Display the properties of your User policy package. Specify the platform by selecting Policies > your operating system in the properties of User Policy Package dialog. Add the Scheduled Action policy by selecting Add. Enter a descriptive name for the policy; then select OK. Enable the Scheduled Action policy by selecting Enabled next to the Scheduled Action policy. Display the properties of the Scheduled Action policy by selecting Properties.
3. 4. 5.
6.

The Properties dialog appears with the Actions page of the Actions tab displayed: Figure 5-6
7.
Select Add. Fill in the following elds:
Table 5-5
Field Name Working Directory
Description The name of the action item. Generally, this is the path where the executable le for this action is located. It can be a different path if the program requires it. The parameters to pass to the action item. For more information, see the documentation associated with the executable le specied in the Working Directory eld.
Parameters

Version 1
5-25
(continued)
Table 5-5
Field Priority
Description The importance assigned to this action in relation to the user's access to the workstation. The length of time this action can run before the system stops it. The assumption is that if it takes longer than a specied time to run, there might be a problem associated with running this action and the action should be terminated.
Terminate TIme
8. 9.
When you nish, select OK. (Conditional) If you want the items to run in the order they display in the list, select Run Items in Order Listed. You can reorder the list with the Move Up and Move Down buttons.
10. Select the Policy Schedule tab.

The Policy Schedule tab page appears: Figure 5-7
11. From the drop-down list, select one of the following schedule
types:

Package Schedule Event Daily Weekly Monthly Yearly
You can select the Help button on the Schedule tab for more information about each schedule.

If you select the Event schedule type, and then select User Logout or System Shutdown, you need to be aware that some actions cannot occur before the user is logged out or the system shuts down. If actions that are scheduled at User Logout or System Shutdown do not function as expected, try changing the schedule to another event.
12. When you finish, save the policy by selecting OK. 13. Repeat Steps 1-12 for each platform where you want to set a
Scheduled Action policy.

14. When you have finished configuring all of the policies for this
package, continue with the steps under Associate the User Policy Package on 5-4 to associate the policy package.
User Extensible Policy

You use the User Extensible policy to congure and restrict user desktop settings using ADM les on Windows 98 SE and Windows NT 4. ADM les are templates for creating policies and provide attributes for users and workstations that can be customized. For example, you can add to the list of existing ADM les and congure their settings to create extensible policies. The following ADM les are included as part of the extensible policy by default:

\zen\admfiles\admin.adm (Windows 95/98) \zen\admfiles\common.adm (Windows NT/2000) \zen\admfiles\winnt.adm (Windows NT/2000) \zen\admfiles\zakwinnt.adm (Windows NT/2000)

5-28
Version 1
Extensible policies are not supported by Windows XP systems. While extensible policies do work on Windows 2000, the Windows group policy is designed for Windows 2000/XP workstations and provides most of the conguration available in user extensible policies and more. (The Windows group policy is discussed in the next topic.) You can use the User Extensible policy to provide a standard desktop environment for some users and restrict workstations for other users, if required. For example, you can remove desktop icons, remove Start button items, remove the Start button, and disable Control Panel utilities so a user cant change predened settings for a workstation. You can also specify a separate schedule for the User Extensible policy. Although most settings and restrictions in User Extensible policies are unique, some settings are found in the Windows desktop preferences policy or the Windows group policy. As a result, conguring the same settings in both policy types makes it difcult to manage effective policies. For example, you can congure the Windows desktop preferences policy to provide all users with specic wallpaper through a container association. You can also congure User Extensible policies to provide the same users with different wallpaper, also through a container association. With these user policies and both policy associations coming at the container level, it is impossible to predict which policy will be applied. As such, you cannot ensure a standard desktop environment. In addition, because both policies manipulate the environment of the same users, it creates an additional layer you must troubleshoot to solve problems.

Version 1
5-29
To congure a User Extensible policy, do the following:

1. 2.
Display the properties of your User policy package. Specify the platform by selecting Policies > your operating system in the Properties dialog. Enable the user extensible policy by selecting Enabled next to User Extensible Policies. Display the properties of the User Extensible policy by selecting Properties. The Properties dialog appears with the User Extensible Policies page displayed:
3.
4.
Figure 5-8


Option ADM Files Description Use to see the ADM les for the current policy package. You can add or remove an ADM le from this list. Use to see the policy attributes for the selected ADM le. You can expand and navigate across the policy tree to enable or disable each policy attribute. Use to add an ADM le for the current policy package. Enter the full path to the ADM le or browse the le. Use to delete the selected ADM les from the policy. This helps you remove policies that are in place as dened by that ADM le. Use to update the extensible policies applied to a user or a container on eDirectory authentication.
Policies
Add
Remove
Always update extensible policies on eDirectory authentication 5. 6.
Copy the settings to eDirectory by selecting Apply. Close the properties dialog by selecting OK.
Windows Desktop Preferences Policy

You use a Windows Desktop Preferences policy to congure the following:

Version 1
Roaming profiles. A roaming profile is a user profile stored on the network that provides a user with the same environment, regardless of the workstation the user accesses. The proles are accessed through eDirectory.
5-31
The Windows Desktop Preferences policy lets you store the roaming prole in the users home directory. Changes made to the users environment on one workstation are saved to the prole stored in the users home directory on the network. Roaming proles are either supported with the use of the Novell Client or if the roaming prole path points to a Windows or Common Internet File System (CIFS) share.
Roaming proles have been disabled in a NetWare environment where the workstations are not running the Novell Client. If workstations access the Middle Tier server using the Desktop Management agent, you must install the Novell Client if you want to use roaming proles.
Settings. You can use this policy to update the users desktop settings when the user authenticates to eDirectory by specifying a wallpaper, a screen saver, and a color scheme for the workstation. You can also change the layout and cursor size. For example, to provide a standard workstation environment for most users and a different conguration for a user with special needs, you can use the Windows Desktop Preferences policy. In addition, you can specify that customized settings made by users are available from any workstation the user logs in to.
To congure the Windows Desktop Preferences policy, do the following:

1. 2.
Display the properties of your User policy package. Specify the platform in the Properties of User Policy Package dialog by selecting Policies > your operating system. Enable the Windows Desktop Preferences policy by selecting Enabled next to Windows Desktop Preferences.

5-32
3.
Version 1
4.
Display the properties of the Windows Desktop Preferences policy by selecting Properties. The Properties dialog appears:
Figure 5-9

Option Roaming Proles Description Use to dene roaming proles for users associated with this policy.

(continued)
Table 5-7
Option Enable Storage of Roaming Proles
Description Use to store the roaming prole on the network. You can congure the following:
Override Terminal Server Prole Path. If the user is accessing a Terminal Server that has its own prole, enable this option to override the Terminal Server's prole and use the roaming prole stored in the user's home directory or the prole stored in the network directory location specied in the Path box. Store User Prole in Users Home Directory. Use to store the roaming prole on the network in the users home directory. Changes made to the users environment on one workstation are saved to the prole stored in the users home directory on the network.
Store User Prole in User's Home Directory: Stores the user prole in a network directory location. You use this option in an all-Windows environment. When you enable this option, the Path box becomes available.
5.
Store the roaming profiles on the network by specifying Enable Storage of Roaming Profiles. To use the roaming profiles, select Roaming Profiles. Configure desktop settings by selecting Desktop Preferences > Settings.
6. 7.

The Settings page appears: Figure 5-10

Option Console Description Use to congure the following:
Colors. Use to set screen text, screen background, popup text, and popup background. The values in the Selected Color Values box change according to the color selected.
Layout. Use to set the size and position of a window on the desktop. These values vary based on workstation resolution settings. Options. Use to specify the cursor size and display options.

Version 1
5-35
(continued)
Table 5-8
Option Display
Description Use to congure the following:
Background. Use to specify the wallpaper and its display type (tile or center). Screen Saver. Use to specify the screen saver and to congure the password for the screen saver. Appearance. Use to select a color scheme for workstations associated with this policy. Plus. Use to congure visual settings, such as using large icons, displaying window contents while dragging, displaying icons using all possible colors, and stretching the desktop wallpaper to t the screen.
Always update desktop settings on eDirectory authentication 8. 9.
Use to update user desktop settings when the user is authenticated to eDirectory.
Configure your desktop preferences. Close the Properties dialog by selecting OK.
Windows Group Policy

You can specify and edit group policies for Windows 2000/XP workstations (user package and workstation package) and for Windows 2000/2003 Terminal Servers (user package only). The Windows Group policy is contained in both the User package and in the Workstation package. When you congure the Windows Group policy in the User package, the policy applies to all associated users regardless of the workstation they use.

5-36
Version 1
When you congure the Windows Group policy in the Workstation package, the policy applies to all users who log in to an associated workstation. The Windows Group policy is an extension of extensible policies for Windows 2000/XP and Active Directory. There is some cross-over in policy settings between the Windows Group policy and Desktop Management extensible policies, such as under User Conguration > Administrative Templates. Unlike the extensible policy, the settings in a Windows Group policy are stored in the network le system, instead of the directory. As such you must specify the path where the policy les are located. For the following reasons, you must use UNC paths rather than mapped drives for importing this policy to Desktop Management:

Users could change their login scripts, altering drive mappings. Workstation objects are often logged in before users are, so there are no drive mappings available.
With UNC paths, as long as the server is available, the policy will be found. Group policies have changed signicantly since the ZENworks for Desktops 3 initial release, as described below:
Cumulative group policies. Group policies are now cumulative. This means that settings from multiple Windows Group policies are cumulatively effective, rather than only a single policy being effective. Settings from multiple Windows Group policies can affect users and workstations. Policies start with the local Windows group policy settings and are applied in reverse of the policy search order.

This means that a setting in a policy applied rst has lowest priority and its value is overwritten by any other policy with the same setting. Security settings are not additive; they are set by the last effective policy.
Revision checking. Windows Group policies now track the revision of the policies in effect. As long as the list of effective policies and their revisions remains the same, Windows Group policies are not processed, but use the cached group policy. Each time you select the Edit Policies button, the revision of a Windows Group policy changes, causing the policies to be reprocessed.
Group policy caching. The last-processed Windows Group policy is cached locally. This helps reduce network traffic by processing Windows group policies only if necessary. For example, if UserA logs in to a new machine, his or her effective group policies are processed and then cached. If UserA logs out and UserB logs in, and if UserB has the same effective group policies as UserA, the locally-cached group policy is restored instead of reprocessing Windows group policies. If the list of effective policies is different or if the revision is changed on any policy, the Windows Group policies are reprocessed. The Windows group policy settings in both the User package and in the Workstation package can remain in effect even when the workstation is disconnected from the network.
Persistent and volatile settings. You determine if Windows Group policies are persistent or volatile. The persistent setting indicates that when the Windows Group polices are set, they remain seteven if a user happens to log in only to a workstation and not to the network.

The volatile setting indicates that the original local Windows Group policy settings will be restored when:
The user logs out (the user group policy settings are removed) The system shuts down (the workstation group policy settings are removed)
Using group policies on Terminal Servers. You can configure Windows Group policies in a user package for Windows 2000 and Windows 2003 Terminal Servers. You can also use the Window 2000-2003 Terminal Server platform page if you want to set policies that apply to both platforms to make managing Terminal Servers easier. When conguring Windows Group policies for Terminal Servers, consider the following:
Applied settings types. Only the User Conguration settings under Applied Settings Types apply to Terminal Servers. The Computer Conguration and Security Settings options are not available for Terminal Servers. Logoff scripts. Logoff scripts are not supported in a Terminal Server environment.
Imported Security Settings: Imported security settings let you set only certain security settings without affecting all remaining security settings. Security settings can be imported from an Active Directory group policy or can be generated with the Security Conguration and Analysis snap-in in the Microsoft Management Console (MMC). When you import an Active Directory group policy containing security settings or import a security settings le, the imported settings are saved in a new le called Zensec.inf.

The security settings in Zensec.inf are used instead of the regular security settings displayed when editing the group policy in the MMC. The security settings shown in the MMC will not be accurate and any changes made will not be applied. If imported security settings are detected while editing a group policy, a message box informs the user that the security settings in Zensec.inf will be used in place of the regular security settings and gives the user the option of displaying the settings in the Zensec.inf le.
x
1. 2.
This is the preferred method for conguring security settings for Windows Group policies.
To congure the Windows Group policy, make sure you run ConsoleOne on the same platform that the policy will apply to, and then do the following: Display the properties of your User policy package. Specify the platform in the properties of User Policy Package dialog by selecting Policies > your operating system.
In ZENworks 6.5 Desktop Management SP1a or later you can only edit Windows Group policies from the Windows 2000 or Windows XP tab. This prevents accidentally distributing the wrong policy information to the workstation.
3.
x
4.
Enable the Windows Group policy by selecting Enabled next to Windows Group Policy. Display the properties of the Windows Group policy by selecting Properties.

The Properties dialog appears with the Windows Group Policies page displayed: Figure 5-11
Use this page to manage group policies. The following are the available conguration options: Table 5-9
Option Network location of existing/new Group Policies Edit Policies Description Use to specify the location of the Windows group policies.
Use to modify Windows group policies.

(continued)
Table 5-9
Option Import Policy
Description Allows you to import group policies from Active Directory. There are two import options:
Import Active Directory Group Policy. Lets you import all group policies in the Active Directory folder. If you select this option, in the Source Location eld specify the UNC path to the folder containing group policies created by Active Directory that you want to migrate to the directory listed in the Destination Location of Migrated Group Policies eld.
Import Security Settings File. Lets you import security settings from a le. If you select this option, in the Source Location eld specify the UNC path to the le containing the security settings that you want to migrate to the directory listed in the Destination Location of Migrated Group Policies eld.
Group Policies remain in effect on user logout
Use to force applied group policies to remain in effect on the workstation after the user logs out. This setting keeps the policy of the last logged in user. Only the settings contained in the registry.pol le are cached. This is roughly equivalent to the User Settings in the Group Policy editor with the exception of the logon/logoff scripts (they are stored in the Scripts folder under \User, and therefore not cached).

(continued)
Table 5-9
Option Cache User Conguration
Description This option causes the user conguration settings of each user's effective Windows Group policies to be stored in each user's local prole. When each user logs in locally, the user settings are read from the cached copy of the registry.pol in that user's prole and are applied. The only settings cached are those stored in the registry.pol le in the User folder. Other settings are not cached, including logon/logoff scripts, computer settings, and security settings. Caching user conguration settings is different than enabling the Group Policies Remain in Effect on User Logout option. The Group Policies Remain in Effect on User Logout option retains the group policy settings of the last logged-in user. The limitation with this approach is that any user who logs in locally (workstation only) receives the group policy settings of the last person who logged in to the network on that workstation. For example, if Administrator was the last user to log in to the network on a particular workstation, any subsequent local logins result in the user receiving Administrator's policy settings. To avoid this situation, you can enable the Cache User Conguration check box to allow each user's settings to be cached.

(continued)
Table 5-9
Option Applied Settings Types
Description Use to allow Windows users, computers, and security settings to be pushed with a user or workstation policy. You can congure the following settings types to be applied:
User Settings. Use to push settings under User Conguration with the group policy. Computer Settings. Use to push settings under Computer Conguration with the group policy. Security Settings. Use to push Windows security settings with the group policy
Before enabling the Cache User Conguration option, remember that users must have unique local user accounts. The Windows Group policy settings are cached in the local user's prole, so users with different effective Windows Group policies must have different local user accounts. Each user must have a prole on the computer in which to cache the settings. You can provide this prole by using local user accounts or by using dynamic local user (DLU) accounts; however, the account cannot be removed. If the DLU policy removes the local user account (either by a using a volatile user account or by using an expired cached volatile user account), the user cannot log in locally. Only the settings contained in the Registry.pol le are cached. This is roughly equivalent to the User Settings in the Group Policy editor with the exception of the logon/logoff scripts (they are stored in the Scripts folder under \User, and therefore not cached).

5-44
5.
You can modify the Windows group policy by selecting Edit Policies.
Version 1
6.
Close the Properties of Windows Group Policy by selecting OK.
You must save Windows Group policy settings to the server and associate the User package with a container, user, or user group. This pushes the Windows Group policy congurations to the user.

Objective 3
Identify Common Congurations Set Through User Policies

The following are common congurations set using User policy packages:
A standard workstation environment. Some organizations might want to establish and maintain a standard workstation environment for all users. A standard workstation environment includes standard workstation settings like Windows visual settings, wallpapers, screen savers, and application icons. This helps organizations make applications and services available to users in specic roles and enforce security. For example, Digital Airlines might want to make sure its marketing representatives have the company logo on their desktops. A User policy package helps you implement these standards from the administrator workstation instead of going to each user workstation. The standard environment you congure is always available, regardless of the workstation the user logs in to.
A workstation environment for users with special needs. You can implement a User policy package to establish a workstation environment for users with special needs. You can congure a policy within the User package to adjust the input and output device settings and even change the type of input device that can be accepted by Windows. This lets users with special needs use different workstations without manually reconguring each workstation. When they log in, the settings they need are pushed to the workstation. This reduces the time spent to congure workstations for users with special needs.

5-46
Version 1
A restricted workstation environment. A restricted workstation environment prevents users from making changes to specified settings, such as printer or control panel settings. You can congure a User policy package to set restrictions for the workstation environment by providing user access to only those applications that are required for users to perform their jobs.
An open access workstation environment for network administrators. This refers to an environment for network administrators that counteracts restrictions placed on users. To enable such an environment for network administrators, create a separate User policy package for your Admin object. Consider conguring a User policy package that removes all icons and the Start button from user desktops so users cant make changes to predened settings. Next, associate this policy package with your users container, which also contains your Admin object. If you do not have a separate policy package associated with the Admin object, you are locked out of your own workstation.

Exercise 5-1
Congure User Policies

In this exercise, you create a user package associated with Users.SLC.DA. You then implement user policies for user objects in the Users.SLC.DA container. You use the following Host computers and VMware virtual machines:
Figure 5-12
Do the following:

Part I: Create and Associate a User Policy Package Part II: Configure Desktop Policies Part III: Create and Implement a Windows Group Policy to Secure Windows XP Workstations Part IV: Verify that the User Policies Work Part V: Implement a Dynamic User Policy

Part I: Create and Associate a User Policy Package
Do the following:
1.
From your Host2 computer, make sure you are authenticated to DA-TREE as admin with a password of novell. From your Host2 computer desktop, start ConsoleOne. From ConsoleOne, browse to and select Policies.slc.da. From the ConsoleOne toolbar, select the Create Policy Package button (a package with a checkmark). A Policy Package Wizard dialog appears.
2. 3. 4.
5. 6.
Select User Package; then select Next. In the Policy Package Name field, enter SLC User Package; then select Next. A Summary page appears.
7.
Select Define additional properties; then select Finish. A Properties of SLC User Package dialog appears.
8. 9.
Select the Associations tab. Select Add.
10. Browse to and select Users.slc.da; then select OK. 11. Select Apply.
Part II: Congure Desktop Policies
Digital Airlines wants to dene a standard workstation color scheme for all Windows 2000 and Windows XP workstations. Do the following:

Version 1
1.
Select the Policies tab; then select Windows XP.
5-49
2.
To the left of the Windows Desktop Preferences entry, select the Enabled check box; then select Properties. A Properties of SLC User Package:Windows XP Desktop Preferences dialog appears.
3. 4.
Select the Desktop Preferences tab; then select Settings. Select Always update desktop settings on eDirectory authentication; then select Display. A Display Properties dialog appears.
5. 6. 7.
Select the Appearance tab. Select Color Scheme. From the Color Scheme drop-down list, select Rainy Day; then select OK. Select the Console button. A Console Properties dialog appears.
8.
9.
Select Console Colors. color icon.
10. Make sure that Screen Text is selected; then select the Black 11. Select Screen Background; then select the Gray color icon. 12. Save the changes by selecting OK twice.
Part III: Create and Implement a Windows Group Policy to Secure Windows XP Workstations
To prevent users from removing Windows components on Windows XP workstations, Digital Airlines wants to create and implement a Windows Group Policy to Secure Workstations by disabling the Add/Remove Windows Components option from the Control Panel.

Do the following:
1. 2.
Make sure that the Policies > Windows XP tab is selected. To the left of the Windows Group Policy entry, select the Enabled check box; then select Properties. A Properties of SLC User Package:Windows XP:Windows Group Policy dialog appears.
3.
In the Network Location of Existing/New Group Policies field, enter \\Da-zen\SYS\PUBLIC\UsrXP. You must use a UNC path. Do not use a mapped network drive letter.
4. 5.
Select Edit Policies. In the Group Policy dialog, browse to User Configuration > Administrative Templates > Control Panel > Add or Remove Programs. In the right pane of the dialog, right-click Hide Add/Remove Windows Components Page; then select Properties. A Hide Add/Remove Windows Components page Properties dialog appears.
6.
7. 8.
From the Setting tab, select Enabled; then select OK. From the left, select User Configuration > Administrative Templates > Control Panel > Display. To the right, right-click the Hide Desktop tab entry; then select the Properties link (to the left). The Hide Desktop tab Properties dialog appears.
9.
10. From the Setting tab, select Enabled; then select OK. 11. Close the Group Policy window. 12. Save the changes by selecting OK twice.

Version 1
Minimize ConsoleOne.
5-51
Part IV: Verify that the User Policies Work
To test the effects of the User policy package, do the following:

1.
(Conditional) If you are already logged in to the WS1 workstation, log out by selecting Start > Log Off > Log Off. From the WS1 workstation, log in with the Novell Client as CKent with a password of novell. Notice that the Rainy Day color scheme is applied (check the status bar at the bottom of the desktop).
2.
3. 4.
Select Start > Run. In the Open field, enter cmd; then select OK. Notice that the Console color scheme is applied (black letters on a grey background).
5. 6.
Close the console prompt window. Select Start > Control Panel; then select Add or Remove Programs. Notice that the Add/Remove Windows Components button (normally on the left) has been removed.
7. 8.
Close the Add or Remove Programs dialog. Close the Control Panel.
Part V: Implement a Dynamic User Policy
Digital Airlines has recently decided to implement Dynamic Local User (DLU) policies. This will prevent the Administrators from having to maintain user accounts on all of the workstations.

Do the following:
1.
Configure the DLU policy in your user package: a. b. c. From your Host2 computer in ConsoleOne, double-click SLC User Package.policies.slc.da. Select the Policies tab; then select Windows XP. To the left of Dynamic Local User, select the Enabled check box. A Properties of SLC User Package:Window XP Dynamic Local User dialog appears. e. Select the following check boxes:

d. Select Properties.
Enable Dynamic Local User Manage existing user account (if any) Use eDirectory credentials
f.
Deselect the Volatile user (Remove user after logout) check box.
g. In the Not member of list (bottom right), select Users. h. Select the Add button. i.
2.
Save the changes by selecting OK twice. Reboot your WS1 workstation (Start > Shut Down > Restart); then log in as CKent with a password of novell. Verify the user account was created by selecting Start > Control Panel > User Accounts. A Clark Kent limited user account is listed with password protection.
Test the configuration: a. b.
c.
Close all open windows.

Version 1
(End of Exercise)
5-53
Objective 4
Plan User Policy Package Deployment

To plan User policy package deployment, do the following:

Identify Possible Solutions to Meet Environment Needs Identify the Effect of a Policy on Associated Objects
Identify Possible Solutions to Meet Environment Needs

Organizational preferences, such as the software and hardware used, workstation look and feel, and user requirements, dene the environment where users operate. Different organizations operate in different environments. For example, the workstation environment in Digital Airlines requires the following:
A standard desktop environment that does not apply to users with special requirements or to the admin group An antivirus program, run every week A standard wallpaper for each department Access for Admin users to all workstations, while all other users must be restricted from the administrator workstation
Digital Airlines can implement a User policy package to meet these environmental requirements. The following are situations where you can implement a user policy package:
A standard workstation environment. The management in Digital Airlines wants the company logo to appear as a wallpaper on the screen of every computer in the organization. As a solution, you can use the Windows Group policy, the Windows Desktop Preferences policy, or the User Extensible policy.

5-54
Version 1
A workstation environment for users with special needs. A few users in Digital Airlines require customized settings for the keyboard and mouse. You can congure the Windows Desktop Preferences policy to use roaming proles.
Identify the Effect of a Policy on Associated Objects

The effect of a policy on an object depends on where the policy is applied. User policies that are part of a package associated at lower levels override policies that are part of packages associated at higher levels. Also, User policy packages associated with a user override User policy packages associated with groups the user is a member of, as in the following: Figure 5-13
SLC CORPORATE
UP_Corporate Windows Desktop Preferences
DBUSERS PMA Admin Susan Nancy Jason Admin UP_PMA SusanWS UP_PMA
Dynamic Local User
Dynamic Local User
Effective Policies for PMA UP_Corporate Windows Desktop Preferences
Dynamic Local User

Version 1
DEVWS
5-55
For example, suppose the corporate ofce of Digital Airlines plans to give login permissions to all project managers and administrators. They should be able to log in to any workstation without the workstation password. Other members of the department must have access to only their own workstations. Project managers also want customized desktop settings to appear, regardless of the workstation they log in from. You need to congure these customized desktop settings for all other members in the corporate ofce group. To meet these requirements, you create a User policy package with the roaming prole and dynamic local user login restrictions congured. This package is associated with the Corporate container in eDirectory. You need to create a separate user group for project managers and associate another User policy package with the Dynamic User policy. The User policy package associated with the project managers user group allows project managers to log in to other workstations. Similarly, if you want a separate workstation environment for a group of people, you can create a user group and associate the corresponding policy with it.

Summary
The following is a summary of the objectives:
Objective
1. Create and Associate a User Policy Package
What You Learned To customize a workstation environment, you associate a User policy package in eDirectory with a user or container object. To do this, you need to know how to do the following:

Create a User policy package Associate the User policy package
2. Enable and Congure User Package Policies
Before conguring policies in a User package, you need to understand the various types of policies and their functions. You can enable and congure the following user policies to customize the workstation environment:

Dynamic Local User policy Novell iPrint policy Remote Control policy Scheduled Action policy User Extensible policy Windows Desktop Preferences policy Windows Group policy
3. Identify Common Congurations Set Through User Policies
The following are common congurations set with user policies:

A standard workstation environment A workstation environment for users with special needs A restricted workstation environment An open access workstation environment for network administrators

Version 1
5-57
Objective
4. Plan User Policy Package Deployment
What You Learned To plan User policy package deployment, you need to do the following:
Identify possible solutions to meet environment needs. Organizational preferences, such as the software and hardware used, workstation look and feel, and user requirements, dene the environment where users operate. Different organizations operate in different environments.
Identify the effect of a policy on associated objects. The effect of a policy on an object depends on where the policy is applied. User policies that are part of a package associated at lower levels override policies that are part of packages associated at higher levels.

Implement Workstation Package Policies
SECTION 6
In this section, you learn to implement Workstation package
policies.
Objectives
1. 2. 3.
Create and Associate a Workstation Policy Package Enable and Configure Workstation Package Policies Plan Workstation Package Deployment

Introduction
ZENworks provides Workstation package policies that let you secure, congure, and maintain workstations. These workstation policies are stored in a Workstation policy package. Workstation policy packages help you manage workstation functions such as managing workstations from remote locations, installing printers, customizing workstations, and imaging workstations. To ensure effective workstation policy use, you can associate workstation packages with workstations, workstation groups, and container objects. This provides a great deal of exibility. Workstation policies differ from user policies in their application. Workstation policies apply to workstations; user policies apply to users, regardless of the workstation a user logs in to.
For complete information on Workstation package policies, refer to Setting Up User and Workstation Package Policies on page 135 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Objective 1
Create and Associate a Workstation Policy Package

To customize a workstation environment, you need to have a Workstation package in eDirectory associated with a workstation object or a container object. To implement a Workstation policy package, you need to know how to do the following:

Create a Workstation Policy Package Associate the Workstation Policy Package
Create a Workstation Policy Package

To create a workstation package, do the following:
1.
From ConsoleOne, browse to the container where you want to create a Workstation policy package by expanding the tree. Start the Policy Package wizard by right-clicking the container and selecting New > Policy Package. View the list of policies in the Workstation policy package by selecting Workstation Package in the left pane.
2.
3.

4. 5. 6. 7.
Select Next. In the Policy Package Name field, enter a package name. Continue creating the package by selecting Next. Finish creating the package by selecting Finish.
Associate the Workstation Policy Package

To associate the Workstation policy package, do the following:
1.
View the properties of the Workstation policy package.

The Policies page in the Properties dialog appears: Figure 6-2
The following are the Policy tab pages and a description of each: Table 6-1
Page General Description Use to see policies that apply to all platforms. You can congure the same policy on a specic platform page. Use to congure policies for Windows 98 workstations. Use to congure policies for Windows NT/2000/XP workstations. Use this page if you dont want to treat Windows NT/2000/XP workstations as separate platforms.
Windows 9x
Windows NT-2000-XP

(continued)
Table 6-1
Page Windows NT
Description Use to congure policies for Windows NT workstations. These policies apply only to workstations upgraded to ZENworks for Desktops 4 or later. Use to congure policies for Windows 2000 workstations. These policies apply only to workstations upgraded to ZENworks for Desktops 4 or later. Use to congure policies for Windows XP workstations. These policies apply only to workstations upgraded to ZENworks for Desktops 4 or later.
Windows 2000
Windows XP
2.
To associate the Workstation policy package with an object, do the following: a. b. c. From the properties dialog, select the Associations tab. Select Add. Select the object you want to associate your Workstation policy package with; then select OK.
3.

Objective 2
Enable and Congure Workstation Package Policies

You can enable and congure Workstation package policies for Windows 98/NT/2000/XP workstations. The Workstation policy package provides separate conguration pages for these platforms. Policies congured on a specic platform page override policies congured on the General page. You can congure the following:

Computer Extensible Policy Novell iPrint Policy Remote Control Policy Scheduled Action Policy Windows Group Policy Workstation Imaging Policy Workstation Inventory Policy ZENworks Desktop Management Agent Policy
Computer Extensible Policy

You use the Computer Extensible policy to congure user-dened policies using the ADM les for workstation objects and to customize workstations for specic business practices. This policy is identical to the User Extensible policy in the User package, except that this policy applies to workstation objects. As with User Extensible policies, Computer Extensible policies are used for Windows 98 workstations and NT workstations. Use the Windows Group policy for Windows 2000/XP workstations.

Version 1
6-7
To congure the Computer Extensible policy, do the following:

1. 2. 3.
View the Properties page of a Workstation policy package. Specify the platform by selecting Policies > operating system. Enable the Computer Extensible policy by selecting Enabled next to Computer Extensible Policies. View the Properties dialog by selecting Properties. The Properties dialog appears with the Computer Extensible Policies page displayed:
4.
Figure 6-3
5.
View the attributes of your ADM file in the Policies box by selecting the le in the ADM files list box. Configure your ADM file attributes. Copy the settings to eDirectory by selecting Apply. Close the properties dialog by selecting Close; then select OK.
6. 7.

6-8
Version 1
Novell iPrint Policy

You use the Novell iPrint policy to install the iPrint client on workstations to enable them to print to iPrint printers. This policy lets you specify the path for the iPrint client setup le and the iPrint printers you want to print to. You can congure the Novell iPrint policy for all Windows platforms. This policy is similar to the Novell iPrint policy in User packages except it applies to workstation objects. If you congure the Novell iPrint policy in a Workstation package and associate the package with a workstation, any user logging in to that workstation can print to a printer congured in the Novell iPrint policy. You must also install the ZENworks Management agent on each desktop where you want to run the iPrint client. It will not run on a desktop that uses only the Novell Client.
Remote Control Policy

You use the Remote Control policy to set parameters to perform remote management operations on a managed workstation.
This policy is covered in detail in Section 14, Congure Remote Management Policies on 14-14.
Scheduled Action Policy

The Scheduled Action policy sets up schedules for specic actions that you specify. As many as 15 items can be placed in an action.
VIEW ONLY The Scheduled Action policy is available in both the User package and in the Workstation package. NO PRINTING ALLOWED
When you congure the Scheduled Action policy in a User package, the policy applies to all associated users regardless of the workstation they use. When you congure the Scheduled Action policy in a Workstation package, the policy applies to all users who log in to an associated workstation. The Scheduled Action policy is a plural policy, meaning it can be added many times to the policy package. Plural policies let you have multiple instances of the same policy type within the same policy package. Because you can have several different actions that you might want to run on different schedules, when you add a Scheduled Action policy to the policy package you should name it to reect the action being scheduled. The Scheduled Action policy is available for each of the platform pages.
Because scheduled actions do not apply to Terminal Server sessions, the Add button has been disabled on the Windows 2000-2003 Terminal Server, Windows 2000 Terminal Server, and Windows 2003 Terminal Server platform pages. Only those policies that are run before the Terminal Server's desktop is started apply to Terminal Server sessions.
Windows Group Policy

You use the Windows Group policy to congure and restrict desktop settings for Windows 2000 and XP workstations.

6-10
The Windows environment lets you congure multiple group policies that can apply to users, workstations, and groups.
Version 1
This policy replaces the Computer Extensible policies for Windows 2000 and Windows XP workstations. This policy is similar to the Windows Group policy in the User package except it applies to workstation objects. By default, the Windows Group policy applies to the user or workstation, depending on the location of the user and workstation objects in eDirectory. Also by default, user policies take precedence over workstation policies. However, you can use the group policy loopback feature to change the policy preference. By default the loopback feature is turned off, meaning user policies take precedence. However, if you turn loopback on, you can congure the following: Table 6-2
Options Apply Workstation's Policy Settings Last (Merge Mode) Effect Select to apply user policy settings rst and then Workstation policy settings. This lets you apply user settings but override conicting settings with workstation settings. If a user setting does not conict, it remains in effect.
Don't Apply Select to ignore all user policy settings; Workstation User's Policy policy settings are applied. Settings (Replace Mode)
Workstation Imaging Policy

You use the Workstation Imaging policy to dene imaging work and control the imaging process for a workstation.

This policy is covered in detail in Section 13, Congure Imaging Policies on 13-70.
Workstation Inventory Policy

You use the Workstation Inventory policy to congure the inventory scan process and where the inventory scanner output is sent.
This policy is covered in detail in Section 15, Congure Workstation Inventory Policies on 15-41.
ZENworks Desktop Management Agent Policy

You use the ZENworks Desktop Management Agent policy to congure the properties of ZENworks Management agent software. The following components of the agent can be congured through the policy:
Middle tier connectivity. You can control the IP address that the workstation uses to communicate with the Middle Tier server. Workstation Manager Agent. This agent is responsible for applying your policies and logging in as the workstation object.
The Desktop Management Agent policy also lets you congure the dynamic local user volatile caching behavior. To use the Desktop Management Agent policy, you must have the agent installed on the workstations.

You can congure the Desktop Management Agent policy separately for all platforms. You can congure it on the General page or on individual platform pages. To congure the Desktop Management Agent policy, do the following:
1. 2.
Display the properties of a Workstation policy package. Specify the platform in the Properties of Workstation Package dialog by selecting Policies > operating system. Enable this policy by selecting Enabled next to ZENworks for Desktop Management Agent Policy. View the properties of the management agent policy by selecting Properties. The Properties dialog appears with the Settings page displayed:
3.
4.
Figure 6-4


Option DNS Name or IP Address of the ZENworks Middle Tier Server Description Specify the DNS name or IP address of the Middle Tier server. The DNS name or IP address you specify in this location identies the access point that all Desktop Management components (Workstation Inventory, Workstation Management, Application Management, and Remote Management) use to function outside of the rewall. Only non-blank values are passed on to the associated workstations. If you leave the DNS Name or IP Address of the Middle Tier server eld blank, this setting is not affected on the associated workstations. If you change the DNS name or IP address in this location, this setting is applied to all associated workstations the next time they start up. eDirectory Refresh Rate (Minutes) Display ZENworks Authentication Dialog Use to set how often the agent looks for updated information in eDirectory, such as new or edited policies. Use to specify whether you want the Authentication dialog to display during startup.

(continued)
Table 6-3
Option Allow Users to Change ZENworks Middle Tier Server Address on Authentication Dialog Resident Workstation Welcome Bitmap
Description Use to change the Middle Tier server address to point to another Middle Tier server. If this box is marked, users can click Options on the authentication dialog and enter another Middle Tier servers address.
Use to specify the name of the bitmap le that appears on the Welcome screen when you start Windows 2000/XP. You can specify any le in the associated workstations Windows 2000/XP directory. Leave this eld blank if you do not want to use a bitmap. Use to specify the text that appears in the header on the Welcome screen when you start Windows 2000/XP. Use to specify the name of the bitmap le that appears in the login window.
Welcome Caption
Login Window Bitmap

(continued)
Table 6-3
Option Enable Volatile User Cache
Description Use to enable volatile user cache. This option allows volatile user information that is previously cached on a workstation to remain on the workstation for a specied period. As a result, volatile users are not created or removed at every login or logout. The Dynamic Local User policy congures users after they are authenticated to eDirectory. The cache makes it possible for a user to continue using the workstation even when the workstation is disconnected from the network and the user is not a registered user on the workstation.
Cache Volatile User time Period (Days)
Use to select how often you want to remove volatile user information. When the time limit expires, all volatile user information is removed from the workstation.
5.

Exercise 6-1
Congure Workstation Policies

In this exercise, you create a Workstation policy package and associate it with the Workstations.slc.da container. You then implement workstation policies for workstation objects in Workstations.slc.da container. You use the following Host computers and VMware virtual machines:
Figure 6-5
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Create and Associate a Workstation Policy Package Part II: Configure Middle Tier Server Login Part III: Create a Windows XP Group Policy to Display an Alert Part IV: Verify That the Workstation Policy Packages Work

Version 1
6-17
Part I: Create and Associate a Workstation Policy Package
Do the following;
1.
From your Host2 computer, make sure you are logged in to DA-TREE as admin with a password of novell. From your Host2 computer in ConsoleOne, right-click Policies.slc.da. Select New > Policy Package. A Policy Package Wizard dialog appears.
2.
3.
4. 5.
Select Workstation Package; then select Next. In the Policy Package Name field, enter SLC Workstation Package; then select Next. A Summary page appears.
6.
Select Define additional properties; then select Finish. A Properties of SLC Workstation Package dialog appears.
7. 8.
Make sure that the Policies > General tab page is selected. Select Edit. An Edit Policy Package Schedule dialog appears.
9.
From the Policy schedule type drop-down list, select Event; then select OK.
10. Select the Associations tab. 11. Select Add. 12. Browse to and select Workstations.slc.da; then select OK. 13. Select Apply.

Part II: Congure Middle Tier Server Login
Digital Airlines wants to allow users to change the Middle Tier Server they log in to. To congure the ZENworks Desktop Management agent policy to allow this, do the following:
1. 2.
Select the Policies > Windows XP tab page. Enable the ZENworks Desktop Management Agent Policy; then select Properties. A Properties of SLC Workstation Package:Windows XP:ZENworks Desktop Management dialog appears.
3.
Under the Login Settings heading (middle of the dialog page), select Display ZENworks authentication dialog. Select Allow users to change ZENworks Middle Tier server address on authentication dialog. In the Welcome caption (Windows NT/2000/XP only) field, enter Welcome to Digital Airlines; then select OK.
4.
5.
Part III: Create a Windows XP Group Policy to Display an Alert
To help prevent unauthorized users from logging into Digital Airlines Windows XP workstations, Digital Airlines wants to create and implement a Windows Group Policy to display an alert on the workstations. Do the following:
1. 2. 3.
Make sure the Policies > Windows XP tab page is selected. Select Windows Group Policy; then select Properties. In the Network Location of Existing/New Group Policies field, enter \\DA-ZEN\Sys\Public\WSXP.

Version 1
6-19
x
4. 5.
You must use a UNC path. Do not use a mapped network drive letter.
Select Edit Policies. A Group Policy dialog appears. In the Group Policy dialog, select Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options. In the right pane, right-click Interactive logon: Message title for users attempting to log on; then select Properties. A properties dialog appears.
6.
7. 8. 9.
In the Local Security Setting field, enter Alert!. Select OK. In the right pane, right-click Interactive logon: Message text for users attempting to log on; then select Properties. A properties dialog appears.
10. In the Local Policy Setting field, enter This workstation is for
Digital Airlines Authorized Personnel only.

11. Select OK. 12. Close the Group Policy dialog.
You are returned to the Properties of SLC Workstation Package:Windows XP:Windows Group Policy dialog.
13. Under the Applied Settings Types heading, select the Security
Settings check box.

14. Save the changes by selecting OK twice. 15. Close ConsoleOne.

Part IV: Verify That the Workstation Policy Packages Work
Do the following:
1.
Shut down the WS1 workstation; then start it again from VMware Workstation by selecting Start this virtual machine. An Alert dialog box appears indicating that this workstation is for Digital Airlines authorized personnel only.
x
2. 3.
If the Alert dialog box does not appear, try shutting down the WS1 workstation again.
Continue by selecting OK. The Novell Client 4.91 login dialog appears. Log in as CKent with a password of novell. The WS1 workstation desktop appears.
4.
Shut down the WS2 workstation; then start it again from VMware Workstation by selecting Start this virtual machine An Alert dialog box appears indicating that this workstation is for Digital Airlines authorized personnel only.
x
5. 6.
If the Alert dialog box does not appear, try shutting down the WS2 workstation again.
Continue by selecting OK. The ZENworks Desktop Management login dialog appears. Log in as BWayne with a password of novell. The WS2 workstation desktop appears.

Version 1
(End of Exercise)
6-21
Objective 3
Plan Workstation Package Deployment

Before you implement workstation policies in your environment, you must plan the deployment. Each organization has a unique environment. As such, organization preferences, such as the software and hardware used, workstation security, and maintenance, dene the environment where users operate. For example, the workstation environment in Digital Airlines has specications to apply standards such as common desktop settings (such as wallpaper, screen saver, appearance, and visual settings). It also has specications for settings such as password length and le and printer sharing. Digital Airlines also has other specications, such as enabling easy maintenance of workstations and warning users not to log in to other workstations. The following are sample situations when Digital Airlines can implement workstation package policies:
Security. Digital Airlines plans to restrict users from changing the desktop settings. Only the administrators group will have permissions to change these settings. The workstations in the HR department need to display a log in banner that warns users from other departments from logging in to the HR department workstations. As a solution, you can use the Computer Extensible policy and the Windows Group policy to secure the desktop and display a log in banner for the workstations in the HR department. The log in banner will have the caption Attention!!! and the text Only users in the HR department are authorized to log in from this workstation.

6-22
Version 1
Configuration. Digital Airlines wants all departments within the organization to display the quality statement of the organization on the desktop. To display the quality statement of the organization on the desktop, you can use the Windows Group policy or the Computer Extensible policy. Digital Airlines also plans to provide a standard workstation environment based on the requirements of the corporate ofce in Salt Lake City. In addition to the standard workstation environment, the corporate ofce also requires the antivirus program to run daily on each workstation. To provide a standard workstation environment, use the Windows Group policy or the Computer Extensible policy. To run the antivirus program daily on each workstation, use the Scheduled Action policy. Digital Airlines also plans to congure workstations to download the correct printer drivers for the CS container in the SLC container. As a result, any user who logs in to a workstation in that container can print to the nearest printer. To congure workstations to download the correct printer drivers, use the Novell iPrint policy.
Maintenance. The IS department at SLC helps maintain workstations across departments. To enable the IS department users to maintain workstations, you can congure the IS department workstations to remotely control managed workstations. You can congure the Remote Control policy and associate it with IS in SLC.

Version 1
You can also use the Workstation Imaging policy to repair faulty workstations by restoring the workstation to its original state, if required.
6-23
You maintain a network by knowing what software and hardware is on the network. You can use the Workstation Inventory policy to gather software and hardware information of workstations on the network. The effect of the policy on an object depends on the level at which the policy is implemented. A Workstation package policy associated at a lower level in eDirectory overrides a policy associated at higher levels. The effect of a policy in a User policy package overrides the effect of the same policy in the Workstation policy package because user policies are applied rst.

Exercise 6-2
Create an iPrint Policy in the SLC Workstation Package to Distribute Your iPrint Printer
Digital Airlines has recently implemented iPrint. The organization needs to use ZENworks to deploy the iPrint client and printers to its users. You use the following Host computers and VMware virtual machines to create a Novell iPrint policy and use it to distribute the iPrint client and printer:
Figure 6-6
WS2 WinXP Pro XP2 10.200.200.12
Do the following:
1.
Prepare the iPrint client (silent install version): a. From your DA-ZEN server desktop, open Konqueror as the root user by pressing Alt+F2; then enter kdesu konqueror and select Run. A Run as root login dialog appears.

Version 1
6-25
b. c.
Enter the root user password of n0v3ll; then select OK. A Konqueror window appears. In the Location eld (top of the window), enter the following: /usr/novell/sys/LOGIN Because you are in a Linux operating system, the characters are case-sensitive. The contents of the LOGIN folder are displayed.
d. Right-click in the window and select Create New > Folder. e. f. For the folder name, enter iPrint; then select OK. An iPrint folder appears in the LOGIN directory. In the Location eld, enter the following: /var/opt/novell/iprint/htdocs g. From the listed iPrint les, hold down the Ctrl key; then select the iprint.ini and nipp-s.exe les. h. Right-click either selected le; then select Copy. i. j. From the Location eld drop-down list, select le:/usr/novell/sys/LOGIN. Open the iPrint folder; then right-click in the window and select Paste. The iprint.ini and nipp_s.exe les are copied to the iPrint folder. k. Close the Konqueror window.
2.
Configure the iPrint policy in your user package: a. From your Host2 computer using the Novell client, make sure you are logged in to DA-TREE as admin with a password of novell. From the Host2 computer desktop, open ConsoleOne. Browse to and double-click the SLC Workstation Package.Policies.slc.da object.
b.

6-26
c.
Version 1
A Properties of SLC Workstation Package dialog appears. d. Select the Policies > Windows XP tab page. e. f. Enable the Novell iPrint Policy entry. Select Properties. The Properties of SLC Workstation Package:Windows-XP:Novell iPrint Policy dialog appears. g. Make sure that the Novell iPrint Policy > Client Install tab page is displayed. h. In the Path to the Novell iPrint Client Install eld, browse to and select \\DA-ZEN\SYS\LOGIN\iPrint\nipp-s.exe. i. j. From the Language eld drop-down list, select your language. In the Version eld, make sure 1 is entered

k. Select the following options: Re-Install Client if Higher Version Force Reboot
l.
Select the Novell iPrint Policy > Settings tab page.
m. Select Add. n. Browse to and select HPDJ_SLC.Printers.slc.da; then select OK. o. Highlight HPDJ_SLC.Printers.slc.da; then select Set as Default. p. Select the Policy Schedule tab. q. From the Policy Schedule Type drop-down list, select Event. r. s. t. From the Run this policy when the following event happens drop-down list, select User Login. Save the changes by selecting OK twice. Close ConsoleOne.

3.
Verify that the Print Manager and Driver Store services are running on DA-ZEN: Before an iPrint printer can be installed on a workstation, the iPrint Manager and Driver Store services need to be running on the iPrint server. Although these services (and the corresponding eDirectory objects) have already been installed and congured for you on DA-ZEN, its important that you check to make sure they are running. If the services are not running, the iPrint client will still install, but the iPrint printer will not. To verify that the services are running, do the following: a. b. From the DA-ZEN desktop, open a terminal window (the monitor with a seashell icon). From the terminal window prompt (also called the shell prompt), switch to the root user by entering su - and a password of n0v3ll. Verify that the Driver Store service is running by entering the following: rcnovell-idsd status You should see a message indicating that idsd is running. d. (Conditional) If the Driver Store service is not running, enter the following: rcnovell-idsd start e. Stop the Print Manager service by entering the following: rcnovell-ipsmd stop A message indicates that the stop failed. You can ignore the message and continue.
c.

x
f.
We only stop the Print Manager for the purposes of completing the exercise successfully. In a production environment where you already have iPrint running on a Linux server, you do not need to stop the Print Manager.
Start the iPrint Manager service by entering the following: rcnovell-ipsmd start You should see a message indicating that the print manager is running.
g. When you nish, close the terminal window by entering exit twice.
4.
Verify that the Novell iPrint Policy works: a. b. c. Restart the WS1 virtual workstation. An Alert dialog appears. Continue by selecting OK. The Novell Client login dialog appears. Log in as CKent with a password of novell. After login, the iPrint Client is installed in the background. d. (Conditional) If a message appears indicating that the software has not passed Windows Logo testing, select Continue Anyway. When complete, your workstation should automatically reboot. This can take several minutes. e. f. When the workstation has rebooted, log in as CKent with a password of novell. Verify the iPrint Client is installed by select Start > Control Panel and selecting Add or Remove Programs. A Novell iPrint Client entry is displayed.

Version 1
g. Close the Add or Remove Programs dialog; then close the Control Panel dialog.
6-29
h. Verify that the HPDJ_SLC printer installed by selecting Start > Printers and Faxes. An HPDJ_SLC printer icon is listed in the Printers and Faxes dialog.
x
i. j.
If the printer is not listed, check to make sure that the iPrint Manager and iPrint Driver Store services are running on the DA-ZEN server (enter rcnovell-ipsmd status and rcnovell-idsd status). If either service is not running, start the service again (see Step 3); then restart WS1 to have the printer installed automatically. Repeat Step 4h to verify that the printer is installed.
Close the Printers and Faxes dialog. Restart the WS2 virtual workstation. An Alert dialog appears.
k. Continue by selecting OK. The ZENworks Desktop Management login dialog appears. l. Log in as BWayne with a password of novell. After login, the iPrint Client is installed in the background. When complete, your workstation should automatically reboot. This can take several minutes. m. When the workstation has rebooted, log in as BWayne with a password of novell. n. Verify the iPrint Client is installed by select Start > Control Panel and selecting Add or Remove programs. A Novell iPrint Client entry is displayed. o. Close the Add or Remove Programs dialog; then close the Control Panel dialog.

6-30
p. Verify that the HPDJ_SLC printer installed by selecting Start > Printers and Faxes.
Version 1
An HPDJ_SLC printer icon is listed in the Printers and Faxes dialog. q. Close the Printers and Faxes dialog.
(End of Exercise)

Summary
Objective
1. Create and
Associate a Workstation Policy Package
What You Learned To customize a workstation environment, you need to have a Workstation policy package in eDirectory associated with a workstation object or a container object. To implement a Workstation policy package, you need to know how to do the following:

Create a Workstation policy package Associate the Workstation policy package
2. Enable and
Congure Workstation Package Policies
You can enable and congure Workstation package policies for Windows 98/NT/2000/XP workstations. The Workstation policy package provides separate conguration pages for these platforms. Policies congured on a specic platform page override policies congured on the General page. You can congure the following:

Computer Extensible policy Novell iPrint policy Remote Control policy Scheduled Action policy Windows Group policy Workstation Imaging policy Workstation Inventory policy ZENworks Desktops Management Agent policy

Objective
3. Plan Workstation
Package Deployment
What You Learned Before you implementing Workstation package policies in your environment, you must plan the deployment. Each organization has a unique environment. As such, organization preferences, such as the software and hardware used, workstation security, and maintenance, dene the environment where users operate.


Introduction to ZENworks Application Management
SECTION 7
In this section, you learn about application management, the components that let you perform application management, and the views provided by Novell Application Launcher.
Objectives
1. 2. 3. 4. 5.
Describe How Application Management Works Identify Application Management Tasks Identify Application Management Components Describe Novell Application Launcher Components Configure Novell Application Launcher

Introduction
Application management includes routine tasks, such as application delivery and repairing applications on workstations. By efciently automating and managing applications on your network, you reduce the time spent in technical support. Using ZENworks, you can automate these routine tasks by using eDirectory to create, customize, and deliver critical applications to users. Applications in eDirectory are represented as application objects. You can customize the application objects the same way as you customize other objects in eDirectory. For example, you can control the availability of an application or make it fault tolerant by customizing the corresponding application object in eDirectory. In addition, you can ensure those applications are available whenever and wherever your users need them.

Objective 1
Describe How Application Management Works

To describe how ZENworks application management works, you need to know the following:

How Applications are Delivered through ZENworks Application Management Features
How Applications are Delivered through ZENworks

ZENworks leverages eDirectory to distribute applications to users and workstations by using application objects. After application objects are created, you can associate them with user and workstation objects in your tree. After the objects are associated, ZENworks delivers them to your users and workstations, regardless of their location. To accomplish this, ZENworks can use any of the access methods discussed in Section 1, Evaluate ZENworks Desktop Management Access Methods on 1-67. If you want users to be able to access their applications from outside of the rewall, you need a ZENworks Middle Tier server in the DMZ.

The following processes occur through the Middle Tier server when distributing applications for users outside the rewall: Figure 7-1
1
DMZ
F I R E WA L L
F I R E WA L L
2
NCP NCP
HTTP(S) Ports 80 & 443
3
NCP NCP
1.
The workstation establishes an HTTP connection through the corporate Internet firewall at port 80 and port 443 to a server where ZENworks Middle Tier server is installed. The Middle Tier server establishes an NCP connection to the ZENworks back end server, which can be in another eDirectory tree. Policies and applications behind the firewall are pushed to workstations through the same series of connections.
2.
3.
The following process occurs through the Novell Client if the user is inside the rewall: a. b. A workstation behind the rewall establishes an NCP connection with the ZENworks server. The ZENworks server establishes an NCP connection and pushes policies and applications to users and workstations.

7-4
Version 1
Application Management Features

To understand how you can use ZENworks for managing and distributing applications, you need to know something about the following ZENworks features:

Administrative Features User Features
Administrative Features
ZENworks offers the following administrative features:
Single-point administration. This lets you centrally control network applications by using ConsoleOne as your management tool. Push-and-pull software distribution to workstations. This gives you flexibility in how you distribute software to workstations. Push distribution is used when specic software, such as an operating system patch or a client update, must reside on a workstation. The push distribution of any software does not require user intervention. This is referred to as a forced run. Push distribution is useful when you want an application to run on a users workstation at login. The application can be automatically installed and run at login. Pull distribution places an application icon on the users desktop. The icon represents an application object in eDirectory. When a user launches this application, one of the following occurs:
The application installs on the workstation as congured in the eDirectory application object. The executable launches from the path to the executable le specied in the eDirectory application object.

Version 1
7-5
This executable is stored on the network by default. It can be executed by using either a mapped drive or a UNC path.
The application installs les and Registry changes and launches an executable le. (An application object can perform installation and program launch functions.)
Application caching. This lets users install, run, and verify (repair) applications even when they are not authenticated. This is done by creating a cache directory on the workstation for the application. For example, if the network administrator of Digital Airlines wants to allow employees to repair applications without having to connect to eDirectory, the administrator can enable application caching.
Application uninstall. This lets you delete all files, INI entries, and Registry entries associated with an application, including MSI-based applications. Shared DLL references are observed. For example, suppose the network administrator of Digital Airlines is in charge of 400 workstations. Of these, 100 are used by college interns during summer vacation. After the interns leave Digital Airlines, the Application Uninstall feature lets you uninstall the applications efciently.
Location-independent access to applications. This lets users access the same applications, although the application files are stored on different servers. Application fault tolerance. This lets users access an application even if the primary server is not available. Suppose a user in Digital Airlines attempts to launch Ofce XP but the primary Ofce XP server is unavailable because the server is down. Using fault tolerance, the application can be automatically launched from another server.

Application fault tolerance and load balancing services should not be accessed over a WAN.
Application load balancing. This helps you ensure that application servers are not overused. This is done by placing a copy of the application on more than one server. When a user requests an application, Application Launcher assigns a random number to the request. This number determines the copy of applications that the user accesses. For example, suppose all Digital Airlines users check email at the same time in the morning. Application Launcher launches an alternate copy of the email application stored on a different server to accommodate the additional user load.
Rights assignments through applications. You can verify the effective rights of the user object for the application through eDirectory. Lights-out distribution. This lets you set up the installation or update of applications to occur after normal work hours. This ensures that there is minimal impact on your users. For example, suppose you want an installation to take place after work hours. Using Application Launcher, you can set the installation to occur in the evening. Most les are copied during the scheduled time. When users log in, the remaining user-specic les are copied.
Advanced scripts support. ZENworks Desktop Management lets you use distribution and launch scripts that are not limited to login script syntax. Instead, the script is saved as a text le with the extension you specify and then executed by the script engine you specify. This lets you create scripts in your favorite scripting language, such as VBScript, and perform advanced scripting functions.

Version 1
7-7
MSI patching and repair. This lets you define patches to be applied during the distribution process. It also lets you specify the actions (reinstalling all files or reinstalling old files) that occur when a user verifies (repairs) an MSI application. Random refresh. This lets you reduce network trafc (generated when Application Launcher reads eDirectory) during peak hours, such as the morning login period. This feature instructs Application Launcher to retrieve its application information from the users cache directory during startup and refresh the information from eDirectory later.
Rogue process management. This lets you discover, report, and stop application processes that were not launched by Application Launcher. This is similar to the policy option to run only allowed applications. Rogue process management is tracked by Application Launcher instead of being tracked by Windows. Regardless of the applications listed as included, any application delivered through Application Launcher will run.
User interface replacement. This lets you completely replace the user interface (such as the Windows desktop) with Application Launcher. You can customize your environment to give users a common interface. Application Launcher Diagnostics Tool (NALDIAG). This lets you view Application Launcher configuration, user-associated applications (and their properties), and workstation-associated applications (and their properties). The Debug utility even takes into account the system requirements and other attributes of an application that can prevent the application from launching. In addition, information about caching is also given for troubleshooting. And you can use this screen to enable debug logging when required by Novell Technical Support.

7-8
Version 1
Extension mapping. This lets you specify a document, such as a .PPT file, as the path to the executable. As a result, when the user launches this application from Application Launcher, Application Launcher identies the associated Windows application, launches the application, and then opens the le.
User Features
In addition to the features provided to the network administrator, Application Launcher provides the following:
Application software distribution. This lets users see any application that is associated to them anywhere they have access to the network. When a user double clicks the application the rst time, the application can be congured to automatically install, and then launch.
Roaming-prole support. This lets a user use any workstation and retain a unique, customized desktop and access rights. Application Launcher supports roaming proles by detecting a users prole. Application Launcher downloads the components to run the Application Launcher-delivered applications associated with an eDirectory object. Prole management is handled by eDirectory.
Automatic detection of how the user is connected. This allows users to access distributed applications using the following modes:
Local. Used by Application Launcher when it is connected to eDirectory through a fast connection, such as a LAN connection. Remote. Used by Application Launcher when it is connected to eDirectory through a slow connection, such as a modem connection.

Version 1
7-9
Disconnected. Used by Application Launcher to allow users to maintain access to directory applications while not being connected to the network. This is achieved by installing (or caching) the application on the workstation.
Self-healing applications. This allows users to repair applications that are missing files by right-clicking the application object and selecting Verify. When activated, Verify compares les, Registry entries, and other settings on the local hard drive with those stored in the application object and then pushes the missing les or Registry changes to the workstation. For example, if a Digital Airlines user deletes program les associated with an Application Launcher-delivered application, the user can right-click that application icon and select Verify. The original application les and conguration settings are restored, and you are saved a help request.
If you use Verify, application settings stored in the Registry or in les distributed by the application installation revert to the original installation. You might need to recongure the application for individual preferences.
Multiple user interfaces. ZENworks provides three different user interfaces that let users access their applications in the way that makes the most sense to them. These user interfaces are covered in detail later in this section.
Checkpoint restart. This gives users an estimate of the time to download a standard application during distribution and lets users postpone an in-progress download. When a user resumes a postponed download, Application Launcher/Explorer resumes the download at the point it discontinued instead of starting from the beginning.

7-10
Version 1
This feature is enabled by default when Application Launcher detects that the user is using application management in remote mode. You can disable this feature through Application Launcher conguration. These features combine to improve the users everyday job by ensuring that they have access to their applications, regardless of location or connectivity.

Objective 2
Identify Application Management Tasks

Common application management tasks include the following:
Packaging software for distribution. ZENworks provides the ability to repackage applications so that they can be easily distributed using the Novell Application Launcher. You can use one of the following 2 methods to package applications:
snAppShot. The rst method is to use the ZENworks snAppShot utility. This tool repackages the application in native ZENworks format (AOT/AXT). AdminStudio. The second method for repackaging applications is by using the AdminStudio repackager tool. This tool repackages the application as a Windows installer package (MSI) that can be distributed with ZENworks.
Packaging software for distribution is covered in the next section.
Creating application objects. This task lets you manage applications. An application object is an eDirectory object that represents an application. These objects let you use eDirectory to congure and distribute applications to users on a wide scale, without leaving your location. To distribute an application to a workstation, you create application objects.
Distributing applications. This task involves distributing or installing applications on workstations. Applications can be distributed through Application Launcher, regardless of whether you have a client. You can distribute simple AOT/AXT-based, MSI-based, thin-client, and web-based applications.

7-12
Version 1
You can also customize the distribution of applications according to user requirements and control how a user accesses distributed applications.
Managing applications. ZENworks also provides the ability to manage the application after it has been delivered. This lets you perform tasks that need to occur both before and after the application is launched. Some of the tasks that ZENworks lets you perform are metering of the applications, reporting any time there is a success or failure related to the application, mapping drives, and capturing printers.
Launching managed applications. Once you create application objects and associate them to users or workstations, application management lets users access applications through the following:
Application Launcher. This is a standalone window that displays icons for distributed applications. Application Explorer. This includes a standalone window, similar to Application Launcher, and pieces that integrate with the Windows desktop. These pieces allow distributed application icons to be displayed on the Windows desktop, the Start menu, the system tray, and the Quick Launch tool bar.
Application Browser. This is a web browser view that displays icons for distributed applications.
Distributing applications to newly imaged workstations as part of the imaging process. This lets you export the cache for an application object, and deliver that cache as part of the imaging process. By doing this you can eliminate network trafc at application installation time and ensure that the user can always repair the application, even when disconnected.

Version 1
7-13
Repairing applications. This task is also referred to as application self-healing and involves the automatic repair of damaged or missing application files. If an application is corrupted due to missing les or incorrect INI entries, application repair can restore the missing les and INI entries automatically. Application repair can also x incorrect or otherwise corrupted Registry entries. For example, if Ofce XP program les are accidentally deleted from a workstation, you can replace the deleted program les by using application repair.
Uninstalling applications. This task lets you uninstall applications that were distributed through ZENworks. Application uninstall removes all les, INI entries, and associated Registry entries without user intervention.
User management. Besides administrative management, users can also perform some limited management tasks such as the following with a simple keystroke or mouse click:
Launch applications. Users do not need to know anything more than how to double click. Automatically repair applications. Works for any application that is either an MSI or that has been repackaged. Automatically or manually uninstall applications. As administrator, you can control which method is available to your users for uninstalling applications.

Objective 3
Identify Application Management Components

ZENworks application management relies on the following objects for distribution and management of applications:

Application Objects Application Folder Objects
Application Objects
To distribute an application to a workstation, the application must have an application object in eDirectory. The ZENworks server installation provides a ConsoleOne snap-in that lets you create application objects. An application object includes all the conguration information necessary to install and run the application. Information can include workstation criteria for distribution (such as a Pentium class workstation) and the location of the application icon on the workstation (such as the task bar or Start menu). Application objects also let you control how applications are distributed to users and provide information required to distribute the application. The different types of application objects are discussed throughout the next several sections.
Application Folder Objects

You use application folders to organize the applications you distribute to users through Application Launcher. You can congure these folders to appear in the Start menu, system tray, and all Application Launcher views.

Version 1
7-15
For example, as the network administrator of Digital Airlines, you have distributed Adobe FrameMaker and Adobe Acrobat to workstations. You can associate each application object with an application folder named Desktop Publishing. Users then access this folder to view and start any desktop publishing application. In addition, congured users can create personal folders in the Application Launcher view and organize distributed applications in it. You can create application folders using one of the following methods:

Create an application folder using an application folder object Create an application folder using an application object
The following are steps for creating an application folder using an application folder object:
1.
In ConsoleOne, right-click your container; then select New > Object. In the New Object window, select Application Folder; then select OK. In the Name field, enter the name of the folder. Open the Properties of the folder object by selecting Define additional properties; then select OK. In the Properties dialog, select Folders.
2.
3. 4.
5.

The Folders Property page appears: Figure 7-2
This Property page denes the folder structure. The folder structure can consist of one folder or an entire folder tree. The Property page includes the following options: Table 7-1
Option Folders Description Use to view the folder structure created for the application folder object. Use to add an application object or a folder object to an existing folder. Use to change the name of a folder. Use to delete a folder.
Add
Modify Delete

(continued)
Table 7-1
Option The Selected Application Will Use the Folder In 6. 7. 8. 9.
Description Use to specify the folder where the application will appear.
Create a folder by selecting Add > Folder. Enter a name for the folder. Select OK. Repeat the above steps to create multiple folders.

Exercise 7-1
Create and Use Application Folders

When implementing application management, you need to give users an easy way of locating applications. To do this, you decide to create application folders. In this exercise, you use the following Host computers and VMware virtual machines:
Figure 7-3
Do the following:
1.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. From your Host2 computer desktop, start ConsoleOne. From ConsoleOne, browse to and right-click Apps.slc.da. Select New > Object. From the New Object dialog, select Application Folder; then select OK. A New Application Folder dialog appears.
2. 3. 4. 5.

Version 1
7-19
6.
In the Name field, enter Linked Folders; then select Define additional properties. Select OK. A Properties of Linked Folders dialog appears.
7.
8. 9.
Select the Folders tab. Select Add > Folder. Enter.
10. Name the folder Digital Airlines Applications; then press 11. Select the Digital Airlines Applications folder; then select Add
> Folder.
12. Name the folder OpenOffice; then press Enter. 13. Select the Digital Airlines Applications folder; then select Add
> Folder.
14. Name the folder Corporate Documents; then press Enter. 15. Select the Digital Airlines Applications folder; then select Add
> Folder.
16. Name the folder Utilities; then press Enter.
The following appears in the Folders list: Figure 7-4
17. When you finish, select OK. 18. Close ConsoleOne.

You now have folders where you can link application objects as you create them.
(End of Exercise)

Objective 4
Describe Novell Application Launcher Components

Novell ZENworks Desktop Management includes Novell Application LauncherTMa workstation-based software that is used to deliver applications to the workstation. Application Launcher is a 32-bit application that supports Windows 98 SE, Windows 2000, and Windows XP. When run on a workstation, Application Launcher reads Novell eDirectory to provide access to the applications the logged-in user and the workstation have been given rights to. If the user or workstation is not authenticated to eDirectory, Application Launcher uses the eDirectory information cached on the local workstation. It then controls every aspect of an applications use, from installing the application les, to mapping required drives, to uninstalling the application. Application Launcher consists of the following components:

User Interface Views Application Launcher Engine Application Launcher Service for Windows Application Launcher Workstation Helper
User Interface Views

Application Launcher provides the following interfaces (installed as part of the ZENworks agent) that let users access their applications:

ZENworks Application Window ZENworks Application Explorer ZENworks Application Browser

7-22
Version 1
ZENworks Application Window
Application Window is a workstation component that delivers applications associated with a user or a workstation object through a standalone window: Figure 7-5
The Application Window is divided into two panes. The left pane, referred to as the folder view, displays the following:
[All]. Contains all applications that have been associated with the user or the workstation. This is an administrator-controlled feature. By default, it is enabled, which means the folder appears. You can disable the feature if desired.
eDirectory trees. Each tree contains the applications, located within the tree, that have been associated with the user or workstation. The Application Window displays only the trees to which the user and workstation are authenticated.

Version 1
7-23
Personal folder. Provides a location for the user to create personal folders for organizing applications. This is an administrator-controlled feature. By default, it is disabled, which means the folder does not appear.
When a user selects a tree or folder in the left pane, the right pane displays the items (folders or applications) that are contained within the tree or folder. You can congure Application Window to replace the users desktop. For example, suppose Digital Airlines hires temporary employees to perform data entry. These employees use workstations in a data entry ofce and dont need access to all the applications available from the workstation desktop. Using the Application Window, you can replace the desktop, limiting access to only those applications that are available through the Application Window.
ZENworks Application Explorer
Application Explorer serves the same purpose as Application Window. However, instead of replacing the desktop, Application Explorer extends the desktop by delivering applications through the following:

Application Explorer window Windows Explorer Start menu System tray Desktop Quick Launch Tool bar

7-24
Version 1
The following is an example of how Application Explorer delivers applications through Windows Explorer: Figure 7-6
One of the biggest advantages of using Application Explorer is that users access their network delivered applications in the same places they are used to accessing other applications.
ZENworks Application Browser
Application Browser provides the same functionality as Application Window. However, applications are delivered through a web browser, which can be ideal for remote users. You can enable users to launch the Application Browser independently, or you can integrate it into a Web portal, such as Novell Portal Services or Novell exteNd DirectorTM, so that your applications are presented alongside Web content youve made available to users.

The following is an example of the Application Browser window: Figure 7-7
The Application Browser functionality is limited compared to the Application Window and Application Explorer. The view displays the following:
[All]. Contains all applications that have been distributed to the user. This is an administrator-controlled feature. By default, it is enabled, which means the folder appears.
eDirectory trees. Each tree contains the applications, located within the tree, that have been distributed to the user or workstation. Application Browser displays only the trees to which the user is authenticated.
Personal folder. Provides a location for the user to create personal folders for organizing applications. This is an administrator-controlled feature. By default, it is disabled, which means the folder does not appear.

7-26
Version 1
In the Application Browser, the Personal folder structure is for viewing and launching only. If users want to create or delete subfolders, add applications, or remove applications, they must use the Application Window or Application Explorer.
Because of security changes in Windows XP Support Pack 2 (SP2), the Application Browser behaves differently on Windows XP SP2 or later workstations. For details on these behaviors, see Running the Application Browser Under Windows XP SP2 or Later on page 194 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
To distribute applications using Application Browser, you must congure the MyApps.html le on the users workstation or on the Middle Tier server. This le contains basic setup information for Application Browser. Application Browser is ideal for remote users because it gives them access to applications through a browser, providing anytime, anywhere access to applications regardless of network connectivity.

You can use the myapps.html, refresh.html, and hf_style.css les to customize the functionality and look of the Application Browser view as described in the following: Table 7-2
File myapps.html Function Congures the following:
Location The root directory of the web server hosting the ZENworks middle tier software. A local copy is also installed on the workstation in %*ProgramFiles%\ Novell\ZENworks\ NLS\ENGLISH during the ZENworks agent installation.
Which ZENworks Middle Tier server is accessed Whether the view is Web portal-enabled or not The banner graphic The banner height Whether or not the view includes the folder tree How the application icons are displayed The navigation elements that are displayed
refresh.html
Congures the message displayed in the Application Browser view while Application Launcher starts and retrieves application information. This le does not exist until you create it.
The nal_html directory under the root directory of the web server hosting the ZENworks middle tier software. You can also create a local copy on the workstation in %*ProgramFiles%\ Novell\ZENworks\ NLS\ENGLISH\ NAL_HTML.

(continued)
Table 7-2
File hf_style.css
Function Congures all styles that are applied to the view's HTML elements (such as heading and text). This le does not exist until you create it.
Location The nal_html directory under the root directory of the web server hosting the ZENworks middle tier software. You can also create a local copy on the workstation in %*ProgramFiles%\ Novell\ZENworks\ NLS\ENGLISH\ NAL_HTML.
The myapps.html le opens the Application Browser view. It is installed with either of the following components:
Desktop Management Agent. The myapps.html file is installed by the Desktop Management Agent installation program as part of Application Launcher. Application Launcher plug-in. The Application Launcher plug-in is a simplified version of Application Launcher that includes only the Application Explorer and Application Browser views. The Application Launcher plug-in, including the myapps.html file, is installed to the ZENworks Middle Tier server. When a user accesses the myapps.html le on the web server for the rst time, the Application Launcher plug-in installation manager (zfdwebinstallmgr.dll), which is installed to the Middle Tier server along with the myapps.html le, installs the Application Launcher plug-in (including myapps.html) to the user's workstation.

If you modify the myapps.html le on the Middle Tier server, users who access the le from the server have the modied myapps.html le downloaded to the C:\Program Files\novell\zenworks\nls\language directory on their workstations. This ensures that the same myapps.html settings are used regardless of whether a user accesses the Application Browser from the Middle Tier server or the local drive. If you have users who only launch the Application Browser by accessing myapps.html on the workstation, you need to modify the myapps.html le on their workstations. You might want to modify a single copy of the le and then use an Application object to push it to each user's workstation. The refresh.html and hf_style.css les do not exist until you create them. After you create them and place them in the appropriate directory, they are used in place of the Application Browser's internal settings. If you add refresh.html and hf_style.css to the Middle Tier server, when a user accesses myapps.html on the server, the les are downloaded to the user's workstation to maintain consistency. If users are not accessing myapps.html from a Middle Tier server, you need to add the les to each user's workstation. You might want to distribute them through Application Launcher at the same time you distribute myapps.html. The myapps.html le loads an ActiveX control (axnalserver.dll) that is used to generate the Application Browser view.

You customize the Application Browser view by modifying the parameters that are passed to the ActiveX control. The following shows the nine parameters available:
        
In addition, if you use the Application Launcher plug-in installation manager to download myapps.html from a Middle Tier server, you can customize two additional parameters that are used by the Installation Manager:
 
By default, the parameters are commented out, which results in the ActiveX control using its preset internal values. To modify a parameter, do the following:
1.
Remove the !-- (beginning comment) and the -- (ending comment) to activate the parameter. For example:
<param name=\"SingleTree\" value=\"DA-TREE\"

2.
Modify the parameter's value. Each parameter is described below:
SingleTree. This parameter lets you specify a single Novell eDirectory tree from which to read application information. If this parameter is used, Application Launcher ignores any other trees to which the user authenticates. This parameter applies only at installation time. After installation, changes to this parameter have no effect.
PortalView. This parameter lets you better support portals by removing the banner section of the Application Browser view. The settings are True or False. True removes the banner section. BannerURL. This parameter applies only if the PortalView parameter is set to False. You can use this parameter to specify an alternate banner. For example, you could use a banner that contains your company's logo instead of the Novell logo. The value setting must be a URL to an HTML page or graphics le (such as GIF and JPEG). If you specify an HTML page, the page is cropped to the height specied by the BannerHeight parameter. If you specify a graphics le, the banner section scrolls to t the entire graphics le. Unless you want the banner section to be scrollable, you should ensure that the graphic's height is not greater than the height specied in the BannerHeight parameter.
BannerHeight. This parameter applies only if the PortalView parameter is set to False and the default Novell banner is being overridden by the BannerView parameter. You can use this parameter to determine the height of the banner section. The value setting must be from 5 to 200. Any number less than 5 is rounded up to 5. Any number greater than 200 is rounded down to 200.

7-32
Version 1
ShowTree. This parameter determines whether the Application Browser view includes the left pane (referred to as the folder view). The value settings are True and False. True causes the folder view to display, and False causes it to be removed.
ShowTasks. This parameter determines whether or not the folder view (left pane) includes the Work Online/Work Ofine, Middle Tier Log In/Middle Tier Log Out, Refresh Applications, and Help options. The value settings are True and False. True causes the options to display, and False causes them to be removed.
AppDisplayType. This parameter determines how the applications are displayed in the right pane of the Application Browser view. The value settings are 0 and 1. The default setting, 0, causes the application icons to display as large icons, similar to the Large Icons view in Windows Explorer. The 1 setting causes the applications to be listed in table format, similar to the List view in Windows Explorer.
ShowAppFrameNavigation. This parameter determines whether or not the right pane of the Application Browser view includes navigation. The value settings are True and False. True causes the right pane to include navigation. The type of navigation depends on the setting for the AppDisplayType parameter:
When the AppDisplayType parameter is set to 0 (large icons), navigation is displayed as a breadcrumb trail (for example, ZENworks Tree > Application Folder > Application A). When the AppDisplayType parameter is set to 1 (small icons), navigation is displayed as an Up arrow at the top of the applications list.

Version 1
7-33
Setting this parameter's value to False causes the Application Browser view to start with the All folder open, meaning that all application icons are displayed in the right pane. If the All folder is disabled in the user's Launcher Conguration settings in ConsoleOne, this parameter is ignored (in other words, the default value of True is used).
ShowIEToolbarButton. This parameter determines whether the Application Browser button is added to the Internet Explorer toolbar. The Application Browser button launches the local version of the myapps.html le. The value settings are True and False. The True setting is the default setting and causes the Application Browser button to be added to the toolbar. The False setting causes the Application Browser button to be removed from the toolbar. Whenever this setting is changed, the user must close Internet Explorer and then reopen it for the change to take effect.
MiddleTierAddress. This parameter applies only if you've congured a Middle Tier server for access to eDirectory. The MiddleTierAddress parameter lets you specify the IP address of the Middle Tier server that the user authenticates to. It is used only if a Middle Tier server address is not included in the Windows Registry; the Registry includes the address if the user entered it when running the ZENworks Desktop Management Agent installation program.
3.
Save the changes to the file.

Application Launcher Engine

The Application Launcher engine performs the tasks required to manage applications associated with users or workstations. This includes such tasks as distributing, running, verifying, uninstalling, and caching applications. Regardless of which view (Application Window, Application Explorer, or Application Browser) the user launches, Application Launcher is started in the background. It then accesses eDirectory (or the workstations local cache directory if the user or workstation is not authenticated to eDirectory) to determine which applications to display to the user and to perform any other precongured tasks.
Application Launcher Service for Windows

On Windows 98, Application Launcher can perform all the tasks required to manage an application. On Windows 2000/XP, a user might not have all the workstation rights required by Application Launcher to perform its tasks. To ensure that it always has the necessary rights, Application Launcher includes a Windows service (nalntsrv.exe), referred to as the Application Launcher Service, that does the following:
Distribution, Caching, Uninstalling. Ensures that applications can be distributed to, cached to, and uninstalled from the workstation regardless of the logged-in users file system access. For example, if youve restricted user rights to specic local directories, the user might not have the le system and registry rights required to install an application to the workstation.

Version 1
The Application Launcher Service, running in the system space, ensures that the application can be installed.
7-35
For details on managing the cache, refer to Novell Application Launcher: Managing the Cache on page 249 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Launching. Enables you to configure applications to launch and run under the System users credentials rather the logged-in users credentials. This gives an application full rights to the le system and the registry, regardless of the logged-in users rights. You can choose from two security modes when launching the application as the System user: secure System user mode and unsecure System user mode. Secure System user mode can be used if the user does not need to interact with the application (for example, you are applying a Service Pack); no interface is displayed to the user. Unsecure System user mode can be used if the user requires interaction with the program (for example, a word processor); the normal interface is displayed to the user.
Application Launcher Workstation Helper

Application Launcher and the Application Launcher Service manage all tasks for applications associated with the logged-in user. However, in addition to associating applications with users, you can associate applications with workstations. This requires that workstations be included in eDirectory as workstation objects and that Workstation Manager be running on the workstations.

When Workstation Manager starts, it loads the Application Launcher Workstation Helper (zenappws.dll). The Workstation Helper authenticates to eDirectory as the workstation (through the workstation object). The Workstation Helper nds any applications associated with the workstation and performs any precongured management tasks associated with the applications. For example, if youve scheduled an application to be pre-installed in the middle of the night (also referred to as a lights out distribution), the application is distributed to the workstation by the Workstation Helper. Or, if youve congured an application to be launched immediately, the Workstation Helper launches the application. The Workstation Helper does not have a user interface. Workstation-associated applications are only displayed when Application Launcher is running. When Application Launcher starts, it receives the list of workstation-associated applications from the Workstation Helper. Application Launcher then displays the workstation-associated applications just as it does the user-associated applications. The Workstation Helper refreshesthat is, rereads eDirectory for changes to Application objects associated with the workstationwhen any of the following occur:

Application Launcher is started Application Launcher is manually refreshed The Workstation Helpers scheduled refresh time occurs

Objective 5
Congure Novell Application Launcher

You can congure Novell Application Launcher to deliver applications that meet the needs of both the user and the organization, enabling users to be more productive in their work environment. Conguring Application Launcher lets you control
How ZENworks finds the applications that the user should have access to How the user interface of your choice looks and feels The features that are enabled and their settings
To congure Application Launcher, you need to know how to do the following:

Start Application Launcher Configure Application Launcher to Replace the Windows Desktop (Shell) Customize Application Launcher Configuration Options View the Objects Effective Settings View the Configuration Tree Designate the Top of a Configuration Tree
b
7-38
For complete information on conguring Novell Application Launcher, refer to Application Management on page 187 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Version 1
Start Application Launcher

The following describes how to manually start Application Launcher and how to automate starting the applications:

Windows 2000/XP File System Rights Manually Starting Application Launcher Automating Application Launcher Startup
Windows 2000/XP File System Rights
To ensure that Application Launcher has the local le system access that it needs to distribute applications, make sure the user has the following rights on the workstation:
At least Read access to the Application Launcher cache directory (typically, c:\nalcache). Full Control access to the users temp directory (typically, c:\documents and settings\username\local settings\temp). Full Control access to the users data encryption directory (typically, c:\documents and settings\username\application data\microsoft\crypto). This is required only if the user is using the Desktop Management Agent without a network client.
Read\Write rights to the HKEY_CURRENT_USER\Software\NetWare\NAL\.1.0 registry key. Read rights to the HKEY_LOCAL_MACHINE\Software\NetWare\NAL\1.0 registry key. Read rights to the HKEY_LOCAL_MACHINE\Software\Novell\ZENworks registry key.

Version 1
7-39
If you have not locked down the workstation, the appropriate rights can be granted through membership in the Users group. In addition, the System user requires full access to all areas of the workstation so that the Application Launcher Service (a component of Application Launcher) can distribute applications and launch applications congured to run in the system space. By default, this access is granted to the System user as a member of the Administrators group. Do not limit the default rights given to the Administrators group or the System user account.
Manually Starting Application Launcher
The Application Launcher view you want to use determines how you start Application Launcher. You can start Application Launcher with the following views:

Application Window Application Explorer Application Browser
Application Window
To start Application Launcher so that the Application Window view is displayed. do one of the following:
From the workstation desktop, select Start > Programs > Novell ZENworks Desktop Management > Application Window. or
From the c:\program files\novell\zenworks directory, run nalwin.exe or nalwin32.exe. or

7-40
Version 1
(NetWare only) From the Windows workstation, make sure you have a drive mapped to sys:\public on the ZENworks Desktop Management Server and start nal.exe from the sys:\public directory.
In previous releases, nal.exe copied the Application Launcher les to the workstation and then started the Application Window. Beginning with ZENworks for Desktops 4, nal.exe does not copy the les to the workstation; it only starts the Application Window if the Application Launcher les are installed on the workstation. The primary purpose of the nal.exe le on the ZENworks Desktop Management Server is to maintain backward compatibility with login scripts created for previous versions.
x b
If you run nal.exe from the sys:\public directory and receive an error stating The ordinal 6625 could not be located in the dynamic link library MFC42.DLL, you need to update your servers sys:\public\mfc42.dll le. The correct version of mfc42.dll is installed to workstations by the ZENworks Desktop Management Agent. You can copy the le from a workstations c:\winnt\system32 directory to the servers sys:\public\mfc42.dll directory.
For a list of command line switches you can use when starting the Application Window, refer to Application Window Command Line Switches on page 203 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Application Explorer
To start Application Launcher so that the Application Explorer view is displayed, do one of the following:
From the workstation desktop, select Start > Programs > Novell ZENworks Desktop Management > Application Explorer. or
From the c:\program files\novell\zenworks directory, run nalview.exe or naldesk.exe. or
(NetWare only) From the Windows workstation, make sure you have a drive mapped to sys:\public on the ZENworks Desktop Management Server and start nalexpld.exe from the sys:\public directory.
In previous releases, nalexpld.exe copied the Application Launcher les to the workstation and then started the Application Explorer. Beginning with ZENworks for Desktops 4, nalexpld.exe does not copy the les to the workstation; it only starts the Application Explorer if the Application Launcher les are installed on the workstation. The primary purpose of the nalexpld.exe le on the Desktop Management Server is to maintain backward compatibility with login scripts created for previous versions.

x b
If you run nalexpld.exe from the sys:\public directory and receive an error stating The ordinal 6625 could not be located in the dynamic link library MFC42.DLL, you need to update your servers sys:\public\mfc42.dll le. The correct version of mfc42.dll is installed to workstations by the ZENworks Desktop Management Agent. You can copy the le from a workstations c:\winnt\system32 directory to the servers sys:\public\mfc42.dll directory.
For a list of command line switches you can use when starting Application Explorer, refer to Application Explorer Command Line Switches on page 209 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Application Browser
To start Application Launcher so that the Application Browser view is displayed, start a Web browser; then on the Standard Buttons toolbar, select the Application Browser icon.
Automating Application Launcher Startup
There are several ways to automatically start Application Launcher, including the following:
Include the appropriate Application Window, Application Explorer, or Application Browser startup commands in the users Windows or network login script. Add the Application Window or Application Explorer shortcut to the Windows Startup folder.

Version 1
7-43
The Desktop Management Agent installation program includes options to let you add either shortcut to the Startup folder.
Congure Application Launcher to Replace the Windows Desktop (Shell)

You can use Application Launcher in place of Windows Explorer (the default Windows shell) to further restrict user access to applications on workstations. When you do so, the Application Window view replaces the standard Windows desktop. To congure Application Launcher to replace the desktop, you need to know how to do the following:

Set Up Application Launcher As the Shell on Windows 98 Set Up Application Launcher As the Shell on Windows 2000/XP
Set Up Application Launcher As the Shell on Windows 98
Do the following:
1.
Open the workstations system.ini file (typically in c:\windows) with a text editor. Replace the shell=explorer.exe line with the following line: shell=c:\progra~1\novell\zenworks\nalwin.exe
2.
3.
(Optional) If you want the Application Window to be maximized when it comes up, add the /max switch to nalwin.exe (nalwin.exe /max). Save and close the system.ini file. Restart Windows.
4.

7-44
Version 1
Starting Application Launcher under the Application Window shell is not supported. On a Windows 98 machine, doing so can cause general fault protection errors. You should ensure that Application Launcher is not accidently started by doing the following:
Remove the Application Explorer and Application Window shortcuts from the Start menu (Start > Programs > ZENworks Desktop Management) Disable the users ability to browse to the c:\program files\novell\zenworks directory Verify that nalwin.exe, nal.exe, nalwin32.exe, and naldesk.exe are not being executed in the users login scripts (such as the Windows login script and the Novell login script).
Set Up Application Launcher As the Shell on Windows 2000/XP
Do the following:
1.
On the Windows 2000/XP workstation, run regedit.exe and locate the following setting: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon
2.
Change the SHELL value from explore.exe to the following: c:\program les\novell\zenworks\nalwin.exe
3.
(Optional) If you want the Application Window to be maximized when it comes up, add the /max switch to nalwin.exe (nalwin.exe /max). Close regedit.exe. Restart Windows.
4.

Version 1
5.
7-45
Customize Application Launcher Conguration Options

You can view or customize Application Launcher conguration options from the Launcher Conguration page under the ZENworks tab of the properties of container, user, or workstation objects. To set Application Launcher conguration options, select Add; then use the following Launcher Conguration tabs:
User. This includes options that apply to all Application Launcher views, as in the following:
Figure 7-8

The following describes each option: Table 7-3

Option Description
Allow users to exit Species whether a user can exit the application management user interface. Enable [All] folder Lets you enable or disable the All folder in the Application Launcher, Application Explorer Window, or Application Browser. The folder displays all applications the user can access, regardless of the applications location in the rest of the folder structure. Enable manual refresh Enable personal folders Lets users manually refresh Application Launcher. Lets users create personal application folders in Application Launcher. This information is stored in the users prole so that it follows them if they roam. Controls whether Application Launcher periodically refreshes application information from eDirectory.
Enable timed refresh (User)

(continued)
Table 7-3
Option Read groups for applications (User)
Description Controls whether Application Launcher reads group objects to determine application assignments. Although groups are a convenient means to indirectly associate users with applications, requiring Application Launcher to read group objects can also decrease performance if the user is a member of a large number of groups. This is especially true if your tree contains groups whose members span partitions (known as a global group). If you have global groups you should consider disabling this option or breaking up your global groups.
Set application inheritance level (User)
Species the number of parent containers Application Launcher searches in for applications associated with a user.
Do not congure this setting to span WAN connections.

The default is 1, which means Application Launcher searches for applications associated with the users or workstations immediate container. A value of -1 instructs Application Launcher to search to the root of the eDirectory tree. Set refresh frequency (User) Controls how often Application Launcher searches eDirectory for new or changed application information (applies only if you have enabled timed refresh).

(continued)
Table 7-3
Option Set Random Refresh Spread
Description Lets Application Launcher retrieve application information from a users cache during startup and then refresh that information randomly. This reduces network trafc generated by Application Launcher while reading eDirectory.
Specify E-mail attribute
Species the eDirectory attribute used when displaying email names on the Help Contacts tab of the properties of application object dialog. Species the number of days after which you want Application Launcher to uninstall an application when the user has been unassociated with the application. Causes a Windows shortcut to Application Launcher or Application Explorer to be added to the Startup folder. Controls whether Application Launcher reads information from removable media.
Unassociated days to uninstall (User)
Auto-start Application Launcher Enable reading from removable cache Enable writing to the cache Enable the checkpoint restart postpone button
Controls whether Application Launcher can write information to a users cache directory. Controls whether Application Launcher displays a Postpone button that enables the user to postpone application distribution. If this setting is disabled then the user does not have a Postpone button, but Checkpoint Restart is still available if the connection is interrupted.

(continued)
Table 7-3
Option Always evaluate referrals
Description Lets Application Launcher use the most accessible eDirectory replica when making eDirectory calls. Species that Application Launcher remove application icons from the users terminal server session desktop. In general, you need to set this option to Yes to have Application Launcher clean up the users terminal server session desktops. If you have multiple terminal server users who log in with the same user name to run applications, disable this option. Otherwise, when one user exits Application Launcher, the application icon disappears from all users terminal server session desktops.
Enable automatic icon cleanup
Congure remote access detection method Bring all popup windows to the front Enable Middle Tier Login
Species how Application Launcher detects whether you are connecting locally or remotely. Forces all popup windows to appear in front of any other open windows.
Lets users log in by using the Middle Tier if they are not already using a Middle Tier session.

Window. This tab includes options that apply to Application Window, as shown in the following:
Figure 7-9


Option Enable folder view Enable login Description Lets Application Window display folders
Lets users log in from the File menu of Application Window Controls whether Application Window expands the folder tree on startup Lets Application Window save its window size and position settings
Expand folder view on startup Save window size and position
Watermark Applies background wallpaper (watermark) in display property Application Window Watermark source path Lets you select a custom watermark for your wallpaper

Explorer. This tab includes options that apply to Application Explorer, as shown in the following:
Figure 7-10

Option Display icon on desktop Display system tray icon Name icon on desktop
Effect Controls whether Application Explorer appears on a user desktop Controls whether Application Explorer appears in a users system tray Determines a custom name for the Application Explorer desktop icon
Browser. This tab lets you control whether Application Launcher shuts down when the user closes the browser to exit Application Browser.

The tab has only one option, Close Application Launcher on Browser Exit, that tells the Application Browser to close nalagent.exe when Internet Explorer exits.
Workstation. This tab includes general options that apply to Application Launcher, as shown in the following:
Figure 7-11

Option Enable Helper (Workstation) Description Controls whether Workstation Manager loads Application Management Workstation Helper and adds it to the Scheduler. If this option is set to No, then applications associated with workstation objects will not be available.

(continued)
Table 7-6
Option Enable timed refresh (Workstation)
Description Controls whether Workstation Helper periodically refreshes application information from eDirectory. This refresh happens whether the user is logged in to the workstation or not.
Read groups for applications (Workstation) Set application inheritance level (Workstation) Set refresh frequency (Workstation)
Controls whether workstation group objects are read to determine if applications are associated.
Species how many parent containers Workstation Helper searches to nd applications associated with workstations.
Controls how often Workstation Helper searches eDirectory for new or changed application information (applies only if you have enabled timed refresh). Determines how many days it takes for Application Launcher to uninstall an application that is no longer associated with a workstation. Species whether you want to enable Workstation Helper to write information to the cache directory. The main purpose of this option is to disable the local cache, forcing workstations to access applications through eDirectory or a cache directory on removable media. The setting values are Yes, No, and Unset. The default value (Yes) is used if you select Unset and no parent container includes a customized setting.
Unassociated days to uninstall (Workstation) Enable writing to the cache (workstation)

To customize an objects conguration, do the following:

1. 2. 3.
Start ConsoleOne. Right-click a container and select Properties. Select ZENworks > Launcher Configuration. The Launcher Conguration page appears.
4.
From this page, select one of the following modes:

View/Edit Objects Custom Conguration View Objects Effective Settings View Conguration Tree
The Application Conguration page shows the current customized settings and also lets you designate the top of a conguration tree.
5.
To customize launcher configuration settings, make sure View/Edit objects custom conguration is selected; then select Add/Edit. Select a conguration options tab. Configure the settings by selecting the option and then the value of that option. Save the changes and close the window by selecting OK.
6. 7.
8.
View the Objects Effective Settings

You can congure Application Launcher settings at the object level and any container level above the object. If a setting is not congured then it has a default value. To view the combined effective settings of an object, select the View Effective Launcher Conguration option from the object properties.

7-56
Version 1
In the View Objects Effective Settings window, all conguration options with their effective settings are listed: Figure 7-12
Each conguration option has a default setting inherited from the parent container. You can override the default by establishing a custom setting. When Application Launcher searches the tree for a users Application Launcher settings, it starts with the user object and works up the tree. Application Launcher continues up the tree, searching for custom settings until it reaches a container object that is designated as the top of the tree. If Application Launcher nds custom settings in the user object or any container object when searching the tree, those settings are applied. If Application Launcher does not nd any custom settings, the default setting is applied.

If Application Launcher nds more than one custom setting for the same option, the lowest-level setting applies. For example, if a custom setting is applied to both a user object and the users container object, the setting for the user object is applied. The same process applies to workstations. In a multi-tree environment, the conguration settings are read from the users primary eDirectory tree, unless the ZENworks agent was installed with the option to only read from a single tree. If single tree mode was selected then the applications and Application Launcher conguration are read from that tree. This change was made in ZENworks 6.5 SP1. You can view the primary eDirectory tree in Windows 98 and Windows NT/2000 by right-clicking the Novell Client icon on the system tray and selecting NetWare Connections. To view the objects effective settings, do the following:
1. 2. 3.
Launch ConsoleOne. Right-click a container object and select Properties. Select ZENworks > Launcher Configuration. The Launcher Conguration page appears.
4.
From Mode, select View objects effective settings. From this window, you can view all settings that apply to an object.
5.
Save changes and close the window by selecting OK.
View the Conguration Tree
VIEW ONLY conguration tree. The conguration tree shows the settings that NO PRINTING have been congured and where the setting is congured. ALLOWED
To see the source of each effective setting, you can view the
If a setting is congured in two places in the tree, the one closest to the object is used. In the View Conguration Tree window, you can see a portion of the eDirectory tree where the conguration settings for a particular option exists, as in the following: Figure 7-13
From this window, you can view the object that the container inherits custom settings from. To view the conguration tree do the following:
1. 2. 3.

Version 1
4.
From Mode, select View configuration tree. Close the window by selecting OK.
7-59
Designate the Top of a Conguration Tree

You can designate a user, a workstation, or a container object as the top of a conguration tree by selecting the box at the lower left of the View/Edit Custom Conguration page, as shown in the following: Figure 7-14
After you congure Application Launcher options and deliver an application, Application Launcher searches the tree to determine the effective conguration settings of a user or workstation object. If Application Launcher options are not set for the object, Application Launcher searches the parent container to determine if any options are set. If the parent container has not been designated, Application Launcher continues searching the eDirectory tree until it reaches the object designated as the top of the tree.

7-60
Version 1
You can prevent tree walking by designating the top of a conguration tree. You can also designate the top of the conguration tree for different users or workstations in different ways. For example, a network administrator of Digital Airlines might want 2 congurations: one that applies to administrators, and another that applies to all other user objects. You can specify your user object as the top of the conguration tree and then specify the container as the top of the tree for other users. Application Launcher identies applicable settings for each user, applies them, and stops searching for applicable settings when it reaches the object you specify as the top of the conguration tree. To designate the top of a conguration tree do the following:
1. 2. 3.
4.
Select Use as top of configuration tree.

Exercise 7-2
Congure Novell Application Launcher
When implementing application management with ZENworks, you must rst set up the Application Launcher conguration for both users and workstations. When you congure Application Launcher, you need to ensure that tree walking is minimal. In this exercise, you use the following Host computers and VMware virtual machines: Figure 7-15
Do the following:
1.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. Start ConsoleOne. Browse to and right-click slc.da; then select Properties. Select the ZENworks > Launcher Configuration tab page. The Launcher Conguration page is displayed.
2. 3. 4.

7-62
Customize the configuration settings by selecting Add.
Version 1
6.
Specify the user settings: a. b. c. From the User tab page Settings list (on the left), select Enable timed refresh (User) From the Values drop-down list (on the right), select Yes. From the Settings list, select Set application inheritance level (User).
d. From the Values drop-down list, select Custom; then in the Range eld enter 2. This allows applications to be associated with server and user containers. e. f. From the Settings list, select Set refresh frequency (User). From the Values drop-down list, select Custom; then in the Range eld enter 900. This forces Application Launcher to refresh every 15 minutes instead of every 12 hours.
This setting is suitable in a classroom to check results, but not for a production environment.
g. From the Settings list, scroll down and select Congure remote access detection method. h. From the Values drop-down list, select Prompt. Although you can congure an automatic detection, this setting forces the user to determine the type of connection. i. j.
7.
From the Settings list, select Bring all popup windows to the front. From the Values drop-down list, select Yes. Select the Workstation tab. From the Settings list, select Enable timed refresh (Workstation).
Configure workstation settings: a. b.

Version 1
7-63
c.
From the Values drop-down list, select Yes.
d. From the Settings list, select Set application inheritance level (Workstation). e. From the Values drop-down list, select Custom; then in the Range eld enter 2. This lets you associate applications with both workstations through the server or workstation container. f. From the Settings list, select Set refresh frequency (Workstation).
g. From the Values drop-down list, select Custom; then in the Range eld enter 900. This forces Application Launcher to refresh every 15 minutes instead of every 12 hours.
x
8.
This setting is suitable in a classroom to check results, but not for a production environment.
h. Select OK. From the Launcher Configuration page, select Use as top of configuration tree. This prevents tree walking when looking for the Launcher conguration and makes sure settings are effective only for your users.
9.
Select OK. You have congured Application Launcher for local and remote users.

(End of Exercise)

Summary
Objective
1. Describe How Application Management Works
What You Learned To understand how ZENworks application management works, you need to know the following:
How applications are delivered through ZENworks ZENworks leverages eDirectory to distribute applications to users and workstations by using application objects. After application objects are created, you can associate them with user and workstation objects in your tree. After the objects are associated, ZENworks delivers them to your users and workstations, regardless of their location.
Application management features ZENworks provides feature rich application management functionality. To better understand how you can use ZENworks for managing and distributing applications, it is important to understand the following ZENworks features:

Administrative features User features

Objective
2. Identify Application Management Tasks
What You Learned Common application management tasks include the following:

Packaging software for distribution Creating application objects Distributing applications Managing applications Launching managed applications Distributing applications to newly imaged workstations as part of the imaging process Repairing applications Uninstalling applications User management
3. Identify Application Management Components
ZENworks application management relies on the following objects for distribution and management of applications:
Application objects An application object includes all the conguration information necessary to install and run the application. Information can include workstation criteria for distribution (such as a Pentium class workstation) and the location of the application icon on the workstation (such as the task bar or Start menu).
Application Folder objects You use application folders to organize the applications you distribute to users through Application Launcher. You can congure these folders to appear in the Start menu, system tray, and all Application Launcher views.

Objective
4. Describe Novell Application Launcher Components
What You Learned Novell ZENworks Desktop Management includes Novell Application Launcher, workstation-based software that is used to deliver applications to the workstation. When run on a workstation, Application Launcher reads Novell eDirectory to provide access to the applications the logged-in user and the workstation have been given rights to. Application Launcher consists of the following components:

User interface views Application launcher engine Application launcher service for windows Application launcher workstation helper
5. Congure Novell Application Launcher
Conguring Application Launcher lets you control
How ZENworks nds the applications that the user should have access to How the user interface of your choice looks and feels The features that are enabled and their settings
To congure Application Launcher, you need to know how to do the following:

Start application launcher Congure application launcher to replace the Windows desktop (shell) Customize Application Launcher conguration options View the objects effective settings View the conguration tree Designate the top of a conguration tree

Version 1
7-67

Distribute and Package Applications
SECTION 8
In this section, you learn how to distribute and package applications with ZENworks 7, including how to distribute applications using InstallShield AdminStudio.
Objectives
1. 2. 3. 4. 5.
Distribute a Scripted Installation Re-package Applications With ZENworks snAppShot Distribute an AOT/AXT Application with ZENworks Package Software with ZENworks Software Packaging Repackage Applications with the AdminStudio Repackaging Wizard Customize Application Installation with AdminStudio Tuner Distribute MSI Based Applications with ZENworks Convert AOT/AXT Packages to MSI Packages Using AdminStudio Decide Which Type of Distribution to Use
6. 7. 8.
9.

Introduction
The rst task youll probably want to do with ZENworks application management is to distribute software to all of your workstations. In order to deliver applications to users and workstations, the application that you want to distribute must be in the right format for ZENworks to distribute. ZENworks provides the following options for distributing software:

Launch a scripted installation Distribute an application object based on an AOT/AXT file Distribute an application object based on an MSI file
Because the complete benets of ZENworks application management can only be realized through the last two options, it is also important that you understand how an application that is not in one of these formats can be repackaged to an AOT/AXT or MSI format.

Objective 1
Distribute a Scripted Installation

Not all applications have the ability to perform an unattended installation. However, you still want to be able to distribute those applications with ZENworks. To distribute this type of application, you need to use a scripted installation without an AXT, AOT, or MSI le. In this case, you use a simple application object that runs a scripted installation. This type of application installation is like a Windows shortcut, but is stored in eDirectory. To created a simple application object, do the following:
1.
Right-click the container where you want to distribute the application; then select New > Application. Select A simple application (no AOT/AXT/MSI file); then select Next. In the Object Name field, enter the name of the icon; then select Next. In the Path to file field, enter the path and lename of the executable; then select Next. We recommend that you use a UNC path to the le to ensure that there are no drive mapping dependencies.
2.
3.
4.
5.
In the Add rules to control availability of this application field, define distribution rules for the application; then select Next. In the Add user and workstation associations field, select Add. Browse to and select the container you want to associate the application with; then select OK. Select the objects in the container where you want to associate your application; then select OK. Select the characteristics you want to apply to the application object; then select Next.
6. 7.
8.

Version 1
8-3
The characteristics you select are locations on the workstation from where you can launch the application. Some characteristics include Start menu, desktop, and system tray.
10. From the Summary window, select Display details after
creation. You select this option so the Properties window of the application object appears after creating the object. You can perform additional congurations and verify all conguration settings from this window.
11. Select Finish. 12. When the Properties window appears, make sure the Run
Options > Application tab is selected.

13. Add the parameters that the installation needs to be launched in
a scripted fashion.
14. Select OK. 15. On the Windows workstation, open one of the application
management user interfaces and refresh.

16. Double-click the application.
If you are an administrative user of the workstation, the application successfully installs.
If your users are not members of the Administrators group on Windows 2000/XP then you might need to perform the installation using Impersonation. More information on Impersonation can be found in the ZENworks Help le (accessible by selecting the Help button on any dialog).

Exercise 8-1
Use ZENworks to Distribute a Simple Application

To distribute documents, you need to create a simple application that points to the document. The application required to open this document must be installed on the workstation. In this exercise, you distribute a Charter.txt document that opens in Notepad on the workstations using the following Host computers and VMware virtual machines:
Figure 8-1
WS2 WinXP Pro XP2 10.200.200.12
Do the following:
1.
From your Host2 computer using the Novell Client, make sure you are logged in as admin with a password of novell. Create a document to distribute: a. From your Host2 computer, open Notepad. In Notepad, type Digital Airlines Charter. Select File > Save. b. c.
2.

Version 1
8-5
d. From the Save in drop-down list, select My Network Places; then select Entire Network. e. f. Select NetWare Services > NetWare Servers. After a few moments, Da-zen is listed as a NetWare server. Select Da-zen; then select DATA. g. Create an Apps folder by right-clicking in the window and selecting New > Folder; then name the folder Apps. h. Select Apps. i. j. In the File name eld, enter Charter. Make sure that Text Documents (*.txt) appears in the Save as type eld; then select Save.
k. Close Notepad.
3.
Create a simple application that points to the document to be distributed: a. From your Host2 computer in ConsoleOne, right-click Apps.slc.da; then select New > Application. A New Application Object dialog appears. b. c. Select A simple application (no .AOT/.AXT/.MSI le); then select Next. In the Object Name eld, enter Digital Airlines Charter; then select Next.
d. In the Path to le eld, enter \\Da-zen\DATA\Apps\Charter.txt; then select Next. e. f. From the Add rules to control availability of this application page, select Next. From the Add user and workstation association page, select Next.
g. Select the Display details after creation check box; then select Finish.

8-6
A Properties of Digital Airlines Charter dialog appears.
Version 1
h. Make sure that the Identication > Icon tab page is selected; then select Modify. An Image Chooser dialog appears. i. Select Browse; then browse to and highlight C:\WINDOWS\NOTEPAD.EXE; then select Open. A Notepad icon appears in the Image Chooser dialog. j. Select OK. k. Select the Identication > Folders tab page; then select Add; then from the drop-down list select Linked Folder. A Select Object dialog appears. l. Browse to Linked Folders.Apps.slc.da; then select OK. A Folder Object Structure dialog appears. m. Select Corporate Documents; then select OK. n. Select the Common > File Rights tab page; then select Add. o. Browse and select DA-ZEN_DATA\Apps\Charter.txt; then select OK. p. Make sure that Charter.txt has Read and File Scan rights assigned; then select Apply. q. Select the Availability > Distribution Rules tab page. r. s. Select Add > Remote Access. A Remote Access Rule dialog appears. From the Remote Access Connection drop-down list, select LAN Connection; then select OK. Selecting this option makes sure that the document shows up only when the user is connected to a high-speed network. t. v. Select the Associations tab. Select OK. u. Select Add; then browse to and highlight Users.slc.da.

Version 1
w. Select Users within this container; then select OK.
8-7
x. At the top of the Associations list, select (check) the App Launcher and Desktop icon check boxes; then select OK. The icons at the bottom of the list under the Defaults for subsequent associations list the titles for the icons.
4.
Verify whether the document is available for local access on a high speed LAN connection: a. b. From the WS1 workstation desktop using the Novell Client, log off and then log in as CKent with a password of novell. When prompted to indicate if you are using a slow connection, select No. Notice that a Digital Airlines Charter shortcut is displayed on the desktop. c. From the workstation desktop, double-click the Digital Airlines Charter shortcut. The Charter.txt le is opened in Notepad. d. Close Notepad.
5.
Verify whether the document is available on a slower connection (such as a dial-up or wireless connection): a. b. From the WS2 workstation, log off and then log in as BWayne with a password of novell. When prompted to indicate if you are using a slow connection, select, select Yes. Notice that the Digital Airlines Charter application shortcut is not available on desktop.
(End of Exercise)

Objective 2
Re-package Applications With ZENworks snAppShot

If there is no scripted installation for the software you want to distribute, the scripted installation doesnt give you the conguration options you need, or you need the application to be self-healing, then you might need to re-package the application. There are two ways of re-packaging applications. In this objective, you learn how to re-package the application as AOT/AXT les using the ZENworks snAppShot tool. snAppShot identies the les and conguration settings by capturing an image of the workstation before and after the installation of an application. SnAppShot then compares the images to determine the changes. Only changes to the workstation are captured by snAppShot, not the logic of the original installation. You can use snAppShot in one of 3 modes:
Standard. This mode uses default settings to perform the before and after installation scans. Custom. This mode lets you choose a previously created preference file to apply to the discovery process. Custom mode also provides additional options such as specifying Registry hives and le settings.
Express. This mode performs a quick scan for system changes using a snAppShot preferences file created during a previous discovery process.
After the application object is created, other workstations that require the application can install the application without the intermediate conguration steps.

For example, suppose all Marketing employees in Digital Airlines use Marketing Management System (MMS) application software. Using Application Launcher, MMS can be distributed to all Marketing department workstations without spending much effort or time. snAppShot creates the following les to store the changes:
AXT and AOT files. AXT and AOT files store changes such as Registry settings that occur before and after installing an application on a workstation. The AXT le is a text le that can be edited, but the AOT le is a binary le. AOT les are preferred because they import faster into an application object.
FIL files. These are application files required to install an application package. You can treat FIL files as copies of the application installation files required by an application object. These les, which become application source les, are copied to a network source location. The les are then renamed numerically starting with 1 and given an FIL le extension (for example, 1.FIL). As a result, there are numerous FIL les for each application installation.
Filedef.txt file. This file maps the FIL files to the original application installation files. It also specifies the target location and name used when installing the files to the workstation.
To create an AXT or AOT le using snAppShot, do the following:

1.
Use snAppShot to prescan the workstation: a. b. From your workstation, run Sys:\Public\Snapshot\Snapshot.exe. From the main page, select the snAppShot mode (for example, Standard). In the Object Name eld, enter the name of the application.

8-10
c.
Version 1
To use the same eDirectory application object name for the Application icon name, leave the Application icon title eld empty. d. When you nish, select Next. e. In the Application les location eld, enter the path where the FIL les are to be stored.
All users who need this application must have access rights to the location. In addition, make sure the location specied has sufcient space to store the application source les.
x
f.
When you nish, select Next.
g. (Conditional) If the location specied does not have folders created, create them by selecting Yes. h. Enter the AOT name; then select Next. i. Select which drives to scan. You must select the drives that will be affected by the installation. You can specify drives that need to be scanned by selecting Add or Remove. j.
2.
k. Begin the prescan by selecting Next. When the prescan is complete, install the application on the workstation: a. b. c.
3.
Select Run Application Install. Enter the path to the applications executable. Install the application. In the snAppShot window, select Next. In the Application Install Directory eld, enter the path of the application; then select Next. This begins the postscan.
When the installation is complete, use snAppShot for a postscan: a. b.

Version 1
8-11
4.
When the snAppShot postscan finishes, review the summary and select Finish. The AXT or AOT le is created.
The AOT/AXT le includes any changes that were made to the conguration of the machine during the installation. This means that many of the changes may not be specically related to the application. For this reason, we recommend that after the AOT or AXT le is created, you take the time to clean up conguration information that is not application specic.

Exercise 8-2
Use snAppShot to Deploy a NonMSI-Based Applications

In this exercise, you re-package OpenOfce using snAppShot, and then deploy the re-packaged application using ZENworks Desktop Management. You use the following Host computers and VMware virtual machines:
Figure 8-2
DA-SPM WinXP Pro SP2 10.200.200.150
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Perform a Prescan With snAppShot Part II: Install the Application and Complete a Postscan

Part I: Perform a Prescan With snAppShot
Do the following:
1.
From the DA-ZEN server, copy the snAppShot application files to the /usr/novell/sys/PUBLIC directory: a. From your DA-ZEN server desktop, open Konqueror as the root user by pressing Alt+F2; then enter kdesu konqueror and select Run. A Run as root login dialog appears. b. c. Enter n0v3ll; then select OK. A Konqueror window appears. In the Location eld (top of the window), enter the following: /opt/novell/zenworks/zdm/winutils Because you are in a Linux operating system, the characters are case-sensitive. The contents of the winutils folder are displayed. d. Right-click the snapshot folder; then select Copy. e. f. In the Location eld, enter /usr/novell/sys/PUBLIC. Right-click in the PUBLIC folder and select Paste. The snapshot folder is copied to the PUBLIC folder. g. Close the Konqueror window.
2.
Make sure you are logged in to the DA-SPM workstation with the Novell Client as admin with a password of novell. (Conditional) If you are prompted to indicate if you are using a slow connection, select Yes. This avoids placing a Digital Airlines Charter shortcut icon on your desktop.
3.

8-14
4.
From Windows Explorer, browse to and run \\DA-ZEN\sys\Public\snapshot\snapshot.exe.
Version 1
A Novell Zenworks snAppShot welcome dialog appears.

5.
In the Welcome dialog, select Standard. A Novell SnAppShot for Window 98/NT/2000/XP dialog appears.
6. 7.
In the NDS Application object name field, enter OpenOffice. In the Application Icon Title field, enter OpenOffice; then select Next. For the Application files(s) location field, enter \\DA-ZEN\Data\Apps\OpenOffice. Select Next.
8.
9.
10. When prompted to create the directory, select Yes. 11. Accept the default AOT name by selecting Next.
A page appears requesting the drives you want to scan.

12. Accept the default drive to scan (C:) by selecting Next. 13. From the summary page, begin pre-scan by selecting Next.
This can take several minutes.
Part II: Install the Application and Complete a Postscan
Now that you have completed the prescan, you will need to install the application and complete a postscan. Do the following:
1.
When the prescan is completed, select Run Application Install. A Select Setup program dialog appears.
2.
Browse to and display the contents of the following directory: C:\Software\OpenOfce\OOo_1.1.4_Win32Intel_install

Version 1
8-15
3.
Start the OpenOffice 1.1.4 installation by double-clicking the setup.exe file. After a few moments, a Welcome to the Installation Program dialog appears.
4. 5. 6.
Continue by selecting Next. Review the Important Information page; then select Next. Scroll to the bottom of the License Agreement; then select I accept the terms of the Agreement. Select Next. A User Data dialog appears.
7.
8. 9.
In the Company field, enter Digital Airlines. Continue by selecting Next.
10. Make sure Standard Installation is selected, then select Next. 11. From the Select Installation Directory page, select Next. 12. When asked if you want the program to create the
OpenOffice.org1.1.4 folder, select Yes.

13. From the Start Copying page, select Install. 14. From the File types page, select OK. 15. From the Java Setup dialog, select Do not use Java with
OpenOffice.org 1.1.4; A Java Setup message appears indicating that some functionality will be disabled if Java is not installed.
16. Close the message by selecting OK. 17. Select OK. 18. Start the installation by selecting OK.
VIEW ONLY NO PRINTING 19. ALLOWED

8-16
The OpenOfce.org 1.1.4 installation begins (this can take a few minutes). When the installation is complete, select Complete.
Version 1
When the installation is complete, you are returned to the Novell snAppShot for Windows 98/NT/2000/XP dialog.
20. Continue by selecting Next. 21. In the Application install directory field, enter C:\Program
Files\OpenOffice.org1.1.4; then select Next. This begins the post scan (which can take several minutes). When snAppShot completes the post scan, a summary page appears.
22. Review the summary; then select Finish.
You now have an AOT le that you can use to create an application object to distribute OpenOfce to all your users in the next exercise.
(End of Exercise)

Objective 3
Distribute an AOT/AXT Application with ZENworks

After you have created an AOT or AXT le using the snAppShot utility, you can create an application object in the tree that uses the conguration information stored in the AOT or AXT le. This information populates the Distribution Options tab of the application so that when users launch the application, the conguration information is distributed to the workstation. To distribute an application that uses an AOT or AXT le, do the following:
1.
Create an application object using an AXT or AOT file: a. b. c. From ConsoleOne, right-click your container and select New > Application. Select An application that has an AOT/AXT le; then select Next. In the Path to AOT/AXT File eld, browse to the location of your AOT; then select the AOT le. You should use a UNC path. d. When you nish, select Next. e. f. Verify the source path and target path information; then select Next. In the Add Requirements window, select Add > Operating System.
g. In the Platform eld, select the operating system. h. In the Version eld, specify the version of the operating system.

8-18
Remember that application objects created using snAppShot are specic to the platform they were created on.
Version 1
i. j.
When you nish, select OK. Select Next.
k. Specify the users and workstations for the distributed application: a. b. In the Add User and Workstation associations eld, select Add. Browse to and select the object you want to associate the application with; then select OK twice. Users within this container Workstations within this container Users and workstations within this container
For containers, you must select one of the following:

l.
Enable the icon to show up in Application Launcher and on the Desktop; then select Next.
m. Select Display details after creation; then select Finish.

2.
Configure distribution options, if any: a. b. Select Distribution Options. Make the appropriate changes in the Distribution Options screen. Select Common > File Rights; then select Add. Browse to and select the folder where the application les are stored.
3.
Give users the necessary rights to launch the application: a. b.
4.
Select OK.

Exercise 8-3
Create an Application Object Using an AOT File

In this exercise, you use the AOT le that you created in the previous exercise to create an application object that distributes OpenOfce to all your users. You use the following Host computers and VMware virtual machines:
Figure 8-3
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Create the OpenOffice Application Object Part II: Verify that the OpenOffice Application is Available

Part I: Create the OpenOfce Application Object
Do the following:
1.
From your Host2 computer, create an application object using an AXT or AOT file: a. b. c. Make sure that you are logged in using the Novell Client to DA-TREE as admin with a password of novell. Start ConsoleOne. Right-click Apps.slc.da; then select New > Application. A New Application Object dialog appears. d. Select An application that has an AOT/AXT le; then select Next. e. To the right of the Path to AOT/AXT File eld, select the browse button. An Open dialog appears. f. From the Files of type drop-down list (at the bottom of the dialog), select Application Templates (*.aot).
g. Browse to and select the \\DA-ZEN\Data\Apps\OpenOfce\OpenOfce.aot le; then select Open. h. Select Next. i. Verify that the information in the following elds is correct:

The Object Name: OpenOffice The Source Path: \\DA-ZEN\Data\ Apps\OpenOffice The Target Path: C:\Program Files\ OpenOffice.org1.1.4
j.

2.
Because application objects created using snAppShot are platform-specific, you must now specify the operating system the application is to be distributed on by doing the following: a. b. c. e. f. From the Add Rules page, select Add > Operating System. An Operating System Rule dialog appears. In the Platform is drop-down list, select Windows 2000/XP. From the Version drop-down list, select >=. Select OK. You are returned to the New Application Object dialog. Select Next. From the Add User and Workstation associations page, select Next. A Summary page appears. b. Select the Display details after creation check box; then select Finish. A Properties of OpenOfce dialog appears. c. Select the Identication > Folders tab page; then select Add > Linked Folder. A Select Object dialog appears. d. Browse to and select Linked Folders.Apps.slc.da; then select OK. e. f. Select OpenOfce; then select OK. Select the Run Options > Application tab page. %TARGET_PATH%\program\sofce.exe
d. In the Version eld, enter 5.
3.
Specify users and workstations for the distributed application: a.
g. In the Path to le eld, enter the following:

4.
Give users the necessary rights to launch the application: a. b. c. e. f. Select the Common > File Rights tab page; then select Add. Browse to and select DA-ZEN_DATA\Apps\OpenOfce; then select OK. Select the Read and File Scan rights check boxes. Select the Associations tab page. Select Add; then browse to and select Users.slc.da. An Add Container Association dialog appears. h. Select Users within this container; then select OK. i. Save the changes by selecting OK.
d. Select Apply.
g. Select OK.
Part II: Verify that the OpenOfce Application is Available
Do the following:
1.
Verify that the OpenOffice application is available for local access: a. b. c. From the WS1 workstation using the Novell Client, log off and then log in as CKent with a password of novell. When prompted if you are using a slower connection, select No. From the desktop, double-click Application Explorer.
d. Browse to the Digital Airlines Applications > OpenOfce folder. e. Start the OpenOfce installation by selecting OpenOfce. Wait for OpenOfce to be installed. This can take several minutes.

Version 1
After OpenOfce is installed, an OpenOfce.org Registration dialog appears.
8-23
f.
Select Never register; then select OK. The OpenOfce application opens a document window. Notice that an OpenOfce icon has been added to the system tray.
g. Close OpenOfce.
2.
Verify whether the OpenOffice application is available for a slower connection: a. b. c. From the WS2 workstation, log off and then log in as BWayne with a password of novell. When prompted to indicate if you are using a slower connection, select Yes. From your desktop, double-click Application Explorer.
d. Browse to the Digital Airlines Applications > OpenOfce folder. e. Start the OpenOfce installation by selecting OpenOfce. Notice that OpenOfce is cached to the workstation before installation begins. The caching and installation can take several minutes. After OpenOfce is installed, an OpenOfce.org Registration dialog appears. f. Select Never register; then select OK. The OpenOfce application opens a document window. Notice that an OpenOfce icon has been added to the system tray. g. Close OpenOfce.
(End of Exercise)

Objective 4
Package Software with ZENworks Software Packaging

ZENworks Desktop Management includes the ZENworks Software Packaging component, which uses AdminStudio ZENworks Edition (created by InstallShield). With AdminStudio ZENworks Edition, you can use a structured, repeatable application preparation process that guarantees consistent, trouble-free software deployments, and
Create customized transform files (.mst) for existing MSI applications to easily distribute existing MSI applications in a way that is applicable to your environment. Migrate legacy software to the Windows Installer format and standardize desktop configurations to enforce corporate standards enterprise-wide. Seamlessly prepare and distribute reliable applications and software updates to every Windows workstation and server in the enterprise.
When combined with ZENworks package policies, you can use AdminStudio to reduce costs and increase productivity. To successfully package software with ZENworks Software Packaging, you need to know the following:

AdminStudio ZENworks Edition System Requirements AdminStudio ZENworks Edition Components What Windows Installer Is How to Install AdminStudio ZENworks Edition

AdminStudio ZENworks Edition System Requirements

To use AdminStudio ZENworks Edition, your system must meet the following requirements: Table 8-1
Component CPU Memory Hard Disk Space Display Operating System Requirement 500 MHz Pentium III-class CPU (minimum) 256 MB (minimum), 512 MB recommended 1.1 GB 1024 x 768 or higher resolution You must use one of the following:

Windows NT 4.0 with Service Pack 6 Windows 98 Windows 2000 Windows Me Windows XP Windows Server 2003
Web Browser
Internet Explorer 5.01 or later (5.5 or later recommended) Administrator permissions to the system
Permissions
AdminStudio ZENworks Edition Components

The ZENworks edition of AdminStudio includes the following components:
Repackager. This component does the following:

8-26
Converts proprietary and legacy application installations to Windows Installer packages using snapshot or monitor methods Consolidates multiple installations to a single package
Version 1
Includes or excludes components or replaces with merge modules Determines setup intent via SmartScan Reports on packaging status and errors Customizes package using creation and editing of transforms Adds custom les or property values. Ensures quality using Microsoft internal consistency evaluator (ICE) rules Allows for automating creation of ZENworks application object Populates application object with package path and version values
Tuner. This component does the following:
Distribution Wizard. This component does the following:
MacroVision also sells an upgraded version of AdminStudio called Professional Edition. This version includes additional components such as DevStudio, ConictSolver, QualityMonitor, OS Snapshot Wizard, and Application Isolation Wizard. For more information, visit the InstallShield home page at http://www.installshield.com/products/adminstudio/zenworks/.
What Windows Installer Is

AdminStudio functionality is based on the features of the Windows Installer. Windows Installer is a Microsoft application installation service introduced in Windows Me and Windows 2000.

Version 1
Prior to Windows Installer, Windows applications were installed in a variety of means using a variety of installation programs.
8-27
Most application installation routines were designed for single-user deployment. They assumed the application would be installed on one PC at a time with a user who would interactively install the application. Basically, these routines used proprietary formats that werent designed for mass deployments. Windows Installer, on the other hand, provides a standardized packaging format that is customizable and capable of large-scale deployments. Windows Installer even employs quality-control functions that allow an application to self-heal. Windows Installer lets you install components at the product level and at the feature level. Installations can be performed from within a running program without requiring the user to exit the program, run a separate installation executable, or reboot the system after installation. Windows Installer uses a standardized, structured installation le with an .msi extension. These .msi les are composed of the following components:
Summary. The summary component functions as the header of the package file. It contains various information such as the software vendor who created the package, the package version number, and the date the package was created. Installation Instructions. This component is actually a small database. It contains several tables that list files to be copied, registry entries to be made, and shortcuts to be created when the package is installed. It also lists rules regarding conditions and dependencies that must be met before the package can be installed.

8-28
Application Data. This component consists of the actual files that comprise the application itself. They are usually stored in a compressed state.
Version 1
Transforms (optional). Transforms are an optional, but very useful, component. Transforms work in conjunction with the installation instructions mentioned above to customize the package installation based on conditions encountered. Using transforms, you can create customized deployments of the same package based on criteria such as computer type, workgroup, location, and division.
Transforms can be stored outside of the .msi le. Transform les have an .mst extension.
The key value of AdminStudio is its ability to convert existing legacy installation routines into .msi packages and to tune these packages for optimal performance. It also allows you to automatically create ZENworks application objects from .msi packages. However, before you can do this you need to install AdminStudio ZENworks Edition.
How to Install AdminStudio ZENworks Edition

AdminStudio ZENworks Edition should be installed on an administrative workstation. Packages should be created over the network from a clean deployment workstation. To install AdminStudio ZENworks Edition, do the following:
1.
Insert the Software Packaging CD into the CD drive of the workstation you have designated as your administrative workstation.

2.
Select Software Packaging.

3. 4. 5.
Select AdminStudio ZENworks Edition. In the Welcome screen, select Next. In the License Agreement screen, select I Accept the Terms in the License Agreement; then select Next. In the Customer Information screen, fill out the requested information; then select Next. In the Destination Folder screen, select Next.
6.
7.

8. 9.
In the Shared Location screen, select Next. In the Ready to Install the Program screen, select Install. Wait while the product is installed. This may take up to 15 minutes.
10. When the installation is complete, select Finish. 11. After the installation is complete, select Start > All Programs >
InstallShield > AdminStudio 6.

The AdminStudio ZENworks Edition window appears with a Product Registration dialog: Figure 8-7
12. Select Click Here to Register and Obtain a Serial Number. 13. Follow the prompts to obtain a serial number. 14. Enter the serial number you are given in the Serial Number field;
then select OK. With AdminStudio installed, youre ready to repackage legacy applications, tune MSI packages, and create ZENworks Application objects from MSI packages. These topics are covered in the next set of objectives.

Objective 5
Repackage Applications with the AdminStudio Repackaging Wizard

To ease distribution and management of user applications, AdminStudio provides you with the ability to repackage application installation programs into standardized MSI packages that can be easily deployed using ZENworks application objects. This objective covers the following:

How the Repackaging Wizard Works Suggestions for Successful Repackaging Repackaging a Legacy Application Setup
How the Repackaging Wizard Works

Repackaging functionality is provided by the AdminStudio Repackaging Wizard. This component captures copied data and system changes made during the installation process and puts them in a project le. This is similar to the AOT or AXT le that is generated by the ZENworks snAppShot tool. From AdminStudio, you can then edit the project le to customize how the application installation occurs. You can include or exclude specic les, INI les, Start menu shortcuts, and Registry settings. You can also add les to be included in the installation. After editing the project le, you can use the le to create a Windows Installer package and import it as an Application object in your eDirectory tree. However, before starting this process, you should consider several recommendations for repackaging.

8-34
Version 1
Suggestions for Successful Repackaging

Before repackaging applications, you should consider the following recommendations:
Use a pristine system for repackaging. Novell recommends that you run AdminStudio on a Windows system separate from the system where the repackaged application is to be installed. The pristine system should have absolutely no other applications installed. It should only have the operating system with the latest Service Packs installed.
Exit all applications. Make absolutely sure there are no other applications running on the system where the application to be repackaged is being run. A running application could potentially lock system files, interfering with the repackaging process. Dont try to repackage MSI applications. You shouldnt try to run the Repackaging Wizard against an existing MSI application. It probably wont work, but even if it does, most vendors wont support it. In addition, its very likely that future patches or upgrades wont work. Instead, you should use the Tuning Wizard in AdminStudio to create a transform.
With these recommendations in mind, you are ready to learn how repackaging works.
Repackaging a Legacy Application Setup

Repackaging a legacy installation involves installing the application on a clean system and logging the changes that occur as a result. These changes are captured to a project le which you can then edit and tune to create your own Windows Installer package.

The repackaging process is done in AdminStudio using the Repackaging Wizard. To repackage a legacy installation, do the following:
1.
Install InstallShield AdminStudio on an administrative workstation, as discussed earlier. Prepare a pristine system to install the application on. On your pristine system, map a network drive to the network copy of AdminStudio. Verify that no applications are running on the pristine system (close all open windows). Capture the legacy installer settings: a. On the administrative system, use Windows Explorer to browse to the shared directory using the drive you mapped previously. Run Islc.exe from the shared directory.
2. 3.
4.
5.
b.

c.
Select InstallShield Repackaging Wizard.
d. In the Welcome screen, select Next.

e.
In the Method Selection screen, select a repackaging method. The following methods are available:
Installation Monitoring. The Installation Monitoring method monitors activities on the pristine system during the installation process. Changes that occur to the system are logged and saved to a project file. This file can then be used to create a Windows Installer package.

8-38
This method is the fastest option, but it only works on Windows NT 4, 2000, and XP workstations.
Version 1
Snapshot. The Snapshot method takes a snapshot of the system before installing the application and then takes a second snapshot when the installation is complete. The resulting file must be converted into an MSI package using the Conversion Wizard. This option works on Windows 9x, NT 4, 2000, and XP workstations.
It is important that you have a clean system when using the Snapshot method. A clean system is not as important when using the Installation Monitoring method. f. When you nish, select Next. The following appears: Figure 8-10

g. In the Collect Product Information screen, enter the following information:
Program File. Enter the path and filename of the setup executable file. Command-Line Arguments (optional). Enter any command-line arguments needed with the setup executable. Edit Setup List (optional). Use this option to add additional setup executables to the package. Product Name. Enter the name you want to use for the Windows Installer package created by the repackager. Version (optional). Enter the version number of the product. Product URL (optional). Enter a URL for product information. Support URL (optional). Enter a URL for product support. Company Name (optional). Enter the name of the software vendor.
h. Select Next.

i.
In the Set Target Project Information and Capture Settings screen, enter the path where you want your captured settings saved in the Project Path to Store Files eld. Select Start.
j.
k. Follow the prompts to install your application.

When the installation is complete, the following appears: Figure 8-12
l.
Select Process.
m. In the Summary screen, select Finish.

The InstallShield Repackager screen appears: Figure 8-13
n. Browse the various captured settings using the categories in the left frame. o. (Conditional) If you want to edit the project to exclude les, registry settings, INI les, or shortcuts, right-click the item and select Exclude.
6.
Check for dependencies: a. b. c. Select Project > Setup Intent Wizard. In the Welcome screen, select Next. Wait while dependencies are scanned. In the Results screen, review the dependencies identied, if any; then select Finish.
7.
Build the MSI package by selecting Build > Build. Wait while the conversion takes place.

Version 1
8-43
8.
When the conversion is complete, select the link displayed to view the log file. Review the log file for errors; then close Notepad.
9.
10. Close the Repackager window. 11. Open Windows Explorer and browse to the directory where you
captured your installation (C:\Packages, by default).

12. Verify that your MSI package was created. 13. Copy the captured data to the workstation where AdminStudio is
installed. This MSI can now be used as the basis for a ZENworks application object. The process of creating an MSI application object is covered in Distribute MSI Based Applications with ZENworks on 8-52.

Exercise 8-4
Repackage and Distribute WinZip 9.0

In this exercise, you use the InstallShield Repackager to re-package and congure WinZip 9.0, an application that uses a legacy installer. You then distribute the re-packaged WinZip application using ZENworks Desktop Management. In this exercise, you use the following Host computers and VMware virtual machines:
Figure 8-14
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Capture the WinZip Installation Information Part II: Configure the WinZip Application

Part I: Capture the WinZip Installation Information
In this part of the exercise, you capture the WinZip installation information using InstallShield Repackager. Do the following:
1. 2.
Make sure the DA-SPM workstation is running. From the DA-SPM desktop, select Start > All Programs > InstallShield > Repackager. A Welcome to InstallShield Repackager dialog appears.
3.
Under the Open an existing project heading, select the InstallShield Repackaging Wizard link. The Welcome page for the InstallShield Repackaging Wizard dialog appears.
4.
Continue by selecting Next. The Method Selection page appears.
5.
Select Installation Monitoring; then select Next. A Collect Product Information page appears.
6.
Enter the following information:

Program File: C:\Software\Winzip\winzip90.exe Product Name: Winzip Version: 9 Product URL: http://www.winzip.com Support URL: http://www.winzip.org Company Name: Winzip
7.
When you finish, continue by selecting Next. A Set Target Project Information and Capture Settings page appears.

8-46
Version 1
8.
In the Project path to store files field, enter C:\Packages\Winzip. Select Start.
9.
10. When prompted to create a new folder, select Yes. 11. From the WinZip 9.0 SR-1 Setup dialog, select Setup. 12. From the WinZip Setup dialog, select OK. 13. From the Thank you for installing WinZip dialog, select Next. 14. From the License Agreement dialog, select Yes. 15. From the WinZip Quick Start dialog, select Next. 16. From the Choose Classic or Wizard dialog, select Start with
WinZip Classic; then select Next.

17. Select Express setup (recommended); then select Next. 18. From the WinZip needs to associate itself with your archives
dialog, select Next.

19. From the Thank you for installing this evaluation version dialog,
select Finish.
20. Close the Winzip window.
You are returned to the InstallShield Repackaging Wizard dialog.

21. Select Process.
A Summary page appears.

22. Select Finish.
The Winzip.irp - InstallShield Repackager dialog appears.

Part II: Congure the WinZip Application
Do the following:
1.
Browse through the information that was captured using the links in the right frame. When you finish, from the menu bar select Project > Setup Intent Wizard. A Welcome page for the Setup Intent Wizard dialog appears.
2.
3.
Select Next. A Results page appears.
4. 5.
Select Finish. From the menu bar, select Build > Build. Wait while the conversion takes place. A log of information is displayed in the bottom pane of the window.
6.
When the conversion is complete appears in the bottom pane, select the C:\Packages\Winzip\Build Log.txt link to view the log file in Notepad. Review the log file for errors; then close Notepad. Close the Repackager window. When prompted to save the changes, select Yes.
7. 8. 9.
10. Open Windows Explorer and browse to C:\Packages\winzip. 11. Verify that the Winzip.msi package is listed. 12. Copy the Winzip folder from C:\Packages to
\\Da-zen\Data\Apps. Now that you have an MSI le, in the next exercise you create an MSI Application that can be distributed to your users.
VIEW ONLY (End of Exercise) NO PRINTING ALLOWED

Objective 6
Customize Application Installation with AdminStudio Tuner

For applications that are already using the Microsoft Installer as their native installation method you can use the ZENworks Software Packaging component to customize how the product is installed. To do this you use the AdminStudio Tuner component to create a Transform le that can be reference in the application object. To create an Microsoft Installer Transform do the following:
1.
Launch the AdminStudio Tuner application from the share you installed AdminStudio to. The following appears:
Figure 8-15
2.
From the left pane, select the Create a new transform link. Enter the name of the MSI package that you want to customize.

Version 1
8-49
4.
Enter any existing transforms that are being applied. For instance when you customize the Adobe Acrobat Reader 6.02 the MSI is actually the 6.0.1 MSI, with a 6.0.2 MST.
5.
Select one of the following methods for customizing the MSI:
Response method. This method performs a simulated installation of the MSI. However, instead of actually installing the product, it simply records the responses you enter and saves them to an MST. Advanced method. This method lets you change any of the settings that are in the MSI. This includes a direct table editor that can be used to effect changes on the MSI database.
6.
Select Create. If you selected the Response method then the installation will be simulated.

When the installation completes, or if you selected the Advanced method, the following appears: Figure 8-16
7. 8.
Make the customizations you want. From the Project menu, verify that the Transform is valid by running Transform Validation. Save the Transform.
9.
10. Exit Tuner.
You now have an MST that can be specied in the ZENworks application object to customize how the MSI is installed.

Objective 7
Distribute MSI Based Applications with ZENworks

Most newer Windows applications use an MSI le to install the application. Although the application can also include a setup le, the MSI le sets up the Windows environment to make sure the Microsoft installer is available and then calls the Windows installer to perform the installation. While MSI les specify the default installation conguration for a particular application, a transform le (MST le) modies the default installation conguration to reect any customized options you specify. An MST le is similar to the unattend.txt le used by the Novell Client installation. The MST le uses the installation logic specied in the MSI le to modify the default conguration and species how the application is installed. You can use the Microsoft Resource kit or a third-party tool, such as InstallShield AdminStudio, included with ZENworks, to create a transform le (MST le). You can create an MST le to allow the installation of selected components of an application. As a result, the user is not required to select the components for installation. The steps to create an MST le vary for different applications. This is because the components to be installed are not the same in each application. ZENworks can distribute MSI applications. Unlike snAppShot applications, the conguration is not stored in eDirectory.

MSI-congured application objects have an advantage over snAppShot-congured application objects. Because the Microsoft Installer component is used to perform the installation, the logic of the installation is retained. If the application is a native MSI application, you normally need only one application object for all platforms and hardware types in your environment. To create a ZENworks application object to distribute MSI based packages do the following:
1.
Create an application object using an MSI file: a. b. c. From ConsoleOne, right-click your container; then select New > Application. Select An application that has an MSI le; then select Next. In the Path to MSI File eld, browse to the location of your MSI; then select your MSI. You should use a UNC path. d. Select Next. e. f. Enter an object name for the object. Verify the application package path information; then select Next.
g. Select Next. h. Specify the users and workstations for the distributed application: a. b. In the Add User and Workstation associations eld, select Add. Browse to and select the object you want to associate the application with; then select OK. Users within this container Workstations within this container
For containers, you must select one of the following:

Version 1
8-53
Users and workstations within this container
i. j.
When you nish, select OK. Enable the icon to show up in Application Launcher and on the Desktop; then select Next.
k. Select Display details after creation; then select Finish.

2. 3.
Configure MSI specific options, if any, by selecting MSI. Specify the transforms that should be applied during installation, the patches that should be applied, and the verification behavior for self-healing. Give users the necessary rights to launch the application: a. b. Select Common > File Rights; then select Add. Browse to and select the folder where the application les are stored.
4.
5.
Select OK.

Exercise 8-5
Create an MSI Application to Distribute WinZip

In this exercise, you create an MSI application to distribute the WinZip package to the Windows XP workstations at Digital Airlines. You use the following Host computers and VMware virtual machines:
Figure 8-17
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Create the MSI Application Part II: Verify That the WinZip Application is Available

Part I: Create the MSI Application
Do the following:
1.
From your Host2 computer in ConsoleOne, right-click Apps.slc.da. Select New > Application. Select An application that has an .MSI file; then select Next. In the Path to .MSI File field, browse to and highlight \\DA-ZEN\DATA\Apps\Winzip\Winzip.msi; then select Open. Select Next. In the Object Name field, enter WinZip; then select Next. From the Add rules to control availability of this application page, select Next. From the Add user and workstation association page, select Next. Select the Display details after creation check box; then select Finish. Linked Folder.
2. 3. 4.
5. 6. 7.
8.
9.
10. Select the Identification > Folders tab page; then select Add > 11. Browse to and select Linked Folders.Apps.slc.da; then select
OK.
12. Select Utilities; then select OK. 13. Select the Run Options > Application tab page. 14. Select Path to file; then in the field below the option, enter the
following: %*PROGRAMFILES%/winzip/winzip32.exe

8-56
15. Select the Common > File Rights tab page; then select Add.
Version 1
16. Browse to and select DA-ZEN_DATA\Apps\WinZip; then
select OK.
17. Select the Read and File Scan rights check boxes. 18. Select Apply. 19. Select the Associations tab. 20. Select Add; then browse to and select Users.slc.da. 21. Select OK. 22. Select Users within this container; then select OK. 23. Select the App Launcher check box; then select OK.
Part II: Verify That the WinZip Application is Available
Do the following:
1.
Verify that the WinZip application is available for local access: a. b. c. From the WS1 workstation using the Novell Client, log off and then log in as CKent with a password of novell. When prompted if you are using a slower connection, select No. From the desktop, double-click Application Explorer.
d. Browse to the Digital Airlines Applications > Utilities folder. e. Start the WinZip installation by selecting WinZip. Wait for WinZip to be installed. After WinZip is installed, an evaluation copy dialog appears. f. Select Use Evaluation Version. The WinZip classic view window appears.

Version 1
g. Close the WinZip window.
8-57
2.
Verify that the WinZip application is available for a slower connection: a. b. c. From the WS2 workstation without the Novell Client, log off and then log in as BWayne with a password of novell. When prompted if you are using a slower connection, select Yes. From the desktop, double-click Application Explorer.
d. Browse to the Digital Airlines Applications > Utilities folder. e. Start the WinZip installation by selecting WinZip. Notice that WinZip is cached to the workstation before it is installed. After WinZip is installed, an evaluation copy dialog appears. f. Select Use Evaluation Version. The WinZip classic view window appears. g. Close the WinZip window.
3.
Revert the DA-SPM workstation: a. b. c. From VMware Workstation on the Host1 computer, make sure that the DA-SPM virtual machine tab is selected. From the VMware Workstation menu bar, select VM > Snapshot > Revert to Snapshot. A dialog appears indicating that by restoring the snapshot, the current state will be lost. The DA-SPM virtual machine is powered off.
d. Continue by selecting Yes.
(End of Exercise)

Objective 8
Convert AOT/AXT Packages to MSI Packages Using AdminStudio

In addition to repackaging existing application installations, AdminStudio can also convert existing ZENworks .AXT or .AOT les to MSI applications. You do this by converting the les to a Repackager project and then converting the project into an MSI package. However, you need to be aware that AdminStudio only supports .AXT or .AOT les created with ZENworks 3.x or earlier. Files created with later versions of ZENworks are not supported. You must also have the ZENworks Desktop Management Agent installed on the workstation running AdminStudio to import both .AXT and .AOT le formats. If you dont have the Agent installed, you will only be able to import .AXT les. To convert a ZENworks application template le to an MSI application, complete the following:
1.
Start AdminStudio on your workstation.

2.
Double-click Repackager.

3.
The following appears:
Figure 8-19
4. 5.
Select Convert a Legacy Project. Browse to and select the .AOT or .AXT template le you want to convert.
The template le is then imported into Repackager. All application les, INI les, registry entries, and shortcuts are converted to a Repackager project. With the conversion complete, you can complete the tasks and processes presented in this section to create an MSI package and convert it to an Application object in your eDirectory tree.

Objective 9
Decide Which Type of Distribution to Use

Now that you have been introduced to the various methods for distributing software, you might be wondering which method you should use. The following are best practice guidelines for deciding how to distribute an application:
If there is a native MSI installer use that installer as the basis for your application object. If there is not an MSI installer, but there is a scripted installation utility, and you do not need self-healing or additional configuration, then use a simple application to launch the scripted install. If there is no native installer that meets your needs then you will need to re-package the application using either ZENworks snAppShot or AdminStudio Repackager. To decide, consider the following:
If you want to be able to change the application properties such as les, INI settings, and registry keys from ConsoleOne, use snAppShot. If you want to be able to deploy the application using ZENworks and other software delivery tools, use Repackager. If you want to ensure the best possible chance of installing on as many machines as possible, user Repackager. This is because repackager has the dependency scan feature that snAppShot does not. If you are repackaging on a machine with a large registry, use Repackager as snAppShot sometimes has problems with large registries.

8-62
If you need to distribute registry keys and files, and you know what they are, you can use a Simple application and manually build the Distribution Options tab.
Version 1
Use InstallShield Repackager for complex applications because

It provides dependency checking Requires less clean-up Output can be distributed manually or through ZENworks This is where the industry as a whole is going on Windows

Summary
The following is a summary of the objectives in this section.
Objective
1. Distribute a
Scripted Installation
What You Learned Not all applications have the ability to perform an unattended installation. However, you still want to be able to distribute those applications with ZENworks. To distribute this type of application, you need to use a scripted installation without an AXT, AOT, or MSI le. In this case, you use a simple application object that runs a scripted installation. This type of application installation is like a Windows shortcut, but is stored in eDirectory.
2. Re-package
Applications With ZENworks snAppShot
If there is no scripted installation for the software you want to distribute, the scripted installation doesnt give you the conguration options you need, or you need the application to be self-healing, then you might need to re-package the application. There are two ways of re-packaging applications. In this objective, you learned how to re-package the application as AOT/AXT les using the ZENworks snAppShot tool. snAppShot identies the les and conguration settings by taking a picture of the workstation before and after the installation of an application. SnAppShot then compares the pictures to determine the changes. Only changes to the workstation are captured by snAppShot, not the logic of the original installation.

8-64
Version 1
Objective
3. Distribute an
AOT/AXT Application with ZENworks
What You Learned After you have created an AOT or AXT le using the snAppShot utility, you can create an application object in the tree that uses the conguration information stored in the AOT or AXT le. This information populates the Distribution Options tab of the application so that when users launch the application, the conguration information is distributed to the workstation.
4. Package Software
with ZENworks Software Packaging
ZENworks Desktop Management includes the ZENworks Software Packaging component, which uses AdminStudio ZENworks Edition (created by InstallShield). With AdminStudio ZENworks Edition, you can use a structured, repeatable application preparation process that guarantees consistent, trouble-free software deployments. To successfully use ZENworks Software Packaging, you need to know the following:

AdminStudio system requirements AdminStudio ZENworks Edition components What Windows installer is How to install AdminStudio ZENworks Edition
5. Repackage
Applications with the AdminStudio Repackaging Wizard
To ease distribution and management of user applications, AdminStudio provides you with the ability to repackage application installation programs into standardized MSI packages that can be easily deployed using ZENworks application objects. In this objective, you learned the following:
How the Repackaging Wizard works Suggestions for successful repackaging Repackaging a legacy application setup

Version 1
8-65
Objective
6. Customize
Application Installation with AdminStudio Tuner
What You Learned For applications that are already using the Microsoft Installer as their native installation method you can use the ZENworks Software Packaging component to customize how the product is installed. To do this you use the AdminStudio Tuner component to create a Transform le that can be referenced in the application object.
7. Distribute MSI
Based Applications with ZENworks
Most newer Windows applications use an MSI le to install the application. Although the application can also include a setup le, the MSI le sets up the Windows environment to make sure the Microsoft installer is available and then calls the Windows installer to perform the installation. While MSI les specify the default installation conguration for a particular application, a Transform le (MST le) modies the default installation conguration to reect any customized options you specify. You can create an MST le to allow the installation of selected components of an application. As a result, the user is not required to select the components for installation. ZENworks can distribute MSI applications. Unlike snAppShot applications, the conguration is not stored in eDirectory.

Objective
8. Convert AOT/AXT
Packages to MSI Packages Using AdminStudio
What You Learned In addition to repackaging existing application installations, AdminStudio can also convert existing ZENworks .AXT or .AOT les to MSI applications. You do this by converting the les to a Repackager project and then converting the project into an MSI package. However, you need to be aware that AdminStudio only supports .AXT or .AOT les created with ZENworks 3.x or earlier. Files created with later versions of ZENworks are not supported. You must also have the ZENworks Desktop Management Agent installed on the workstation running AdminStudio to import both .AXT and .AOT le formats. If you dont have the Agent installed, you will only be able to import .AXT les.

Objective
9. Decide Which Type
of Distribution to Use
What You Learned The following are best practice guidelines for deciding how to distribute an application:
If there is a native MSI installer use that installer as the basis for your application object. If there is not an MSI installer, but there is a scripted installation utility, and you do not need self-healing or additional conguration, use a simple application to launch the scripted install. If there is no native installer that meets your needs then you will need to re-package the application using either ZENworks snAppShot or AdminStudio Repackager. If you need to distribute registry keys and les, and you know what they are, you can use a Simple application and manually build the Distribution Options tab. Use InstallShield Repackager for complex applications.

SECTION 9
In this section, you learn how to perform application management tasks such as automating distribution and maintaining and distributing applications to disconnected workstations.
Objectives
1. 2. 3. 4. 5.
Identify Application Object Configuration Options Automate the Distribution of Applications Repair and Uninstall Applications Describe Terminal Server and Web Applications Distribute Applications to Disconnected Workstations

Introduction
In addition to being able to provide software distribution services, ZENworks provides complete application management capabilities. This is considerably different than most of the competition. ZENworks application management provides a robust set of features that you can use to manage the installation and launching of software. In the previous section, you learned how to create application objects that distribute software. In this section, you learn how to add features to those applications to improve the user experience. You also learn how to use other application management features to reduce downtime, increase productivity, and reduce costs.

Objective 1
Identify Application Object Conguration Options

Application objects let you use the power of eDirectory to congure custom installations and distributions. The Properties page of all application objects include many conguration options you can use to manage the application. You can congure application settings by accessing the following application object tabs:

Identification Distribution Options Run Options Associations Availability Common Fault Tolerance MSI
In addition to conguring application settings, you also need to understand the following:
GUID Management
Identication
You can use the Identication tab to congure how the application object appears to users. This page includes the following pages:

Package Information Icon Description

Version 1
9-3
Folders Contacts Administrator Notes
Package Information
The Package Information property page is available for MSI applications and provides information only: Figure 9-1

The following are the types of information options provided: Table 9-1
Option Administration Package Path Effect Shows the location of the MSI le being used by ConsoleOne to read the MSI. This is used to display the rest of the information on this page as well as the Public Property values on the MSI > Properties tab. You need to use UNC paths in this eld. Other Information Displays the following (as read from the MSI le):

Version. Displays the version of the MSI le Vendor. Displays the creator of the MSI le Locale. Displays localization information specied in the MSI le Help Link. Displays the web location to visit for information and help about the application Package Path. Shows the location of the MSI le being used by the application object

Icon
The Icon Property page determines the application objects icon that Application Launcher displays on a workstation: Figure 9-2
The following are the conguration options: Table 9-2

Option Application Icon Title Effect Use to specify the text you want as the title for the application objects icon wherever the icon appears. Use to choose the icon you want to use wherever the application objects icon appears. If you do not specify an icon, a default application object icon is used.
Application Icon

(continued)
Table 9-2
Option Disconnectable
Effect Use to make the application run on a workstation that is disconnected from eDirectory. For an application to run in disconnected mode, the application must be distributed to or cached on the workstation.
Wait on Force Run
Use to specify whether the icon appears before the application is run. This applies only if two or more applications are using the Force Run option on the Associations page. If you select this option, the icon wont appear until the force run is complete for the application.
Determine Force Run Order
Use to organize the icons in Application Launcher and specify the order in which application objects set as Force Run will run. Ordering is left to right or top to bottom depending on the way the user views icons in Application Launcher. You control ordering by specifying a numeric value in Order Icon Display. A value of zero gives the icon the highest priority. The maximum value is 999. If no order is specied, application objects are ordered alphabetically. If an application requires a reboot, the workstation reboots after the application is installed. Ordered and Force Run applications run in sequence without waiting for the last Force Run application to terminate. This does not happen when the Wait on Force Run option is enabled

(continued)
Table 9-2
Option Show Progress
Effect Use to display a progress bar to users when an application is distributed or removed from their workstations. Deselect this option if you are distributing only a small change, such as a Registry modication. Select this option if you are distributing or removing a large application and want to inform the user how long the process will take.
User Interface Level
This option only appears on this page if the application is an MSI based application object. You can use the option to determine the amount of user interface the Windows Installer shows during an MSI installation. During the distribution of an MSI application object, Application Launcher launches Windows Installer to install the application. As a result, Windows Installer uses the installation user interface established for the MSI package instead of showing the standard Application Launcher installation progress bar. The following settings apply:
Default. Displays a user interface level (as selected by Windows Installer) Silent. Displays no user interface Progress. Displays simple progress information and error messages/prompts Reduced. Displays a full user interface with wizard boxes suppressed Full. Displays a full user interface (such as wizard boxes, progress information, error messages, and prompts)

9-8
Application Launcher passes the selected setting to Windows Installer as a startup parameter.
Version 1
Description
You can use the Description Property page to enter text that provides users more complete information about an application object: Figure 9-3
If you enable the Prompt Before Distribution option (from the Distribution Options > Options tab), users see the text entered on this page when Application Launcher distributes the application to them. (The Options property page is covered later.) Users can also view an application objects properties to see the description. To display the properties from an Application Launcher view, right-click the application object and select Properties.

Folders
You can use the Folders Property page to specify the application folders where you want Application Launcher to place the application when distributing it to a workstation: Figure 9-4
You can add applications in 2 types of application folders:
Custom folder. A custom folder is a folder created specifically for the application object. No other application object can be included in the folder. Custom folders let you create customized folder structures. For example, you can create a custom folder named WINAPPS that users will use to access the Calculator and Notepad applications. You can create subfolders for both Calculator and Notepad within WINAPPS.

If you use custom folders, you must use the same folder names when dening the custom folder structure for each application object because any variation causes Application Launcher to create different custom folder structures.
Linked folder. A linked folder is an association with an existing Application Folder object. If the Application Folder object includes multiple folders, you can add the application to any folder in the structure.
An application folder object requires you to dene the folder structure once. Custom folders must be dened for each application object. If you use custom folders, you must use the same folder names when dening the custom folder structure for each application object because any variation causes Application Launcher to create different custom folder structures. The following are the conguration options available: Table 9-3
Option Folders Effect Use to view custom folders and linked folders (application folder objects) that the application is added to. If necessary, Application Launcher creates the listed folders when distributing the application to the workstation. Add Use to add a custom folder or a linked folder to the Folders list. Use to remove a folder from the list.
Delete

(continued)
Table 9-3
Option Modify Selected Folder
Effect Use to modify name and structure information for the folder that is selected in the Folders list. You can modify information for custom folders and linked folders. However, after you modify a linked folders information, it is converted to a custom folder.
Add Folder
Use to add a subfolder to the folder. When Application Launcher refreshes, users see the application in the subfolder instead of the folder. Use to delete the folder. Use to change the name of the folder. To add the application to a subfolder, enter existing_folder_name\new_subfolder_name.
Delete Folder Modify Folder
Use the Selected Folder in the Following Locations
Use to display folders on the Start menu and in the Application Launcher views (if these locations are enabled on the application objects Associations page). If you dont select either location, Application Launcher displays the application object on the Start menu and in the Application Launcher views window. However, the object will not appear in folders you dene.

Contacts
You can use the Contacts Property page to see the names, email addresses, and phone numbers of the applications support staff: Figure 9-5
You can tailor the information to direct users to the support staff at their locations. If you enter the support contacts email address, users can send an email message directly from the Help Contacts page of the Properties box. Users must have the eDirectory rights required to read the E-Mail Address and Telephone (Telephone Number) attributes of the users dened as contacts.

Administrator Notes
You can use the Administrator Notes Property page to record notes for yourself or other administrators: Figure 9-6
For example, you could write a reminder about special settings for an application. Or, you could write a history of upgrades and le changes if there were several administrators.
Distribution Options
You can use the Distribution Options tab to access the following pages that help congure how an application object is distributed to users:
Icons/Shortcuts Registry

9-14
Version 1
Application Files INI Settings Text Files Distribution Scripts Pre-Install Schedule Pre-Distribution Process Termination Options
The Icons/Shortcuts, Application Files, and Text Files pages are not available on application objects created using an MST le. If you need to modify this type of information, you need to use AdminStudio Tuner to create an MST.
Icons/Shortcuts
The Icons/Shortcuts property page is available only on Application objects created for simple applications and AOT/AXT applications. It is not available on Application objects created for MSI applications, Web applications, and terminal server applications. You can use the Icons/Shortcuts property page to specify the icons and shortcuts that Application Launcher creates when distributing the application to the workstation. The icons and shortcuts you add with this page are created as Windows shortcuts on the workstation when the application is rst launched.

If the user launches the application from the Windows shortcut instead of the Application Launcher icon, none of the application management capabilities are available at launch time: Figure 9-7
The following options are available on the Icons and Shortcuts page: Table 9-4
Option File Effect Use to search for icon and shortcut denitions and to import icons and shortcuts from another application object. Use to add a program group, a program group item, or a shortcut. Use to change the information associated with an icon or a shortcut.
Add
Modify

(continued)
Table 9-4
Option Delete
Effect Use to delete an icon or a shortcut from the Icons and Shortcuts list. This option causes the icon to be distributed for each user that runs the application, regardless of whether the application has already been installed to the machine. Use to create or delete the icons and shortcuts each time the application is launched.
Track Distribution Per User
Distribute Always
Registry
The Registry Property page determines the Registry settings that Application Launcher creates or deletes when distributing the application to a workstation: Figure 9-8

The following options are available on this page: Table 9-5

Option Registry Settings Effect Use to view all settings dened for the Registry. When the application is distributed to a workstation, Application Launcher modies the workstations Registry according to the settings in this tree. If you used an AOT or AXT le when creating the application object, the tree includes all Registry settings dened in those templates. File Use to search for specic keys, value names, or value data in the Registry. You can also import Registry settings from another application objects AOT or AXT le or from a Registry (REG) le. In addition, you can export Registry settings to a REG le. Add Use to add Registry settings to the Registry Settings tree. Only settings displayed in the Registry Settings tree are created or deleted when the application is distributed. You can add the following:

Key Binary Expand String Default DWORD Multi-String Value String

(continued)
Table 9-5
Option Add (continued)
Effect After adding the key or value to the Registry Settings tree, you can use the Distribution Options list to determine whether the key or value is created in the workstations Registry or deleted from the Registry.
You can use a macro for a key name, a value name, or value data.
Modify Delete
Use to modify keys and values. Use to delete keys and values. When you delete a key, everything subordinate to the key is also deleted. Use to specify whether the Registry setting will be created, deleted, appended or prepended during distribution. This option causes the registry setting to be distributed for each user that runs the application, regardless of whether the application has already been installed to the machine. Use to create or delete a Registry setting each time the application is launched.
Item Will
Track Distribution Per User
Distribute Always

Application Files
You can use the Application Files Property page to specify the application les that Application Launcher installs or removes when distributing the application to a workstation: Figure 9-9


Option Application Files Effect Use to view all les and directories that will be installed or removed during distribution. The name, target directory (the location on the workstation where the le will be installed), and source (the le or directory being used to install the le) are listed for each application le or directory. If you used an AOT or AXT le when creating the application object, the list includes all les and directories dened in those templates. File Use to search for text in the Name, Target Directory, or Source elds.
You can also import application les and directories from another application objects AOT or AXT le.
Add
Use to add les or directories to the Application Files list. Only les and directories displayed in the Application Files list are installed or removed from the workstation during distribution. You can add the following:
File Lets you specify specic les that should be distributed.
Directory Lets you specify that a directory should be created. ZENworks 6.5 Service Pack 1 and later also lets you specify that a directory and subdirectories should be copied.
VIEW ONLY Modify NO PRINTING ALLOWED

Version 1
Use to modify les and folders.
9-21
(continued)
Table 9-6
Option Delete Item Will
Effect
Use to delete les and folders.
Use to determine the behavior of the distributed le. You have the following options:
Copy Always. Copies the le, regardless of whether the le exists on the workstation. Copy if Exists. Copies the le only if the le exists on the workstation. Copy if Does Not Exist. Copies the le only if the le does not exist on the workstation. Copy if Newer. Copies the le only if its date and time are newer than the existing les date and time or if the le does not exist on the workstation. Copy if Newer and Exists. Copies the le only if it exists on the workstation and has an older date or time. Copy if Newer Version. Copies the le only if its internal version is newer than the existing les version (version information must be present). This is useful if you want to update the version of an EXE or a DLL le based on the compiled version information.
Request Conrmation. Prompts the user to verify that the le must be copied. Copy if Different. Copies the le if its date, time, or size is different than the existing les. Delete. Deletes the le from the workstation.
Shared File
Use to mark a le as a shared le. Shared les are usually Windows DLL les.
snAppShot detects shared les when it discovers application installation changes on a workstation.

(continued)
Table 9-6
Option Track Distribution Per User
Effect
This option causes the le or directory to be distributed for each user that runs the application, regardless of whether the application has already been installed to the machine. Use to create or delete les each time the application is distributed.
Distribute Always
INI Settings
You can use the INI Settings Property page to determine the INI settings that Application Launcher creates or deletes when distributing an application to a workstation: Figure 9-10

Version 1
The INI Settings tree displays the INI les dened for the application and all sections and values that are added to each INI le.
9-23
When the application is distributed to a workstation, the INI les are created, if necessary. In addition, existing INI les are modied according to requirements. If you used an AOT, AXT, or MSI le when creating the application object, the tree includes all INI settings dened in those templates.
Text Files
You can use the Text Files Property page to determine modications that Application Launcher makes to les (such as cong.sys and autoexec.bat) when distributing an application to a workstation: Figure 9-11

9-24
On this page, the Text Files eld shows all text les that will be modied or added when the application is distributed. Each modication to a le appears subordinate to the le.
Version 1
Distribution Scripts
You can use the Distribution Scripts Property page to dene the script engine you want Application Launcher to use and the scripts to be executed as part of distributing an application: Figure 9-12
On Windows NT/2000/XP, distribution scripts are run in the secure system space, which means users do not see script commands or command results. If you include commands that require or initiate user interaction, the script is halted at that point. And because the script is run in the scope of the SYSTEM user, any commands in the script must be locally available (able to run locally).

This page provides the following options: Table 9-7

Option Run Before Distribution Run After Distribution Script Engine Location Effect Use to enter script commands you want executed before the application is distributed. Use to enter script commands you want executed after the application is distributed. Use to determine the script engine required to process the commands and scripting language you need to use. If you do not dene a script engine in the Script Engine Location eld, Application Launcher uses the Novell Client as the script engine (if the workstation has the Novell Client installed). This means that you can use most Novell Client login script commands for the script. Script File Extension Use to specify the script that the script engine runs. When the application is distributed, Application Launcher creates temporary script les for the Run Before Distribution scripts and Run After Distribution scripts. These les are passed to the script engine, which then executes the script. You need to specify the le extension that the script engine requires for its script les.
Pre-Install Schedule
You can use the Pre-Install Schedule Property page to enable Application Launcher to install the application to a workstation before the user launches the application object the rst time.

Because you can specify when the installation takes place, this enables an off-line or lights-out distribution of the application. This means that the user doesnt have to wait while installing the application. For example, you can pre-install the application after business hours so the application is ready for the user the next day.
For more information on pre-installation, see Lights-Out Distribution (Pre-Install) on 9-94.
Pre-Distribution Process Termination
The Pre-Distribution Process Termination Property page determines the executables and services that Application Launcher terminates before distributing the application to a workstation: Figure 9-13


Option Add Effect Use to add processes to the list. Only processes displayed in the list are terminated before the application is distributed. Use to modify a process or service name and type. Use to select the process you want to delete from the list. Use to move the process up or down in the list.
Modify Delete
Up-Arrow and Down-Arrow

Options
You can use the Options Property page to specify general options to be used by Application Launcher when distributing the application to a workstation: Figure 9-14

Option Version Number Effect Use to specify the version number. The version number is a unique number between 0 and 65535 that you can increment as you make revisions to the application object. If you increment the version number, the application is distributed the next time the user launches the application object.

(continued)
Table 9-9
Option GUID
Effect The global unique identier (GUID) is generated using the version number and is changed each time you change the version number. When Application Launcher distributes an application to a workstation, it adds the GUID to the Registrys HKEY_LOCAL_MACHINE key for tracking purposes. For more information on the GUID and how to manage the GUID see GUID Management on 9-90.
Distribute Always
Use to force a distribution of the entire application object each time the user runs the application or when the application is set for a force run on the workstation. This is useful to make sure that all application settings are updated each time the application runs. If you need only specic application object settings to be distributed each time, you can update settings, when required.
Prompt Before Distribution
Use to prompt users to have the application distributed to their workstations. Users are prompted the rst time they select the application icon; they are not prompted after that.
To help users make a decision about installing the application, the prompt includes the text youve entered on the Description properties page.

(continued)
Table 9-9
Option Reboot
Effect Use to determine how a workstation reboot occurs. Available options include the following:
If Needed. Application Launcher reboots the workstation if changes need to be made that cannot occur while Windows is running, such as replacing open DLLs. Always. Application Launcher always reboots the workstation after distributing the application. Never. Application Launcher does not reboot the workstation. The changes take effect the next time the workstation reboots.
Prompt for Reboot
Use to determine whether the user is prompted to reboot the workstation.
Run Options
You can use this tab to help you congure how the application object runs on the workstation. The tab includes the following pages:

Application Environment Launch Scripts Environment Variables Licensing/Metering Application Dependencies

Application
You can use the Application Property page to specify general options to be used by Application Launcher when running the application on a workstation: Figure 9-15

The following are the options available on this page: Table 9-10
Option Effect
Install Only (No Use if the application object does not include an Executable Needed) application executable that Application Launcher should run after distributing the object. For example, you might want to use this option if the application objects only purpose is to update les on the workstation, such as a driver or font. You can also use this option if you want to modify workstation settings, such as the Registry. Path to File Use to specify or browse to the path to the executable that Application Launcher will run after the application is distributed. You can also use macros in this eld. Parameters Use to specify any command line parameters that need to be passed to the executable specied in the Path to File eld. You can also use macros in this eld. Working Directory Use to specify the working directory of the executable you specied in the Path to Executable File eld. You can also use macros in this eld.

(continued)
Table 9-10
Option Run Application Once
Effect Use if you want Application Launcher to run the application one time per user and then remove the application objects icon from the workstation. When the application objects version number changes, the application object icon appears so the new version can be distributed. This is useful when an application objects only purpose is to install software (such as a support pack) on a workstation.
Force Run As User If Application Is Workstation Associated
Use if you want to delay the force running of a workstation-associated application until Application Launcher launches. If a workstation-associated application is marked as Force Run, Workstation Helper launches the application as soon as the workstation is started and before the user logs in to Windows. This means that only workstation-associated applications will force run until the Application Launcher user interface is loaded. In this case, Workstation Helper performs any distribution tasks it can (such as installing les, updating les, and updating the HKEY_LOCAL_MACHINE key of the Windows Registry). Then, when a user starts Application Launcher, Application Launcher completes the remaining distribution tasks, such as updating the HKEY_CURRENT_USER key of the Windows Registry, and launches the application.

9-34
You can also force run workstation-associated applications that require user interaction.
Version 1
(continued)
Table 9-10
Option Force Run As User If Application Is Workstation Associated (continued)
Effect This enables applications marked force run and associated to workstation objects to function in the same way as user-associated applications marked force run. In addition, it can associate the application with workstations instead of users. This can be benecial if you are trying to track software licenses by workstation instead of user.
Environment
You can use the Environment Property page to specify the workstation environment that Application Launcher creates before running the application on the workstation: Figure 9-16


Option Run Effect Use to select the applications initial window size: Normal, Minimized, Maximized, or Hidden. In Hidden mode, the application runs normally without a user interface available. Use this option if you want the application to process something in the absence of user intervention. Run 16-Bit Applications in Windows on Windows Session Executable Security Level If you are setting up a 16-bit application to run on Windows NT/2000/XP, use to specify either a Shared or Separate Windows on Windows (WOW) session. Use to select one of the following security levels for the application:
Run Normal. In this level, the application inherits the logged-in users credentials. Run As Secure System User. In this level, the application inherits the workstations credentials and is run as a Windows NT/2000/XP process. This is useful when distributing applications that require full access to the workstation without any user intervention, such as a service pack or an update.
Run as Unsecure System User. This is the same as Run As Secure System User except that the applications interface appears to the user. This means that the application can display dialogs and prompt the user for information. In return, the user can use the application.

(continued)
Table 9-11
Option Executable Security Level (continued)
Effect Dont use the previous options when a user uses a terminal server client session to run Application Launcher from the terminal server. In this case, if the application is run as a System user, either secure or unsecure, Application Launcher running on a terminal server relies on the Application Launcher Service for Windows (Application Launcher Service) to launch the application. Because the Application Launcher Service is running as a system user, the application is only visible on the terminal servers Task Manager (for Run As Secure System User) or on the terminal servers desktop (for Run As Unsecure System User). It will not run in the users terminal server client session.
Clean Up Network Resources
Use to remove network connections, drive mappings, and port captures established for running the application. If the resource is in use when Application Launcher starts the application, it is not cleaned up until all other distributed applications are nished using it. If distributed applications are still running when Application Launcher is terminated, the allocated resources remain intact.

(continued)
Table 9-11
Option Monitor Module Name
Effect Use to specify the name of the application executable. When an application is launched, Application Launcher monitors the executable of the application. When the executable terminates, the process of cleaning up network resources begins. However, if the executable le is a wrapper (an application that analyzes your workstation environment and then launches another application appropriate to the environment), Application Launcher monitors the wrapper executable. This is because Application Launcher might prematurely start cleaning up network resources before the application terminates. Note: To determine whether your application
uses a wrapper executable, see the application documentation.

If your application has a wrapper, identify the module that remains running. Type the name of the module (without the extension) in the text box provided.
Launch Scripts
You can use the Launch Scripts property page to specify launch scripts for Application Launcher to run. As part of the process of launching an application, Application Launcher can launch a script engine to execute a before launch script and an after termination script.

The Launch Scripts property page denes the script engine you want Application Launcher to use and the scripts to be executed: Figure 9-17
The options on this page are the same as those on the Distribution Scripts on 9-25, except that the Launch scripts run as the logged-in user instead of the Secure System account. This means that the script can interact with the user.

Environment Variables
You can use the Environment Variables page to specify the environment variables that Application Launcher sets before running the application: Figure 9-18
For example, you can specify an applications working directory in the PATH environment variable. The following options are available on this page: Table 9-12
Option Environment Variables Effect Use to see variables that will be modied before an application is run. Application Launcher modies only the variables in this list. Use to search for variables or variable data in the Environment Variables list, or to import variables from another application objects AOT or AXT le.
File

9-40
Version 1
(continued)
Table 9-12
Option Add Modify Delete
Effect Use to add a variable to the Environment Variables list. Use to modify the Environment Variables list. Use to delete the Environment Variables list.
Licensing/Metering
You can use the License/Metering Property page to congure Application Launcher to use Novell Licensing Services (NLS) to track application use and comply with the licensing agreement: Figure 9-19
NLS must be installed and you must have created a License Container and a Metered Certicate for the application.


Option Use Novell Licensing and Metering for this Application Associate Application Object with License Container Do Not Run Application If NLS Is Not Available Effect Use to enable the metering of the application.
After metering is enabled, use to select the License Container where youve created the applications Metered Certicate. Use to prevent users from running the application if NLS is not running.
Application Dependencies
Creating application dependencies or application chains is a concept of requiring one application to be installed on a workstation before another application can be installed. After you create application objects, you can make the applications represented by those objects dependent upon each other.

For example, as shown in the following, you can make the installation of Word dependent on the installation of Ofce, which means that before Word is installed, Ofce must be installed: Figure 9-20
You can make an application dependent on more than one application. Application chaining makes application management simpler because users dont have to worry about the applications currently installed. In addition, application chaining is accepted not only during the installation of an application delivered through ZENworks but also during the verication or uninstallation of the application. You can congure application chaining by doing the following:
1.
From ConsoleOne, open the Properties page of an application object. Select Run Options > Application Dependencies; then select Add. Browse to your container and select the application. Select OK twice.
2.
3.

Version 1
9-43
You can use the Application Dependencies Property page to view the applications that the primary application has a dependency on: Figure 9-21
The dependent applications are listed in the order they must be installed on the workstation before the primary application is launched. This page provides the following options: Table 9-14
Option Add Effect Use to add an application to the Application.

(continued)
Table 9-14
Option Continue Distributions Immediately
Effect Select this option if you want Application Launcher to distribute and run the dependent application but not wait for the application to nish running before continuing with the next dependent application distribution. If this option is selected, then Application Launcher continues after all les, Registry settings, and so on have been distributed and the application (or le) listed in the Path to File eld has been launched. If this option is not selected, Application Launcher waits until the previous application has exited before continuing with the distribution of the next application in the list.
Reboot Wait
Use if the dependent application is in an application chain and one or more application chains require the workstation to be rebooted to nish the installation.
This instructs Application Launcher to reboot the workstation only after all applications in the chain are installed. This also applies when uninstalling the application.
Delete
Use to remove a dependent application from the list. Use to see whether a dependent application consists of an application chain. Use to list the order in which applications are installed from top to bottom.
Show Chain
Up-Arrow and Down-Arrow

Associations
You can use the Associations property page to view the objects that are associated with the application object: Figure 9-22
Objects associated with the application object can see and use the application. You can grant rights to user, workstation, group, organizational unit, organization, and country objects.

The following options are available on the Associations page: Table 9-15
Option Associations List Effect Use to view the objects associated with the application object and add or delete objects.
Use to associate an object with the application object. All objects receive the default characteristics selected in the Defaults for Subsequent Associations list. You can modify characteristics by selecting or deselecting the appropriate boxes.
Add
Delete Defaults for Subsequent Associations
Use to disassociate an object from the application object.
Use to specify the default characteristics for an object in the Associations list. If you change the characteristics that are selected, any object added after that will have the new characteristics. The following options are available:
Force Run. Use to run the application object as soon as Application Launcher or Workstation Helper starts. You can use the Force Run option in conjunction with several other settings to achieve unique behaviors. App Launcher. Use to add the application objects icon to all Application Launcher views. Start Menu. If the workstation is running Application Explorer, use to add the application object to the Windows Start menu. The application object is added to the top of the Start menu unless you assign the application object to a folder and use the folder structure on the Start menu.

(continued)
Table 9-15
Option Defaults for Subsequent Associations (continued)
Effect
Desktop. If the workstation is running Application Explorer, use to view the application objects icon on the Windows desktop. System Tray. If the workstation is running Application Explorer, use to view the application objects icon in the Windows system tray. Quick Launch. Use to view the application objects icon on the Windows Quick Launch toolbar. Force Cache. Use to force the application source les and other les required for installation to be copied to the workstations cache directory. The user can then install or repair the application when disconnected from eDirectory. The les are compressed to save space on the workstations local drive. This is required only if you want to make sure the user can install or repair the application while disconnected from eDirectory. Without this option selected, the user can still launch the application in the disconnected mode. This can happen if the application has been distributed to the workstation.
Availability
You can use the Availability tab to determine when the application is available to users. The Availability tab provides the following pages:
Distribution Rules Schedule Termination

9-48
Version 1
Distribution Rules
The Distribution Rules Property page was added in ZENworks 6.5 Desktop Management; it replaces the System Requirements tab. To understand how to congure distribution rules, you need to know the following:

How to Configure Distribution Rule Requirements How to Add System Requirements
How to Congure Distribution Rule Requirements
You can use the Distribution Rules Property page to specify the requirements a workstation must meet before Application Launcher distributes the application to it: Figure 9-23

The Add Requirements to Control Availability of This Application list displays all requirements associated with the distribution of the application. For each requirement, the following options are displayed: Table 9-16
Option Type Subject Effect Shows the category of the system requirement. Shows the subject of the system requirement. For example, if the type is OS Version, the subject can be Windows 95/98 or Windows NT/2000/XP. Operator This column shows if a condition (such as greater than, less than, and equal to) must be met for the assigned value. Shows if a value is associated with the subject. For example, if Windows NT/2000/XP is the subject, the version might have to be greater than or equal to 4.00.950 for the application to be distributed. Always Show Icon Congures Application Launcher to always display the application object's icon regardless of whether or not the workstation meets the requirements dened by the distribution rules. If you select this option and one or more requirements is not met, the icon will display in a disabled state. Users can right-click the disabled icon, select Details, then select Requirements in order to see which requirements are not met.
Value

(continued)
Table 9-16
Option Legacy > Import Legacy Settings
Effect This option copies the legacy system requirements into the Add Rules to Control Availability of This Application list. If you've already added rules to the list, the legacy settings will replace any rules you've added. In a mixed-version environment, you need to decide how you want to use the new distribution rules and legacy system requirements together. In general, you can use one of the following methods:
System Requirements. ZENworks 6.5 (or later) versions use the distribution rules and pre-ZENworks 6.5 versions use the legacy system requirements. This method enables you to maintain the legacy system requirements for pre-ZENworks 6.5 Application Launcher while using the grouping, operator logic, and new rules available beginning with ZENworks 6.5. If you use this method, you can dene the legacy system requirements rst and then use the Import Legacy Settings option to populate the distribution rules. After populating the distribution rules, you can modify them to meet your needs.

(continued)
Table 9-16
Option Legacy > Import Legacy Settings
Effect
Dene legacy system requirements only. Both ZENworks 6.5 (or later) and pre-ZENworks 6.5 versions use the legacy system requirements. This solution reduces administrative maintenance of distribution rules and system requirements, but excludes you from using the new grouping, operators, and rules. Be aware that if you dene any distribution rules, ZENworks 6.5 (or later) versions of Application Launcher use the distribution rules, not the legacy system requirements. The ZENworks Application Launcher checks rst for the existence of distribution rules. Only if no distribution rules exist does it then check for legacy system requirements
File
Use to search for requirements that include specic information. For example, you can search for requirements that include Windows, greater than, or system memory.
Modify Delete Add
Use to edit requirement information Use to remove a requirement. Use to add a system requirement based on one of the following categories. Each of the categories are discussed further below.

How to Add System Requirements
You can add one or more of the following system requirements for distribution rules:
Applications Distribution Rules. The Application Dependencies dialog lets you create a requirement based on the existence or nonexistence of another application:
Figure 9-24
The application must have been distributed through Application Launcher. The following are the options available in this dialog: Table 9-17
Option Effect
Application Object Name Use to select the appropriate application object. Application Is Installed Use to indicate that the selected application must already be installed on the workstation. Use to indicate that the selected application must not be installed on the workstation.
Application Is NOT Installed

Version 1
Client Distribution Rules. Client Distribution Rules lets you require the workstation to be running (or not running) the Novell Client.
9-53
Connection Speed. Connection Speed lets you require a specific network connection speed. This samples the connection between the workstation and the default server or middle tier to determine the speed of the connection.
Disk Space. Disk Space lets you set the amount of disk space required on the workstation:
Figure 9-25
The following are the options available in this dialog: Table 9-18
Option Disk Space On Effect Select the disk where you need free space and then congure the amount of free disk space required to install the application. You can also congure the following options:
A through Z. Use to select the disk that is mapped to network drives. Windows System Directory Drive. Use to select the disk where the Windows system directory (for example, Windows System) resides.

(continued)
Table 9-18
Option Disk Space On (continued)
Effect
Windows Directory Drive. Use to select the disk where the Windows directory (for example, Windows) resides. Temp Directory Drive. Use to select the disk where the Windows temporary directory (for example, Windows\Temp) resides.
Is (Conditional Statement)
Select whether the available disk space must be less than, less than or equal to, equal to, greater than, or greater than or equal to the amount listed in the MB eld. Enter the disk space requirement.
MB (Condition)
Environment Variables. Use to specify the environment variables that need to be present:
Figure 9-26

Option Name Effect Use to enter the name of the environment variable. Select the Name Exists option when you want the variable to exist on the workstation. Select the Name Does Not Exist option when you want the variable to not exist on the workstation. Value Data Use to specify whether the variable data must be equal to, not equal to, contain, or not contain the data you enter in the Data eld.
File Date. Use to create a requirement based on the date of a specific file:
Figure 9-27

Option File Effect Use to select the le whose date you want to check. Select whether the le date must be before, on or before, on, on or after, or after the date entered in the Date eld. Use to select the date and time.
Is
Date
File Existence. Use to create a requirement based on the existence or nonexistence of a specific file:
Figure 9-28
Option File File Exists Effect Use to select the le you want to search for. Use if you require the le to exist on the workstation. Use if you require the le to not exist on the workstation.
File Does Not Exist

File Size Use to create a requirement based on the size of a specific file:
Figure 9-29
Option File Effect Use to select the le whose size you want to check. Select whether the size must be less than, less than or equal to, equal to, greater than, or greater than or equal to the size entered in the Size eld. Use to enter the le size in KB.
Is
Size

File Version. Use to create a requirement based on the version of a specific file:
Figure 9-30
Option File Effect Use to select the le whose version you want to check. Select whether the version must be less than, less than or equal to, equal to, greater than, or greater than or equal to the version entered in the Version eld. Use to enter the le version.
Is
Version
New Group. Lets you add a new rules group.

Memory. Use to specify the amount of memory required on a workstation:
Figure 9-31
Option Memory Is Effect Select whether the total memory must be less than, less than or equal to, equal to, greater than, or greater than or equal to the memory entered in the MB of RAM eld. Use to enter the required memory amount.
MB of RAM
Operating System. Use to specify the operating system required on a workstation:
Figure 9-32

Option Platform Is Effect Use to select the operating system the workstation must be running on. Use to select whether the version number must be less than, less than or equal to, equal to, greater than, or greater than or equal to the number entered in the Version eld.
Version
Processor. Use to require a specific processor type. Registry. Use to specify whether or not particular Registry values need to be present:
Figure 9-33

Option Key Effect Use to specify whether a Registry key must exist or must not exist for the distribution to take place. Use to specify whether a key value must exist or must not exist for the distribution to take place. Use to specify a condition for the value and data type (String or DWORD) you specied in the Name eld.
Name
Value
Remote Access. Use to create a requirement based on whether Application Launcher is in remote mode or local mode. The Remote Access Detection Method is specified in Launcher Configuration. Terminal Server. Lets you require the computer to be (or not be) a terminal server.

Schedule
You can use the Schedule property page to dene the dates and times when Application Launcher makes the application object available to users, such as the following specied days: Figure 9-34
The Schedule property page is available on Application objects created for all application types (simple, AOT/AXT, MSI, Web, and Terminal server). The Schedule property page denes the dates and times when the application is available to users. Application Launcher displays the application icon only during the times dened by the schedule. The schedule applies regardless of whether or not the application is installed. For example, if a user has not yet installed the application, it is only available for installation at the times specied by the schedule.

Version 1
9-63
Likewise, if a user has already installed the application, it is only available for running during the scheduled times. The following are options available on the Schedule property page:
Schedule Type Select the type of schedule you want to use. You can choose None, Specied Days, or Range of Days:
None Use this option to indicate no schedule. The Application object becomes available to an object as soon as the application's system requirements have been established (Availability > System Requirements page) and the application has been associated with the object (Associations page).
Specied Days Use this option to select specic dates when you want the Application object to be available. After selecting this option, ll in the following elds:
Date Range. The Date Range list displays all dates when the Application object is available. To add a date, click Add > select the date you want > OK to display it in the list. You cannot select more than 350 specific dates.

Time for Selected Dates. Select the availability start time and end time. The times apply to all dates in the Date Range list. The time increments in 5 minute intervals, with the earliest available start time being 00:00 (12:00 a.m.) and the latest end time being 23:55 (11:55 p.m.). This means there is always a 5-minute time period from 11:55 p.m. to 12:00 midnight when the application is unavailable. If you want the application to be available the entire day, you need to use the Range of Days schedule type.
Spread from Start Time (in Minutes). The Spread from Start Time option spreads out user access times over the number of minutes specified so the application doesnt become available to all users at the same time. If you anticipate all users launching the application as soon as it becomes available and the application is being distributed or run from the network, you can use this option to avoid possible network overload. For example, if you want to distribute an application to 100 users, you could use the Spread from Start Time option to specify a one-hour block of time (starting at the scheduled start time) in which to randomly distribute the application to the various users.
Range of Days Use this option to select a range of dates to make the application available. You can also use this option to make applications available only on certain days of the week within a given range of dates.

Version 1
After selecting this option, ll in the following elds:
9-65
Date Range. To define the range of days, select a start date and an end date, then select the days (Sunday through Saturday) within the established date range that the application is available. By default, all days are selected; a day is selected when the button appears to be pressed in.
Time for Selected Range. Select the availability start time and end time. This option works differently depending on whether the date range includes one day, multiple days, or all seven days. If the date range includes one to six days (but not all seven days), the application is available between the start and end times on those days. For example, if you make the application available on Monday between 8:00 and 5:00, it is available during those hours. However, if the date range includes all seven days, the times are ignored and the application is available every day, 24 hours a day.
Spread from Start Time (in Minutes). The Spread from Start Time option spreads out user access times over the number of minutes specified so the application doesnt become available to all users at the same time. If you anticipate all users launching the application as soon as it becomes available and the application is being distributed or run from the network, you can use this option to avoid possible network overload.

Use this Schedule in GMT for All Clients. The schedule is based on the workstations time zone. If your network spans different time zones and you schedule an application to run at 1:00 p.m., it runs at 1:00 p.m. in each time zone. You can select this option to have workstations run applications at the same time regardless of their time zones (for example, 1:00 p.m. Rome time and 4:00 a.m. Los Angeles time).
Termination
You can use the Termination Property page to specify how Application Launcher terminates the application if it becomes unavailable to a user while running it: Figure 9-35

An application becomes unavailable to a user when

You disassociate it from the user. The availability schedule expires. The applications system requirements change, and the users workstation no longer complies.
You can select the following options when the application terminates: Table 9-27
Option None Effect Use to disable any termination behavior. If the application becomes unavailable, the users can continue to run the application until they exit the program. Send Message to Close Application Use to have Application Launcher display a message instructing the user to close the application. In the Basic Closing Message box, select how often you want Application Launcher to display the message. A default message is used unless you select the Message button and dene a custom message. Send Message to Close Then Prompt to Save Data Use to have Application Launcher display a message instructing the user to close the application. When the user does not close the application, Application Launcher sends a call to the application instructing it to close. If the user has no unsaved data, the application closes immediately. Otherwise, the application displays a Save dialog to allow the user to save the data.

9-68
Version 1
(continued)
Table 9-27
Option Send Message to Close Then Prompt to Save Data (continued)
Effect After the application closes, users cannot launch it again.
Warning Message (Optional). Use to warn the user to close the application. You can congure the number of warning messages and the display interval between the messages. A default message is used unless you select the Message button and dene a custom message.
Prompt Closing Message. Use to prompt a user to close the application. Choose how often you want to prompt the user to close the application before Application Launcher attempts to close the application. A default message is used unless you select the Message button and dene a custom message.
Send Message to Close, Prompt to Save, Then Force Close
Use to display a message instructing the user to close the application. Otherwise, Application Launcher closes the application. If the user has no unsaved data, the application closes immediately. If the user has unsaved data, the application displays a Save dialog box to allow the user to save the data. Regardless of the option (Yes, No, or Cancel) the user selects, the application is closed.
Warning Message (Optional). Configure this page as discussed previously. Prompt Closing Message. Configure this page as discussed previously. Application Termination. Use to inform users that their application has just been closed.

Version 1
9-69
(continued)
Table 9-27
Option Send Message to Close Then Force Close with Explanation
Effect Use to prompt the user to close the application. Otherwise, Application Launcher closes the application and displays a termination message.
Warning Message (Optional). Configure this page as discussed previously. Application Termination. Congure this page as discussed previously.
Some applications display a Save dialog that includes a Cancel button in addition to the Yes and No buttons. The Cancel button aborts the close operation, and the application remains open. If the applications Save dialog includes a Cancel button and you want to close the application, use the Send Message to Close, Prompt to Save, and Then Force to Close options.
Common
Use to provide common application customization tasks. The Common tab includes the following pages:

Macros Drivers/Ports File Rights Reporting Imaging Sources Uninstall Uninstall Scripts

9-70
Version 1
Macros
You can use the Macros Property page to specify the macros that are dened for use with the application object: Figure 9-36
These macros are referred to as application object macros. They are variable names associated with values, such as string values. For example, when you create an application object using an AOT or AXT le, a SOURCE_PATH macro is added to the list. This macro denes the location of the source les the application will be installed from. Often, you enter the source path when dening other properties for the application object. By creating a SOURCE_PATH macro, you you can enter %SOURCE_PATH% instead of the actual source path.

Drivers/Ports
You can use the Drives/Ports Property page to specify the drive mappings and port captures for the application: Figure 9-37
When a user launches an application (through the application object), Application Launcher establishes the drive mappings and port captures before launching the application. For example, suppose youve set up a database application to run from drive W. To make sure that W is mapped to the location of the application, map drive W to the server, volume, and directory where the application exists. When Application Launcher runs the application, it establishes the drive mapping according to the conditions dened when setting up the drive mapping.

Users need access to a network location to store les created with a word processor. If you map a drive, the drive mapping becomes active as soon as the application runs. By default, drive mappings and port captures are not released when the user closes the application.
File Rights
You can use the File Rights Property page to specify the le, directory, and volume rights a user must have to run the application: Figure 9-38
Users receive these rights when their user object is associated with an application, group, organizational unit, organization, or country object.

When you use the File Rights Property page to assign le system rights, user objects do not have to be explicitly assigned rights. This saves you time and effort when rights must be assigned to a large number of users. The le rights you set up dont depend on whether the user is using the application. The user has continual le rights from the time the application object is associated with the user until the time the association is removed. The File Rights list displays all les, directories, and volumes that rights are given for. When you select a le, a directory, or a volume, the rights that have been granted are displayed in the Rights box. The following options are available on this page: Table 9-28
Option Add Effect Use to select the le, directory, or volume you want to grant rights for. Use to select the le, directory, or volume you want to delete from the list. Any users associated with the application object lose rights to the le, directory, or volume. Use to grant rights to the le, directory, or volume in the File Rights list.
Delete
Rights

Reporting
You can use the Reporting Property page to specify the application events you want Application Launcher to report on and specify the method of reporting: Figure 9-39
Application Reporting is covered in Section 10, Application Auditing and Reporting on 10-1

Imaging
You can use the Imaging Property page to create an image le for an application object: Figure 9-40
The following are the options available on this page: Table 9-29
Option App Size Effect Displays the size of the application object. This includes all application object information (AOT or AXT le) and application source les (FIL les). Use to specify a location and lename for the image and make sure that the disk you are saving the image to has sufcient free space.
Disk Information

(continued)
Table 9-29
Option Location
Effect Use to specify the location and lename for the image. You can save it in the same location as the base image le. The lename does not need to have a particular extension, but ZMG is used as the default.
Drive Capacity, Free, and Used
After youve entered a location for the le, use these elds to view the amount of space on the disk (both available and used disk space). In addition to the image le, the NALCACHE directory (located on the workstations Windows drive) is used to store the applications source les (FIL les) and the application objects settings (AOT or AXT le) temporarily. The size of the source les will vary, but the settings le is usually smaller than 200 KB. Make sure the workstations Windows drive has sufcient disk space for these les.
Create Image
Use this button to create the image. A dialog will appear that lets you select from the following compression options:
None. Use to create the image le without compressing it. This results in the largest image le size produced by any of the compression options. Optimize Compression Time. Use to apply the lowest level of compression. This minimizes the time required to compress the image le and results in a larger le. Balance Compression Time and Image Size. Use to apply a medium level of compression to balance the time required to compress the le with the size of the image le.

(continued)
Table 9-29
Option Create Image (continued)
Effect
Optimize Image Size. Use to apply the highest level of compression. Selecting this option increases the time required to compress the image le.
Image Association Location
Use to specify the association characteristics for the application object. These are enforced when the image is applied to the workstation.
Sources
You can use the Sources Property page to specify additional network locations that contain installation packages where Application Launcher can distribute the application from: Figure 9-41
VIEW ONLY MSI based application objects automatically use this list for fault tolerance. NO PRINTING ALLOWED
If the rst source in the list is not available then Application Launcher begins with the rst location in the list and continues down the list until an accessible package is found. To enable this functionality for AOT/AXT applications you must enable Source List fault tolerance. Before dening additional source locations, you must copy the original package to the new source locations. For snAppShot packages, copy the AOT, AXT, FIL, and TXT les. For Windows Installer packages, copy the administrative installation folder and all subfolders. With application objects that use an MSI le instead of an AOT or AXT le, the Package Source List is extremely important because you provide users access to on-demand installations (installation of les as the user requests certain features or components).
If the original installation source becomes unavailable without an established source list, the on-demand installation fails.
In addition, if the original source location is referenced through the SOURCE_PATH macro and Application Launcher cannot access the location, it uses the package sources in this list. (The SOURCE_PATH macro must be uppercase.) When distributing applications that use the Windows Installer, Application Launcher passes the source list to the installer. The installer then uses the list for the locations from which to install the application les.

Uninstall
You can use the Uninstall Property page to enable the application to be uninstalled and specify the behaviors associated with uninstalling the application. The Uninstall Property page does not apply to terminal server and web applications. It is not displayed when viewing the properties for these types of application objects in ConsoleOne.
Uninstall Scripts
You can use the Uninstall Scripts Property page to launch a script engine and execute a before uninstall script and an after uninstall script: Figure 9-42
VIEW ONLY Application Launcher to use and the scripts you want executed. NO PRINTING ALLOWED
This Property page denes the script engine that you want
On Windows NT/2000/XP, uninstall scripts always run in the user space for both user-associated applications and workstation-associated applications. This is the same behavior as launch scripts but different from the behavior for distribution scripts, which run in the secure system space. The following options are available on this page: Table 9-30
Option Run Before Uninstalling Effect Use this eld to enter any script commands you want executed before the application is uninstalled. Do not use extended characters in the script; extended characters are not supported. Use this eld to enter any script commands you want executed after the application is uninstalled. Do not use extended characters in the script; extended characters are not supported. The script engine determines the script commands and scripting language you need to use. If you do not dene a script engine in the Script Engine Location eld, Application Launcher uses the Novell Client as the script engine (if the workstation has the Novell Client installed), which means that you can use most Novell Client login script commands. If you want to use a script engine other than the Novell Client, specify the script engine that you want to use. The script engine must reside in a location that is always available to users, such as their local drives.
Run After Uninstalling
Script Engine Location

(continued)
Table 9-30
Option Script Engine Location (continued)
Effect The script engine can reside on a network server only if users can map a drive to the server (for example, through the Novell Client or the Client for Microsoft Networks). If Application Launcher cannot nd the script engine, it displays an error to the user and fails to uninstall the application. If you use the Windows command interpreter as the script engine, you must include the /C switch, as shown in the following examples:
Windows NT/2000/XP: %*WINSYSDIR%\CMD.EXE /C Windows 98: %*WINDIR%\COMMAND.COM /C
The %*WINSYSDIR% and %*WINDIR% variables specify the Windows system directory, and the /C switch instructs the command interpreter to execute the script and then stop. If the /C switch is not used, the script will not complete. Script File Extension This applies only if you specied a script engine in the Script Engine Location eld. When the application is uninstalled, Application Launcher creates temporary script les for the Run Before Uninstall scripts and Run After Uninstall scripts. These les are passed to the script engine, which then executes the script. You need to specify the le extension that the script engine requires for its script les.
Fault Tolerance
You can use the Fault Tolerance tab to balance the workload required to host an application between multiple servers and to back up applications in case of server failure.

9-82
Version 1
The fault tolerance tabs are discussed in detail in Section 11, Distributed Application Management on 11-1.
MSI
When creating an MSI application object, a new conguration page appears that lets you customize certain MSI features. This tab is not available for nonMSI applications. The MSI tab includes the following tab pages:

Transforms Properties Verify Patches

Transforms
You can use the Transforms Property page to specify the transforms that the Microsoft Windows Installer will apply to the MSI package during distribution: Figure 9-43
A transform adds, deletes, or changes properties in the MSI package to enable customizing the installation for different groups of users. Transforms are applied in the order they appear in the transforms list. If 2 transforms modify the same package property, the property retains the value applied by the second transform.
b
9-84
For more on creating transforms for your MSI package, see the documentation you received with the software application.
Version 1

Option Add Effect Use to select the transform le (MST le) you want added to the transform list. If the transform le is in the same location as the MSI package, you can enter the lename in the Transform Path eld. Delete Use to delete a transform from the transforms list. Use to modify the path to the MST. Use to change the order that the transforms are applied.
Modify Up-Arrow and Down-Arrow

Properties
You can use the Properties page to override the public property values contained in the MSI package and add public properties: Figure 9-44
The MSI package contains the property values specied during the installation of the application. These property values determine the way the Microsoft Windows Installer installs the application. You might want to change one or more of the property values. For example, a property value might dene the default location for a users work les. By adding a property to the properties list and changing the propertys value, you can override the default location dened in the MSI package.
VIEW ONLY the MSI package. Be careful to add only those properties that are NO PRINTING valid for the package. ALLOWED
9-86 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
If necessary, you can add public properties that are not included in
Version 1
The following options are available on the page: Table 9-32

Option Add Effect Use to change the property value in the MSI package so Application Launcher uses the new property value. Use to modify a property value. Use to delete a property from the Properties list. Deleting the property makes future installations of the application use the property value dened in the MSI package.
Modify Delete
Verify
You can use the Verify Property page to specify the actions that the Microsoft Windows Installer will take when instructed to verify (repair) the application: Figure 9-45

From the Verify property page, you can select one or more of the following:

Reinstall File Only if Missing Reinstall File if Missing or Older Version Reinstall File if Missing or Equal or Older Version Reinstall File if Missing or Not Exact Version Check Sum Executables, and Reinstall if Missing or Corrupt This instructs Windows Installer to perform a checksum on all executable les and reinstall all missing or corrupt les. Only les that have msidbFileAttributesChecksum in the Attributes column of the MSI packages File Table are repaired.
Reinstall All Files Regardless of Version Ensure Required Per-User Registry Entries Per-user Registry entries are entries contained in the HKEY_CURRENT_USER and HKEY_USERS Registry keys.
Ensure Required Per-Machine Registry Entries Per-machine entries are contained in the HKEY_LOCAL_MACHINE and HKEY_CLASSES_ROOT Registry keys.
Validate Shortcuts Use the Re-Cache Source to Install Package This instructs the Windows Installer to install les from the re-cache (local) source instead of the source package.

Patches
You can use the Patches Property page to view the patch les that Microsoft Windows Installer applies to the MSI package during distribution: Figure 9-46
Each patch is applied in the order listed in the MSI patches list. The following options are available on the page: Table 9-33
Option Add Effect Use to select the patch le (MSP or MSI patch le) you want added to the MSI patches list. If the patch le is in the same location as the MSI package, you can enter the lename in the MSI Patch File eld instead of browsing and selecting it.
VIEW ONLY Modify NO PRINTING ALLOWED

Version 1
Use to modify the location of a patch.
9-89
(continued)
Table 9-33
Option Delete Up- and Down-Arrow
Effect Use to delete a patch from the MSI patches list. Use to change the order that patches are applied.
GUID Management
GUID stands for global unique identier. In ZENworks Desktop Management, a randomly generated string provides a unique identier, or GUID, for an application. When Application Launcher distributes an application to a workstation, it adds the GUID to the workstation's Windows registry for distribution tracking purposes. The GUID Manager in ConsoleOne provides you with the ability to change an application's GUID. You can randomly generate a new GUID, manually specify a new GUID, or change the GUID to match another application's GUID. You might need to change an application's GUID if any of the following occurs:
The application object is accidentally deleted from the tree. When you re- create the application object, it is randomly assigned a new, unique GUID. Because the new GUID will cause the application to be redistributed to all users and workstations associated with the application, you can use the GUID Manager to change the new objects GUID to match the old objects GUID.

9-90
You have multiple application objects for the same application. You need to make sure that all application objects have the same GUID so that the application is distributed only once, regardless of the Application object that is used. You can use the GUID Manager to synchronize the GUIDs.
Version 1
Changing the GUID of an undistributed application has no redistribution consequences. However, before you change the GUID of a distributed application, be aware that doing so might result in Application Launcher redistributing the application. In particular, redistribution occurs in the following situations:
Giving an application a new, unique GUID always results in redistribution. Giving the application the same GUID as another application that hasnt been distributed to workstations will result in redistribution. For example, suppose App1 has GUID 1234 and App2 has GUID 5678. If you synchronize App1 with App2 so that both applications now have 5678 as their GUIDs, any workstations that had App1 but not App2 now have App1 redistributed to them.
To use the GUID Manager, do the following:

1.
In ConsoleOne, select the application object whose GUID you want to modify. Select Tools > ZENworks Utilities > Application Launcher Tools > Manage Distribution GUIDs. You can also access the GUID Manager by opening the Application object and selecting Distribution Options > Options > Modify.
2.

3.
From the Applications to Receive New GUID list, add the applications that will be assigned the new GUID. The list, by default, contains the application you selected before opening the GUID Manager.
4.
Select the method you want to use to assign the new GUID:
Randomly Generate New GUID. Use this option to have the GUID Manager randomly generate a new GUID. If you've added multiple applications to the Applications to Receive New GUID list, select one of the following options:
All Selected Apps Share Same GUID. Assigns the same randomly generated GUID to all of the applications.

All Selected Apps Get New GUID. Assigns a different randomly generated GUID to each application.
Select GUID from Existing Application. Use this option to synchronize the GUIDs of all listed applications with an existing application. You can browse to and select the Application object whose GUID you want to share. The source application's GUID (the one you select using this option) does not change. Only the GUIDs for the applications displayed in the Application to Receive New GUID list change.
Manually Specify New GUID. Use this option to dene a specic GUID for all listed applications. Select Modify to display the Edit GUID dialog box used to specify the GUID.
5.
After you've made your GUID modifications, select Change GUIDs.

Objective 2
Automate the Distribution of Applications

After you create and congure an application object, you can distribute it automatically. Distributing applications during working hours can decrease network performance. It is often preferable to distribute applications during nonworking hours and automate the distribution. You can automate distribution of applications by using one of the following methods:

A Distribution Schedule Lights-Out Distribution (Pre-Install)
A Distribution Schedule
You can use a distribution schedule to schedule various times for the distribution of an application. For example, you can schedule a virus detection program to run at a specic time. Set a distribution schedule from the application objects Schedule property page. This lets you schedule when applications are delivered to users. You can force-run an application and make it available during a specied time.
b
9-94
For more on the Schedule tab, see the Conguration options in Schedule on 9-63.
Lights-Out Distribution (Pre-Install)

You use lights-out distribution to install common pieces of an application after regular hours. When a user logs in, user-specic pieces of the software are installed.
Version 1
In ZENworks Desktop Management, lights-out installation works for both MSI and AOT/AXT based applications. To perform lights-out distribution, you typically associate the application to the workstation object. This means that a workstation must be On but the user does not need to be authenticated. The Pre-Install Property page lets you set up a lights-out distribution of an application: Figure 9-48
To perform lights-out distribution, you need to know the following:

How Lights-Out Distribution Works How to Configure a Lights-Out Distribution

How Lights-Out Distribution Works
The schedule parameters dened in the Pre-Install Property page are the same as that of the Schedule property page. The lights-out distribution process works as follows:
1.
You configure the Pre-Install page of an application object to distribute the application during off hours. The user leaves the office. At the scheduled time, the distribution process begins by copying and modifying text files, INI files, and Registry settings for the users workstation.
For MSI applications this causes the portions of the MSI that are agged as workstation based to be installed.
2. 3.
x
4. 5.
The user returns and authenticates to eDirectory. When the application is launched the distribution process completes as users specify their settings (for example, company name or product registration information), and the application is launched.
Lights-out distribution saves considerable time when users log in because they dont have to wait for the entire distribution process to run. Lights-out distribution can be used for an application that is associated with workstations or users. Workstation-associated applications can be distributed when a user is not logged in. User-associated applications can only be distributed when the user is logged in and an Application Launcher view is running.

How to Congure a Lights-Out Distribution
To congure a lights-out distribution (an application pre-install), do the following:

1.
From ConsoleOne, right-click the Application object that you want to pre-install; then select Properties. Select Distribution Options > Pre-Install Schedule. The following appears:
2.
Figure 9-49
3. 4.
Enable pre-installation by selecting Pre-Install Application. In the Schedule Type drop-down list, select one of the following Schedule Type options:
None. Start the pre-install as soon as the application is found to be associated with the user or workstation.

Specied Days. Designate specic days and times when the application can be pre-installed. You can specify up to 350 different days and times. Range of Days: Designate a range of days each week that the application can be pre-installed.
5.
If you select Specified Days, the following appears:
Figure 9-50
Do the following for this schedule type: a. To add a date, select Add and specify the desired pre-install date range. The Date Range list displays all dates when the application can be pre-installed. b. Under Time for Selected Dates, specify the availability start time and end time. This parameter applies to all dates in the Date Range list.

9-98
Version 1
Note that the time increments in 5-minute intervals, with the earliest available start time being 00:00 (12:00 a.m.) and the latest end time being 23:55 (11:55 p.m.). This means there is always a 5-minute time period from 11:55 p.m. to 12:00 midnight when the application is unavailable. If you want the application to be available the entire day, you need to use the Range of Days schedule type. c. If you don't want multiple workstations installing the application at once, in the Spread from Start Time eld, specify the number of minutes between available times. The spread option spreads out access times so that all pre-installations don't occur at the same time.
6.
If you select Range of Days, the following appears:
Figure 9-51

Version 1
Do the following for this schedule type: a. In the Date Range eld, specify a start date and an end date.
9-99
b.
Specify the days of the week that the schedule will be active within the specied date range. By default, all days are selected. In the Time for Selected Range elds, specify the availability start time and end time. This option works differently, depending on whether the date range includes one day, multiple days, or all seven days. If the date range includes one to six days (but not all seven days), the application is available between the start and end times on those days. For example, if you make the application available on Monday between 8:00 and 5:00, it is available during those hours. However, if the date range includes all seven days, the times are ignored and the application is available every day, 24 hours a day.
c.
d. In the Spread from Start Time (in Minutes) eld, specify the number of minutes between available times if you don't want multiple workstations installing the application at once. e. (Optional) Select Use this Schedule in GMT for All Clients. The schedule is based on the workstation's time zone. If your network spans different time zones and you schedule an application to run at 1:00 p.m., it runs at 1:00 p.m. in each time zone. You can select this option to have workstations run applications at the same time regardless of their time zones (for example, 1:00 p.m. Rome time and 4:00 a.m. Los Angeles time).
7.
Select OK.
VIEW ONLY You can pre-install an application that is associated with either NO PRINTING users or workstations. ALLOWED
For user-associated applications, the user must be logged in and Application Launcher must be running. For workstation-associated applications the workstation must be running, but Application Launcher does not need to be running. If the application is a non-MSI application (for example, an AOT application), Application Launcher Workstation Helper uses the workstation's credentials to distribute the application. If the application is an MSI application, Application Launcher Workstation Helper uses the logged-in user's credentials. If you want Application Launcher Workstation Helper to use the workstation's credentials rather than require a user to be logged in (for example, to perform a lights-out distribution of the MSI application), you must enable the Distribute in Workstation Security Space if Workstation Associated parameter, located on the Distribution Options > Options tab. If you do so, it is important to remember that Application Launcher Workstation Helper will use the workstation's credentials, not the user's credentials, to distribute the application. This means that you must assign the workstation object the appropriate le system rights to access the network location where the source .msi les reside. However, be aware that not all MSI applications can be installed using the workstation's credentials. Some MSI applications have dependencies on a logged-in user (for example, to read and write to the HKEY_Current_User key in the Windows registry). In this situation, you must deselect this option in order to have the distribution occur in the user security space and not the workstation security space.

Objective 3
Repair and Uninstall Applications

Application management is more than simply creating application objects and delivering the corresponding applications to users. You must also maintain those applications. Using Application Launcher, you can do the following common application maintenance tasks:

Verify an Application Uninstall an Application
Verify an Application
If an application fails to launch because of missing les, ZENworks offers the user the Verify option to repair the application. When activated, Verify compares les and Registry entries on the local hard drive to those stored in the application object, and then pushes the missing les or Registry changes to the workstation. For example, if a user deletes program les associated with an Application Launcher-delivered application, the user can right-click that application icon and select Verify. The original application les and conguration settings are restored, and you are saved a help request. Because application settings stored in the Registry or in les distributed by the application installation revert to the original installation, users might need to recongure their application preferences. You can repair an application by doing the following:
1.
Right-click the application icon that needs to be repaired. Select Verify.

9-102
Version 1
If the application being veried is a MSI based application, then the repair is controlled by the MSI > Verify tab of the application. The verication is performed by the Microsoft Installer service.
Uninstall an Application
Any application distributed through the ZENworks application management component can be uninstalled. The following shows the Uninstall Property page: Figure 9-52
All les, INI entries, and Registry entries associated with the application are deleted as congured in the dialog. Shared DLL references are maintained.

Each workstation has a local cache that contains information about applications installed on the workstation. When you uninstall an application, this cache is used to ensure the appropriate les and settings are removed from the workstation. By default, users cannot uninstall applications. However, you can enable them to do so. The following are the primary uninstall options you can set: Table 9-34
Option Enable Uninstall Effect Enabling this option turns on the automatic uninstall. The other uninstall options are available only if this option is enabled. If the Unassociated days to uninstall is set to 0, this causes the application to be removed from the workstation as soon as the application is unassociated from the user or workstation. Enable User to Perform a Manual Uninstall Prompt User Before Uninstall Enables users to remove the application from their workstations. If not enabled, only administrators can remove applications. Prompts users before removing the application from their workstations. If users answer, the application is not removed. Prompts users before restarting the workstation. If users answer No to the prompt, the uninstallation is not completed until the next time they manually restart. This option has no effect if the application is being automatically removed due to the application being unassociated from the user.
Prompt User Before Reboot

(continued)
Table 9-34
Option Terminate Application Before Uninstall
Effect Ensures that Application Launcher terminates the application before it uninstalls the application les. The termination process is congured on the Availability > Termination tab. Automatically removes applications the user has not run within a specied number of days (default: 30).
Uninstall Applications If Not Used Within nn Days
You can congure the uninstallation of an application by doing the following:

1. 2. 3. 4.
Log in as Admin; then launch ConsoleOne. Right-click the application object and select Properties. Set the Common > Uninstall tab. Configure the uninstall options: a. b. c. e. f. Select Enable Uninstall. Select Enable user to perform a manual uninstall. Select Prompt user before uninstall. Select Terminate application before uninstall. Select OK. In the Application Launcher window, right-click the application icon and select Uninstall. Begin the uninstallation by selecting Yes.
d. Select Prompt user before reboot.
5.
Uninstall the application from the workstation: a. b.

Objective 4
Describe Terminal Server and Web Applications

In addition to the 3 types of application objects that you have already learned about (simple, AOT/AXT, and MSI), ZENworks provides 2 other types of applications:

Web Applications Terminal Server Applications
This objective provides the information and steps you need to congure these types of applications.
Web Applications
A web application lets you create a pointer in the directory to a URL. It starts the default web browser and passes a URL to the browser. For example, suppose Digital Airlines users need to access an online expense tracking tool to complete expense reports. By creating a web application, you can deliver an icon that represents the online expense tracking tool. When users select this icon, the tool is launched. To congure a web application, do the following:
1.
From ConsoleOne, right-click your container; then select New > Application. Select A Web application; then select Next. In the Object Name field, enter the name of the object; then select Next. Enter the URL for the application. Select Next.
2. 3.

9-106
4.
Version 1
6. 7. 8. 9.
Configure your distribution rules, then select Next. Associate and configure the application; then select Next. Select Display details after creation; then select Finish. Configure Web application specific options, if any. a. b. Select Common > File Rights; then select Add. Browse to and select the folder where the application les are stored.
10. Give users the necessary rights to launch the application:
11. Select OK.
Terminal Server Applications

A terminal server application lets you publish a ZENworks application that launches a Windows Terminal Server or Citrix MetaFrame session. To create a terminal server application:
1.
Right-click the container where you want to create the terminal server application; then select New > Application. Select A Terminal Server application; then select Next. In the Object Name field, enter the name of the object; then select Next. Choose a Windows terminal server session by either selecting RDP Session or ICA Session. Remote Desktop Protocol (RDP) from Microsoft is usually used by small organizations; Independent Computing Architecture (ICA) from Citrix is usually used by large organizations.
2. 3.
4.

a.
If you chose ICA, congure the following:
Published Application Name. By default, this field is populated with the Application object name you previously entered. If the name does not match the application name exactly as it is defined in Citrix, change the name to the Citrix published application name. Servers Hosting This Application. Add the Citrix servers that host the application. To add a server, select Add, specify the server's IP address or hostname, then select OK. Terminal Server Address and Port. Specify the terminal server's IP address or hostname. Server Domain. If the terminal server is part of a Windows NT domain or an Active Directory domain, specify the domain name. Application Path. Specify the path to the application's executable file. Working Directory. Specify the path to the directory you want the application to use for its working files.
b.
If you chose RDP, congure the following:
5. 6. 7. 8. 9.
Select Next. Configure your distribution rules, then select Next. Associate and configure the application; then select Next. Select Display details after creation; then select Finish. Configure application specific options, if any. a. b. Select Common > File Rights; then select Add. Browse to and select the folder where the application les are stored. Select OK.
10. Give users the necessary rights to launch the application:

9-108
c.
Version 1
Objective 5
Distribute Applications to Disconnected Workstations

Application Launcher enables users to install, run, verify (repair), and uninstall applications while being disconnected from eDirectory and the network. This is known as disconnected Application Launcher. To distribute applications using disconnected Application Launcher, you need to know the following:

How Disconnected Application Launcher Works Types of Disconnectable Applications How to Distribute Applications to Disconnected Workstations
How Disconnected Application Launcher Works

When you run an application object, Application Launcher creates a hidden cache folder called NALCACHE on the hard disk of a users workstation. By default, NALCACHE is located on the same drive as Windows. This folder contains subfolders for each application associated with a user. Each application folder can contain, depending on the Application Launcher conguration, the following types of cache:
Launch cache. Application Launcher creates an applications launch cache when an application is distributed to a user or a workstation. The launch cache contains all eDirectory information Application Launcher needs to launch and run an application when users are disconnected from eDirectory.

Version 1
In addition, this cache contains the information needed to uninstall the application.
9-109
However, this cache does not have the necessary les to install or verify applications. As a result, these tasks cannot be performed by disconnected users. The path of the Launch cache on the hard drive is NALCACHE\eDirectory_Tree_Name\ Application_object_ folder.
Install cache. Application Launcher creates an applications install cache only if you select the Force Cache option when associating the application object with users or workstations.
A temporary install cache is created if you use checkpoint restart. This will occur if Application Launcher is congured to detect remote connections and the application being launched has installation work.
The install cache contains the application source les needed to install or verify an application while a user is disconnected from eDirectory. Because it stores the application source les, this cache requires a large amount of disk space. For disconnected users who need to install or repair applications, you must congure Application Launcher to create this cache.
Types of Disconnectable Applications

Applications that can run locally on a disconnected workstation must be congured only as disconnectable. Applications that rely on network resources should not be congured as disconnectable. This includes the following:

Applications that access a network database Client/server applications Applications that depend on network drive mappings or print captures

9-110
Version 1
Applications that require a persistent connection to the network
To disable an applications ofine availability, deselect the Disconnectable checkbox on the Identication page of the application object.
How to Distribute Applications to Disconnected Workstations

You distribute applications to disconnected workstations through the use of removable media, such as a DVD, CD, a Jaz disk, or a memory stick. The removable media functions as a second workstation cache containing the application object settings and application source les required to install and run the application. In this way, you can provide network applications for mobile users. For example, suppose some mobile users need to install and uninstall applications on their laptops because they dont have room for all the applications they need. You can distribute applications on a removable medium. To use a removable media, such as a CD, the laptop must have Application Launcher installed and running to distribute applications to the workstation from the CD. When the mobile user inserts the CD into the laptops drive, Application Launcher reads the CD and displays the application objects icon in the places youve congured. The user then launches the application, which is distributed to the workstation according to the application objects conguration.

The general steps for creating a disconnected network CD are as follows:

1.
From ConsoleOne, select Tools > Application Launcher Tools > Create Virtual CD. Add the application objects to the virtual CD. Indicate how the application icons should appear to the user (for example, Desktop, Quick Launch, and Application Launcher). Select Next. Specify where to save the virtual CD (on the network or a local drive). Select Next > Finish. Create the CD on a CD burner. The virtual CD, which is actually a folder, must be at the root of the CD. This places 2 les, autorun.exe and autorun.ini, at the root of the CD.
2. 3.
4. 5.
6. 7.
In order for Application Launcher to read applications from the removable media, you must ensure that the Read from Removable Media option is not disabled in the launcher conguration.

Exercise 9-1
Manage Applications
In this exercise, you learn to do several application management tasks using the following Host computers and VMware virtual machines:
Figure 9-53
DA-CITRIX Win2K Server 10.200.200.200 Terminal Server OpenOffice 1.1.4
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Repair a Distributed Application Part II: Uninstall an Application Part III: Configure an Application Launcher-Delivered Icon to Launch the Digital Airlines Web Portal Part IV: Deliver OpenOffice Using a Terminal Server

Part I: Repair a Distributed Application
In this part of the exercise, you repair a distributed application using the Verify feature of ZENworks. Do the following:
1.
Cause an application error to occur: a. b. From the WS1 workstation, log off. When the Novell Client 4.91 login dialog appears, select Workstation only, and then authenticate as Administrator with a password of n0v3ll (a zero and a three). Start Windows Explorer.
c.
d. Browse to and open the C:\Program Files\OpenOfce.org1.1.4\Program folder. e. f.

2.
Select and delete all the les in the Program folder. Close Windows Explorer. From the WS1 workstation, log off. When the Novell Client 4.91 login dialog appears, deselect the Workstation only option; then log in as CKent with a password of novell. When prompted to indicate if you currently using a slower connection, select No.
Repair OpenOffice: a. b.
c.
d. From the desktop, select Start > All Programs > OpenOfce.org 1.1.4 > Text Document. Notice that OpenOfce does not start. e. f. From the desktop, double-click Application Explorer. Browse to the Digital Airlines Applications > OpenOfce folder.
g. Right-click the OpenOfce Application Launcher icon.

9-114
h. Select Verify.
Version 1
ZENworks begins repairing the OpenOfce application. This can take several minutes. After OpenOfce is repaired and started, an OpenOfce.org Registration dialog appears. i. j. Select Never register; then select OK. The OpenOfce application opens. Close OpenOfce.
Part II: Uninstall an Application
In this part of the exercise, you use the uninstall feature of ZENworks by uninstalling OpenOfce. Do the following:
1.
Congure the uninstallation with ConsoleOne; a. From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. From your Host2 computer desktop, start ConsoleOne. In ConsoleOne, browse to and right-click OpenOfce.Apps.slc.da; then select Properties. A Properties of OpenOfce dialog appears. d. Select the Common > Uninstall tab page. e. Select the following options:

b. c.
Enable Uninstall Enable user to perform a manual uninstall Prompt user before uninstall Prompt user before reboot Terminate application before uninstall

Version 1
f.
When you nish, select OK.
9-115
2.
Uninstall the OpenOffice application: a. b. c. e. From your WS2 workstation, log off and then log in as a BWayne with a password of novell. When prompted to indicate if you are currently using a slower connection, select Yes. From your desktop, double-click Application Explorer. Right-click the OpenOfce Application Launcher icon; then select Uninstall. An Uninstall Application OpenOfce.Apps.slc.da dialog appears. f. Indicate that you want to uninstall the application by selecting Yes. OpenOfce begins uninstalling. When the process is complete, a dialog appears indicating that Windows needs to reboot the computer to complete the uninstall process. g. Continue by selecting Yes. Wait while your system reboots. h. When the system has rebooted, log in as BWayne with a password of novell. i. j. When prompted to indicate if you are currently using a slower connection, select Yes. Verify that OpenOfce is no longer on the Start menu and that the OpenOfce program les have been removed.
d. Browse to the Digital Airlines > OpenOfce folder.

Part III: Congure an Application Launcher-Delivered Icon to Launch the Digital Airlines Web Portal
You decide to make the new Digital Airlines corporate portal available to your users by providing an Application Launcher-delivered icon that launches the site. Do the following:
1.
Create the Application Launcher-delivered icon: a. b. c. e. f. From your Host2 computer in ConsoleOne, right-click Apps.slc.da. Select New > Application. Select A Web application; then select Next. Select Next. In the URL eld, enter http://DA-ZEN.digitalairlines.com.
d. In the Object Name eld, enter Digital Airlines Portal.
g. Select Next. h. From the Add rules to control availability of the application page, select Next. i. j. From the Add User and Workstation associations page, select Add. Browse to and select Users.slc.da; then select OK.
k. From the Add Container Association page, make sure Users within this Container is selected; then select OK. l. From the top of the Add user and workstation associations list, select the Application Launcher and System Tray icons; then select Next. A Summary page appears. m. Select the Display details after creation check box; then select Finish.

Version 1
A Properties of Digital Airlines Portal dialog appears. n. Select the Identication > Folders tab page.
9-117
o. To the right of the Folders eld, select Add > Linked Folder. A Select Object dialog appears. p. Select Linked Folders; then select OK. A Folder Object Structure dialog appears. q. Select Digital Airlines Applications; then select OK. r.
2.
Save the changes by selecting OK.
Verify whether the Digital Airlines Portal application is available for local access: a. b. From the WS1 workstation using the Novell Client, log off and then log in as CKent with a password of novell. When prompted about your connection speed, select No. Notice that there is a shortcut to the web application in the system tray. c. From your desktop, double-click Application Explorer. d. Browse to and open the Digital Airlines Applications folder. e. Start the Digital Airlines Portal Application Launcher icon. The application launches Internet Explorer and opens your DA-ZEN server home page. f. Close Internet Explorer.
3.
Verify whether the Digital Airlines Portal application is available for slower access: a. b. From the WS2 workstation, log off and then log in as BWayne with a password of novell. When prompted about your connection speed, select Yes. Notice that there is a shortcut to the web application in the system tray.

9-118
c.
From your desktop, double-click Application Explorer.
Version 1
d. Browse to and open the Digital Airlines Applications folder. e. Start the Digital Airlines Portal Application Launcher icon. The application launches Internet Explorer and opens your DA-ZEN server home page. f. Close Internet Explorer.
Part IV: Deliver OpenOfce Using a Terminal Server
Digital Airlines needs to deploy OpenOfce to its remote users who have not installed the product. You do not want the application to be installed over a slow connection; instead, you want to deliver the application to these users with a terminal server. Do the following:
1.
Start the DA-CITRIX terminal server: a. b. From VMware Workstation on the Host1 machine, select File > Open. Browse to and open the DA-CITRIX folder and select the win2000pro.vmx le; then select Open. A DA-CITRIX tab is added to the VMware Workstation window. c. Make sure the DA-CITRIX tab is selected; then from the tab page, select Start this virtual machine.
d. When the Welcome to Windows dialog appears, press Ctrl+Alt+Insert; then log in as Administrator with a password of novell. Notice that an OpenOfce icon appears in the system tray. In the next step, you create an OpenOfce application object for remotely accessing OpenOfce from DA-CITRIX.

Version 1
9-119
2.
Create a terminal server OpenOffice application object: a. b. c. e. f. From your Host2 computer in ConsoleOne, right-click Apps.slc.da. Select New > Application. Select A Terminal Server application; then select Next. Select Next. Select RDP Session.

d. In the Object Name eld, enter OpenOfce - Remote.
g. Enter the following: Terminal Server Address: 10.200.200.200. Application Path: C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe Application Working Directory: C:\Program Files\OpenOffice.org1.1.4\program
h. When you nish, select Next. i. j. From the Add rules to control availability of the application page, select Next. From the Add User and Workstation associations page, select Add. From the Add Container associations page, make sure that Users within this Container is selected; then select OK.
k. Browse to and select Users.slc.da; then select OK. l.
m. Select Application Launcher; then select Next. n. Select the Display details after creation check box; then select Finish. A Properties of OpenOfce - Remote dialog appears. o. Select the Identication > Folders tab page. p. To the right of the Folders eld, select Add > Linked Folder.

9-120
Version 1
q. From the Select Object dialog, select Linked Folders; then select OK. r. s.
3.
From the Folder Object Structure page, select Digital Airlines Applications > OpenOfce; then select OK. Save the changes by selecting OK.
Verify that the OpenOffice - Remote application is available for remote access: a. b. c. From the WS2 workstation, log off and then log in as BWayne with a password of novell. When prompted about your connection speed, select Yes. From your desktop, double-click Application Explorer.
d. Browse to the Digital Airlines Applications > OpenOfce folder. e. Start the OpenOfce - Remote Application Launcher icon. The application launches OpenOfce on the Terminal Server. f. When prompted authenticate as Administrator with a password of novell. An OpenOfce.org Registration dialog appears. g. Select Never register; then select OK. The OpenOfce application opens from the DA-CITRIX terminal server. h. Close OpenOfce. i. Close the terminal server connection by selecting the X in upper right corner of the window. A Novell TS Client - Disconnect session dialog appears. j. Disconnect the session by selecting OK.
(End of Exercise)

Summary
Objective
1. Identify Application Object Conguration Options
What You Learned Application objects let you use the power of eDirectory to congure custom installations and distributions. The Properties page of all application objects includes many conguration options you can use to manage the application. You can congure application settings by accessing the following application object tabs:

Identication Distribution options Run options Associations Availability Common Fault tolerance MSI
In addition, you need to understand the following:
GUID management

Objective
2. Automate the Distribution of Applications
What You Learned After you create and congure an application object, you can distribute it automatically. Distributing applications during working hours can decrease network performance. You can automate distribution of applications by using one of the following methods:
A distribution schedule You can use a distribution schedule to schedule various times for the distribution of an application. For example, you can schedule a virus detection program to run at a specic time.
Lights-out distribution (pre-Install) You use lights-out distribution to install common pieces of an application after regular hours. When a user logs in, user-specic pieces of the software are installed.
3. Repair and Uninstall Applications
Application management is more than simply creating application objects and delivering the corresponding applications to users. You must also maintain those applications. Using Application Launcher, you can do the following common application maintenance tasks:
Verify an application If an application fails to launch because of missing les, ZENworks offers the user the Verify option to repair the application.
Uninstall an application Any application distributed through the ZENworks application management component can be uninstalled.

Objective
4. Describe Terminal Server and Web Applications
What You Learned In addition to the three types of application objects that you have already learned about (simple, AOT/AXT, and MSI), ZENworks provides two other types of applications:
Web applications A web application lets you create a pointer in the directory to a URL. It starts the default web browser and passes a URL to the browser. By creating a web application, you can deliver an icon that represents the online expense tracking tool. When users select this icon, the tool is launched.
Terminal server applications A terminal server application lets you publish a ZENworks application that launches a Windows Terminal Server or Citrix MetaFrame session.
5. Distribute Applications to Disconnected Workstations
Application Launcher enables users to install, run, verify (repair), and uninstall applications while being disconnected from eDirectory and the network. This is known as disconnected Application Launcher. To distribute applications using disconnected Application Launcher, you need to know the following:

How disconnected Application Launcher works Types of disconnectable applications How to distribute applications to disconnected workstations

Application Auditing and Reporting
SECTION 10
In this section, you learn how to congure application auditing and generate reports.
Objectives
1. 2. 3.
Configure Reporting for Application Events Implement Rogue Process Management Use Predefined Reports to View Application Events

Introduction
ZENworks Desktop Management lets you track the usage of your applications and prevent users from installing unwanted applications. Additionally ZENworks provides several different methods for reporting.

Objective 1
Congure Reporting for Application Events

ZENworks Desktop Management lets you generate reports on many different application events. To successfully congure reporting you need to know the following:

Available Reporting Options How to Configure Service Location Packages How to Configure the Application Object How a Report is Sent
Available Reporting Options

ZENworks Desktop Management provides the ability to report success, failure and Rogue Process Management events to any of the following:

Database SNMP Trap XML Log File
Database
You can congure all application reporting events to be sent to a database. ZENworks includes a Sybase database you can use to store the status of all application events, such as launch success. You can also use most ODBC-compliant databases, such as Oracle and Microsoft SQL.

Version 1
10-3
To enable application reporting, make sure each workstation has the correct database driver installed and is authenticated to eDirectory. Then make sure that you complete the conguration steps listed under How to Congure Service Location Packages on 10-6 and How to Congure the Application Object on 10-14. Once information has been stored in the database, you can use any third party reporting tool to access the information. You can also use the built in predened reports to retrieve success and failure information. Reporting is covered in detail inUse Predened Reports to View Application Events on 10-25.
For additional information and training on custom reporting against the success, failure, and RPM database, the ATT ZENWorks Desktop Management Deployment course is available.
SNMP Trap
You can use Application Launcher to send SNMP traps to any management console. For example you can congure Application Launcher to send SNMP traps to a ZENworks Server Management and Monitoring server. The benet of using SNMP traps is that they provide real time reporting that the Help desk or others can use to resolve issues.
XML

10-4
XML reporting is most appropriate when you want Application Launcher to report events for users outside your rewall. Application Launcher can send events as XML data to a URL using HTTP or HTTPS.
Version 1
For example, if you are using the Application Management Reporting servlet to receive application events (in XML format) and save them in a JDBC-enabled database, you dene the URL of the Reporting servlet.
Log File
Application Launcher can record application distribution events occurring on multiple workstations to a single log le at a common network location. To do this, you need to establish a network directory and grant users Read and Write rights to les in that directory. Because log le names are established on an application basis, you can either have individual log les for each application or one log le for all applications. However, you cannot have log les on a per-user basis unless you congure application objects to have Application Launcher save a unique log le to a users local hard drive. Because event reporting is congured on a per-application basis, you can select the applications that you want to collect event information for and generate reports. The following is a sample log le report: Figure 10-1

How to Congure Service Location Packages

A Service Location package contains policies that let you dene the location of services used by ZENworks. ZENworks Desktop Management uses these policies to provide the status of events such as launching, ltering, distributing, and terminating applications. Reporting the status of application events helps you take timely action when application events do not occur as planned. To implement a Service location package, you create a Service Location package, congure the Service Location package policies, and associate the package with the required container object in eDirectory. You can associate a Service Location package only with container objects in eDirectory. To congure Service Location packages, you need to know how to do the following:

Create a Service Location Package Associate the Service Location Package Enable and Configure Service Location Package Policies
Create a Service Location Package
To create a Service Location package, do the following:

1. 2.
Launch ConsoleOne. Browse to the container where you want to create the Service Location package. Start the Policy Package wizard by right-clicking the container and selecting New > Policy Package. The Policy Package wizard appears.
3.

10-6
Version 1
4.
View the list of policies contained in the service location package by selecting Service Location Package in the left pane. The following appears:
Figure 10-2
5. 6.
Continue by selecting Next. In the Policy Package Name field, enter a Service Location package name; then select Next. From the Summary page, select Finish.
7.
Associate the Service Location Package
To associate the service location package, do the following:

1. 2. 3.
Display the properties of your Service Location package. Associate the package with an object by selecting Associations. Select Add. The Select Objects dialog appears.

Version 1
10-7
You can only associate the Service Location policy with a country, a locality, an organization, or an organizational unit.
4.
Select the container object you want associated with the policy package; then select OK. After a policy package is associated with the container, all enabled policies included in the package are applied.
5.
Close the Properties of Service Location Package dialog by selecting OK.
Enable and Congure Service Location Package Policies
Once you create the package, you can congure 4 policies in a Service location package. However, only 3 of these are used by ZENworks Desktop Management, and include the following:

Database Location Policy SNMP Trap Target Policy XML Targets Policy
Database Location Policy
The Database Location policy identies the location of the ZENworks database object. If you installed the ZENworks database, you should congure and enable this policy. The Database Location policy lets you congure both the Inventory database and the Application Management databases. For reporting, you need to congure the location of the Application Management database. To setup the Database Location policy, do the following:

10-8
1.
Display the properties of your Service Location package.
Version 1
2.
Enable the Database Location policy by selecting Enabled next to Database Location. Display the properties of the Database Location policy by selecting Properties. Select the Application Management tab. Browse to the Application Management database that was created during server installation. Select Add and enter a new target; then select OK. Close the Properties dialog by selecting OK.
3.
4. 5.
6. 7.
SNMP Trap Target Policy
If you are using SNMP, you can use the SNMP Trap Targets policy to specify the IP address or DNS name of the workstation or server where you want to send SNMP alerts. SNMP alerts are notications for the status of events that are monitored. For example, suppose Digital Airlines plans to deploy an ERP application using application launcher/explorer for the IS division. By conguring the SNMP trap targets policy, you are notied of the workstations where the ERP application has failed to launch. (You are not notied of successful application launches, only failures.) To set up the SNMP Trap Targets policy, do the following:
1. 2.
Display the properties of your Service Location package. Select the SNMP Trap Targets policy by selecting Enabled next to SNMP Trap Targets. Display the properties of the SNMP Trap Targets policy by selecting Properties.
3.

4. 5.
Select Add and enter a new target; then select OK. Close the Properties dialog by selecting OK.
After you set up an SNMP Trap Targets policy, you need to congure the various application events for which you need to send alerts. To do this, you need an application object in the container where you associate the policy.

XML Targets Policy
Extensible Markup Language (XML) is a exible way to create common information formats and share both the format and the data. If you choose to export and view application management information in XML format, you should congure and enable the XML Targets policy. The XML Targets policy lets you assign the URL that you'll use to view this information. You can use this policy to report application event information across a rewall. This policy lets you access the application event information of the application object from any location. When congured, this policy sends report information about application events (such as distribution, launch, ltering, uninstall, cache, and process termination) that occur on users' workstations. The information is sent as XML data using standard HTTP or HTTPS protocol. For example, if you are using the ZENworks Desktop Management Application Reporting servlet to receive application events (in XML format) and add them to a JDBC-enabled database (such as the Sybase database that is included with ZENworks), you would dene the URL of the Application Reporting servlet. An example URL would be http://novell.com/zfdamrServlet/run. This is just one of the tasks required to enable reporting of Application Management events through XML. You also need to do the following:
Associate the service location package with the containers where the users or workstations reside whose reports you want sent as XML data. Enable XML as a reporting method and define the events (distribution, launch, filtering, uninstall, cache, and process termination) that you want reported.

Version 1
10-11
This must be done individually for each application whose events you want reported. You use the application object's Reporting page to enable XML reporting and dene the reported events (by selecting the application objects Reporting page).
Make sure you've set up the XML processing mechanism and data storage mechanism. For example, if you are using the Application Reporting servlet and the Sybase database, make sure that each is set up and congured properly.
To congure an XML Targets policy, do the following:

1.
Display the properties of your Service Location package. The Policies page appears.
2.
Select the XML target policy by selecting Enabled next to XML Targets. Display the properties of the XML target policy by selecting Properties.
3.

4.
Configure the policy using the following options:

Option URL Targets Effect Use to view URLs where Application Launcher will send XML reporting data. Use to add a URL to the XML URLs list. Use to remove URLs from the list of XML URLs.
Table 10-1
Add Remove 5.

How to Congure the Application Object

After you have congured the Service location package and associated it to the containers with users that are running applications, you must congure the application object for reporting. Do the following:
1. 2.
Launch ConsoleOne. Right-click an application object you want to generate a report for and select Properties. Select Common > Reporting. The Reporting page appears:
3.
Figure 10-5
4.

10-14
Select the checkboxes that correspond to the event and target that you want to send the event notification to. When you finish, select OK.
Version 1
How a Report is Sent

Once you congure the application to report, the user must refresh Application Launcher. This causes the application list to be re-read. At that point the events that are congured will be reported as they occur.

Objective 2
Implement Rogue Process Management

ZENworks Desktop Management provides the ability to record all of the unmanaged applications that users are running. It also provides the capability to restrict the unmanaged applications that users can run. This feature in ZENworks is referred to as Rogue Process Management (RPM). A rogue process is a process that was initiated by the user outside of the Application Launcher interface. In this objective, you learn how to do the following:

Configure Tracking of Unmanaged Applications Restrict Launching of Unmanaged Applications
Congure Tracking of Unmanaged Applications

The primary benet of Rogue Process Management (RPM) is the ability to track what applications users are running from outside of Application Launcher. This feature lets you identify applications that you should create objects for and determine which applications being run are undesirable in your environment. To congure tracking of un-managed applications you need to create the following key: HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\ Process Management Create the following keys and values under Process Management:
Default Action (DWORD value) For enabling just the tracking of applications being run outside of Application Launcher, set this value to 0.

10-16
Version 1
Report Ignored (DWORD value) If this value is set to 1 then reporting events are sent to the locations specied in the Reporting Targets key for each application that is allowed to run.
Reporting Targets (key) Lists the locations where reporting events should be sent. The available values for this key include the following:
Table 10-2
Value Database
Type DWORD
Data If this value is set to 1 then reports are sent to the database. A database location policy must congured.
SNMP
DWORD
If this value is set to 1 then SNMP traps are sent when an un-managed application is run. A SNMP trap target policy must be congured.
XML
DWORD
If this value is set to 1 then XML reports are sent to the congured XML target. A XML target policy must be congured.
File
String
Enter the complete path and lename to the le that the report information should be written to. The user must have rights to modify the le.

Version 1
The easiest way to distribute these keys to any user is to create a Simple Application object that distributes the registry keys.
10-17
Once these keys are delivered to the workstation, any application that is launched from outside of Application Launcher is reported. In addition, the machine, username, time, IP address, and event type are reported.
Restrict Launching of Unmanaged Applications

If you want to restrict use of undesirable applications on workstations, you can congure RPM to prevent these undesirable applications from running. To restrict the applications that Application Launcher allows, congure the following additional registry keys under HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\ Process Management:
Default Action (DWORD value) Controls whether Application Launcher is congured by default to allow applications to run outside of Application Launcher. If this value is set to 0, then any application that is not explicitly listed to be stopped is allowed to run. If this value is set to 1, then any application that is not listed is immediately stopped.
Report Terminated (DWORD value) If this value is set to 1, then reporting events are sent to the locations specied in the Reporting Targets key for each application that is terminated.
Exception List (key) Create string values under this key that list the name of executable that you want to prevent from running. For example, if you wanted to stop NOTEPAD.EXE from running you would create the string value NOTEPAD.EXE under Exception List. Leave the data of the value empty.

10-18
Version 1
Reporting Targets For details on conguring reporting targets, see Congure Tracking of Unmanaged Applications on 10-16.
The easiest way to distribute these keys to any user is to create a Simple Application object that distributes the registry keys. Once these keys are delivered to the workstation, any application that is congured in the exception list is terminated as soon as it is loaded. The program name, user, workstation, time, and IP address are reported to the appropriate reporting target.

Exercise 10-1
Restrict Application Access With Rogue Process Management (RPM)

Rogue Process Management (RPM) is a feature of Application Launcher that lets you restrict what a user can run outside of Application Launcher. In this exercise, you create an Application Launcher application that restricts the user so that Notepad cannot be run. In a production environment you might prevent setup.exe and install.exe from being run. You use the following Host computers and VMware virtual machines:
Figure 10-6
WS2 WinXP Pro XP2 10.200.200.12

Do the following: Part I: Create a Simple Application to Add the Registry Entry for Rogue Process Management Part II: Verify that Notepad is Blocked
Part I: Create a Simple Application to Add the Registry Entry for Rogue Process Management
Do the following:
1.
From the Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. Start ConsoleOne. From the ConsoleOne window, browse to and right-click Apps.slc.da. Select New > Application. A New Application Object dialog appears.
2. 3.
4.
5.
Make sure that A simple application (no .AOT/.AXT/.MSI file) is selected; then select Next. In the Object Name field, enter Enable RPM; then select Next. From the Define the following information for the Application object page, select Next. From the Add rules to control availability of this application page, select Next. From the Add user and workstation association page, select Next. A summary page appears.
6. 7.
8.
9.

Version 1
10. Select Display details after creation; then select Finish.
A Properties of Enable RPM dialog appears.
10-21
11. Select the Distribution Options > Registry tab page. 12. Select HKEY_CURRENT_USER; then select Add > Key. 13. Change the name of the key to Software; then press Enter. 14. Select Software; then press Ctrl+K. 15. Change the name of the key to NetWare; then press Enter. 16. Select NetWare; then press Ctrl+K. 17. Change the name of the key to NAL; then press Enter. 18. Select NAL; then press Ctrl+K. 19. Change the name of the key to 1.0; then press Enter. 20. Select 1.0; then press Ctrl+K. 21. Change the name of the key to Process Management; then press
Enter.
22. Select Process Management; then select Add > DWORD. 23. In the Value name field, enter Default Action. 24. In the Value data field, enter 0; then select OK.
A zero indicates that unless the application is in the exception list, the application should be allowed to run.
25. Select Process Management; then press Ctrl+K. 26. Change the name of the key to Exception List; then press Enter. 27. Select Exception List; then select Add > String.
This list contains the executables that should not be allowed to run.
28. In the Value name field, enter Notepad.exe; then select OK. 29. Select Process Management; then select Add > DWORD. 30. In the Value name field, enter Report Terminated.

10-22
In the Value data field, enter 1; then select OK.
Version 1
A value of 1 indicates that whenever RPM kills an application the event should be logged.
32. Select Process Management; then press Ctrl+K. 33. Change the name of the key to Reporting Targets; then press
Enter.
34. Select Reporting Targets; then select Add > String. 35. In the Value name field, enter File. 36. In the Value data field, enter \\DA-ZEN\Data\Apps\rpm.log;
then select OK.

37. Select the Distribution Options > Options tab page. 38. Select the Distribute Always check box. 39. Select the Common > File Rights tab page; then select Add. 40. Browse to and select DA-ZEN_DATA\Apps; then select OK. 41. Select the Read, Write, Create, Erase, Modify, and File Scan
rights check boxes.

42. Select Apply. 43. Select the Associations tab. 44. Select Add; then browse to and select Users.slc.da. 45. Select OK. 46. Select Users within this container; then select OK. 47. Select the Force Run check box; then select OK.
Part II: Verify that Notepad is Blocked
Do the following:
1.
Verify that Notepad is blocked for local access: a. From the WS1 workstation, log off, and then log in as CKent with a password of novell.

Version 1
10-23
b. c.
When prompted if you are using a slower connection, select No. Try to launch NOTEPAD.EXE. The application exits and an error message appears indicating that the notepad.exe application was terminated. A log entry is written to the rpm.log le for WS1.
2.
Verify that Notepad is blocked for slower connection access: a. From the WS2 virtual workstation without using the Novell Client, log off and then log in as BWayne.users.SLC.DA with a password of novell. When prompted to indicate if you are using a slower connection, select Yes. Try to launch NOTEPAD.EXE.
b. c.
d. The application exits and an error message appears indicating that the notepad.exe application was terminated.
3.
From your Host2 computer, check the contents of the \\DA-ZEN\data\Apps\rpm.log file. Notice that the log entry for WS1 includes the full qualied user name, the workstation, the IP address, and the application that was terminated.
4.
Close all open windows.
(End of Exercise)

Objective 3
Use Predened Reports to View Application Events

ZENworks Desktop Management provides predened reports for retrieving information about application management successes and failures. These predened reports are available through ConsoleOne and include the following:
Success report. Lists the user, application, and time when each application that has been reported occurred. Success advanced report. Lists additional information about each of the events that have occurred. Failure report. Lists the user, application, type of event and when the event occurred. Failure advanced report. Lists additional information about each of the events that have occurred. This report includes the error message that was reported when the failure occurred.
To run a predened report against the Application Launcher database, do the following:
1. 2.
Launch ConsoleOne. Select Tools > ZENworks Reports.

3.
Select the report you want to generate. The description for the report is displayed on the right side of the dialog.
4. 5.
(Optional) Specify your selection criteria. Select OK. The query is run (this may take a few minutes); then a report is displayed.

Summary
Objective
1. Congure
Reporting for Application Events
What You Learned ZENworks Desktop Management lets you generate reports on many different application events. To successfully congure reporting you need to know the following:

Reporting options available How to congure Service Location packages How to congure the Application object How a report is sent
2. Implement Rogue
Process Management
ZENworks Desktop Management provides the ability to record all of the un-managed applications that users are running. It also provides the capability to restrict the un-managed applications that users can run. This feature in ZENworks is referred to as Rogue Process Management (RPM). A rogue process is a process that was initiated by the user outside of the Application Launcher interface. In this objective, you learned how to do the following:
Congure Tracking of Un-Managed Applications Restrict Launching of Un-Managed Applications

Objective
3. Use Predened
Reports to View Application Events
What You Learned ZENworks Desktop Management provides predened reports for retrieving information about application management successes and failures. These predened reports are available through ConsoleOne and include the following:

Success report Success advanced report Failure report Failure advanced report

Distributed Application Management
SECTION 11
In this section, you learn about the methods ZENworks Desktop Management provides for accessing applications from almost any location. You are then introduced to the ZENworks Server Management product as a method for simplifying the distribution of applications in your enterprise.
Objectives
1. 2. 3. 4. 5. 6.
Implement Load Balancing Implement Fault Tolerance Implement Application Site List Implement Remote Alternate Applications Describe Optimization Tips for Application Management Describe How to Simplify a Distributed Application Environment Using ZENworks Server Management

Introduction
As a network administrator, you provide applications to users. This requires an efcient application distribution system. While designing your system, make sure the location of users in the tree and on the network does not signicantly affect the response time of an application. Also remember that applications must always be available to users, regardless of potential server problems that can prevent this access. Application distribution involves providing site lists, load balancing, fault tolerance, and implementing alternate remote access.

Objective 1
Implement Load Balancing

As a network administrator, you must implement load balancing when the utilization percentage of the server is high. Although load balancing and fault tolerance are congured using the same tab in ZENworks, the procedures are different. Load balancing is congured to optimize server utilization. Fault tolerance is congured to handle server failover. To implement load balancing, you need to do the following:

Identify How Load Balancing Works Create a Duplicate Application Object (Optional) Determine Configuration Options Configure Load Balancing
Identify How Load Balancing Works

In an environment where many users access the same application at the same time, the server can become overloaded. When servers are overloaded (primarily due to inadequate memory to meet service demands) the services they provide can be sluggish and inefcient. Load balancing spreads the workload of an application server across several servers. This decreases the utilization of the servers and keeps users productive. To implement load balancing, you need application objects dened for applications, with each application object referencing source les on different servers.

Version 1
Because load balancing is not enabled by default, you must enable it. With load balancing enabled, Application Launcher pulls the application les from all servers offering the application.
11-3
To balance the workload across servers, ZENworks uses an algorithm to assign a random number to each request. This random number determines which application object the user accesses to use the application. For example, if several users check their email simultaneously, Application Launcher launches the email application for each user depending on the random number assigned. ZENworks load balancing does not ensure that each application server is used equally. ZENworks assumes that the randomness of the assigned number generated decreases server utilization. When a user launches the application, Application Launcher selects a package source or application object to use. If the package source or application object is unavailable, Application Launcher selects another one.
Create a Duplicate Application Object (Optional)

If you want to use application object load balancing or fault tolerance, you must create duplicate application objects to link together. When duplicating an application object, you specify a unique application name, source path, and target path.
x
11-4
Remember, for load balancing, these les must be stored on different servers.
Version 1
Determine Conguration Options

You congure load balancing by accessing the Properties page of an application object. The load balancing conguration options are located on the Fault Tolerance > Load Balancing tab page: Figure 11-1

The Load Balancing page provides the following options: Table 11-1
Option Enable Load Balancing Effect Use to enable load balancing. Other load balancing options become available when this option is enabled. To enable load balancing for an MSI application object, specify a list of source locations in the Common > Sources tab. Application Launcher then randomly selects source locations from the list to implement load balancing. Use Source List Use to have Application Launcher use a list of package sources for load balancing. You must have already created at least one package source.
This is not available for terminal server or web applications.

Use Application List Use to have Application Launcher use a list of application objects for load balancing. You must have already created duplicate application objects for the application. The application les must be stored on a different server or volume.
Congure Load Balancing

You can congure load balancing for the following types of applications:
Load Balancing for MSI Applications Load Balancing for Non-MSI Applications

11-6
Version 1
Load Balancing for MSI Applications
To congure load balancing for MSI applications, do the following:

1.
Make a copy of the source files and an MST file on another server or volume. Record the location of the application copy and the MST file. Launch ConsoleOne; then browse and select your MSI object. Right-click your MSI object; then select Properties. Select Fault Tolerance > Load Balancing. Select Enable Load Balancing. Select Common > Sources; then select Add. Specify the location of the application package copy in step 2; then select Open. Select OK.
2. 3. 4. 5. 6. 7. 8.
9.
10. Select MSI > Transforms; then select Add. 11. Specify the location of the MST file from Step 2. 12. Select your MST le; then select Open. 13. Select OK. 14. Select Common > File Rights; then select Add. 15. Specify the location of the application package copy from Step
2; then select OK.

16. Select Add; then specify the location of the MST file from Step
2.
17. Select OK twice.

Load Balancing for Non-MSI Applications
To congure load balancing for non-MSI applications, do the following:

1.
Launch ConsoleOne; then browse and select your non-MSI object. Right-click your non-MSI object; then select Properties. Select Fault Tolerance > Load Balancing; then select Enable Load Balancing. Select either Use Source List or Use Application Objects; then do the following:
2. 3.
4.
If you select Use Source List, do the following: a. b. c. Select Add. Browse and select the duplicate source les. Select OK. Select Add. Browse and select the duplicate of the non-MSI object. Select OK.
If you select Use Application Object, do the following: a. b. c.
5.
Select OK.

Objective 2
Implement Fault Tolerance

You implement fault tolerance by creating duplicate application objects whose application les are on different servers or volumes. When a user launches the application, Application Launcher rst tries to use the application object associated with the application. If the application is not available, the duplicate application object is used. Where possible, avoid fault-tolerant linked applications that span WAN links because these applications can degrade performance. You can implement both load balancing and fault tolerance, if necessary. By default, Application Launcher implements load balancing rst and then fault tolerance. To implement fault tolerance, do the following:

Select the Configuration Options You Want to Use Configure Fault Tolerance
Select the Conguration Options You Want to Use

To congure fault tolerance, you rst determine the options you want to use. Access the properties of an application object; then select the Fault Tolerance tab. This tab species the application objects that Application Launcher uses as backups when the application object becomes unavailable.

The following shows the Fault Tolerance Property page: Figure 11-2

Option Enable Fault Tolerance Use Source List Effect Use to enable fault tolerance. The other options are available only if this option is enabled. Use to have Application Launcher use a list of package sources as backup. You must have already created at least one package source. Application Launcher accesses this source list in the order you specify. This option is not available on application objects for terminal server or web applications.

(continued)
Table 11-2
Option Use Application List
Effect Use to have Application Launcher use a list of application objects as backup. As with the source list, if the application is too busy or not available, Application Launcher attempts to distribute each application object in the specied order.
Congure Fault Tolerance

You can use the following methods to congure fault tolerance:

Configure Fault Tolerance for MSI Applications Configure Fault Tolerance for NonMSI Applications
Congure Fault Tolerance for MSI Applications
To congure fault tolerance for MSI applications, do the following:

1.
Make a copy of the install source and MST file on a different server or volume. Record the location of the application copy and the MST file. Launch ConsoleOne. Right-click your MSI object; then select Properties.
The Fault Tolerance Property page does not apply to MSI applications. For MSI application objects, you provide fault tolerance by using additional source locations of the installation package. You congure these additional source locations by accessing the Properties of the MSI application object and conguring the Common > Sources tab.
2. 3. 4.
x
Version 1
11-11
5. 6.
Select Common > Sources; then select Add. Specify the location of the application package copy from Step 2; then select OK. Select MSI > Transforms; then select Add. Specify the location of the MST file from Step 2. Select your MST le; then select Open.
7. 8. 9.
10. Select OK. 11. Select Common > File Rights; then select Add. 12. Specify the location of the application package copyfrom Step 2;
then select OK.

13. Select Add; then specify the location of the MST file in step 2. 14. Select OK twice.
Congure Fault Tolerance for NonMSI Applications
To congure fault tolerance for non-MSI applications, do the following:

1. 2. 3. 4. 5.
Launch ConsoleOne. Right-click your nonMSI object; then select Properties. Select Fault Tolerance > Fault Tolerance. Select Enable Fault Tolerance. Select Use Source List or Use Application List and do the following:
If you select Use Source List, do the following: a. b. Select Add. Browse and select the duplicate source les. Select OK.

11-12
c.
Version 1
If you select Use Application List, do the following: a. b. Select Add. Browse and select the duplicate of the nonMSI object; then select OK.
6.
Select OK.

Objective 3
Implement Application Site List

An application site list contains applications that correspond to application objects regardless of where the application les are located. These site lists provide users with fast, reliable access to their applications, regardless of where those application les are located. In organizations with many sites, each site hosts applications for users who access them. To do this, each site has separate application objects representing the same applications in eDirectory. For example, when a user at site A launches an application, the site A application is used. However, if the user travels to site B and launches the application, the application from site B is used. As a result, application site lists give users who travel from one site to another fast access to their applications while reducing WAN trafc and associated costs. Application site lists achieve this by allowing a network administrator to link an application at one site (site A) to an application at another site (site B). Application site lists consist of identical application objects (whose application source les are stored on different servers) that are linked together. By doing this, the user sees one icon but the application can be launched from multiple sites depending on the users location.
When creating application site lists, avoid spanning WAN links. Spanning affects the performance of the application and your network.
VIEW ONLY users authenticate using the Novell Client or a ZENworks Middle NO PRINTING Tier server. ALLOWED
Application site lists can be implemented, regardless of whether
To implement site lists, you need to know how to do the following:
Identify How Application Site Lists are Implemented Using the Novell Client Identify How Application Site Lists Are Implemented Using a ZENworks Middle Tier Server Configure Application Site Lists
Identify How Application Site Lists are Implemented Using the Novell Client
For users authenticating to the network using the Novell Client, the application site list is implemented in a way that is transparent to the user. As shown in the following, the user accesses the application at site B faster and with better performance than if that user were to attempt to access the application at site A: Figure 11-3
App Site List
App1 App2
Site A
App1 WAN
Site B
App2
User

Identify How Application Site Lists Are Implemented Using a ZENworks Middle Tier Server
For users authenticating to a Middle Tier server, application site lists are implemented differently. When authenticating through a Middle Tier server, the application closest to the Middle Tier server is used. This application might not be the application closest to the user. To overcome this problem, consider the following:

Accessing Middle-Tier Servers from Inside the Firewall Accessing Middle-Tier Servers from Outside the Firewall
Accessing Middle-Tier Servers from Inside the Firewall
When implementing application site lists on Middle Tier servers inside the rewall, you dont want to make users select a different Middle Tier server to authenticate themselves at every site. Not only can this create confusion, it can affect network performance if users select the wrong Middle Tier server.

In the following gure, users at Site A log on to the local Middle Tier server with a DNS name of slc.da.com and an IP address of 10.200.200.1: Figure 11-4
Users at site B log on to the local Middle Tier Server with a DNS name of del.da.com and an IP address of 10.200.200.23. In order to provide users from Site A access to the Middle Tier Server at Site B without forcing them to change their Middle Tier Server settings, you should congure a second DNS name to resolve to the Site B Middle Tier server IP address. A DNS record for slc.da.com that resolves to 10.200.200.23 on Site B would provide users access to the closest Middle Tier server while allowing them to keep their Middle Tier server settings.

Accessing Middle-Tier Servers from Outside the Firewall
To make sure users access the closest Middle Tier server from outside the rewall, they must be allowed to choose their own Middle Tier server during the installation of Middle Tier services.
Although this solution is not ideal, it does provide administrators and users with ZENworks functionality.
After users are provided with the ability to choose their Middle Tier server, you set up each Middle Tier server IP address to resolve to a location-specic DNS name. For example, suppose Digital Airlines has a Middle Tier server in Sydney, Australia. The server IP address maps to syd.da.com. When users travel to Sydney and authenticate to the Middle Tier server, they choose syd.da.com and then supply their user name and password, as shown in the following: Figure 11-5

Congure Application Site Lists

Regardless of how you implement them, you congure all application site lists in the same way by doing the following:
1.
From ConsoleOne, right-click the application object you want to link; then select Properties. Select Fault Tolerance > Site List. The Site List page appears:
2.
Figure 11-6
3. 4.
Select Link. Browse to the application object you want to create a link to; then select OK. Save the changes by selecting OK.
5.

Version 1
You can link an application object (App 1) to only one other application object (App 2). A reverse link is created between App 2 and App 1.
11-19
For example, suppose you have 2 duplicate application objects (Word 1 and Word 2) at two different sites. You can link Word 1 to Word 2, which creates the following site lists for each object:

Word 1 linked to Word 2 Word 2 linked to Word 1
The following shows the application site list concept for the applications: Figure 11-7
App Site List
App1 App2
Site A
App1 WAN
Site B
App2
To link 3 application objects, you need to link 2 application objects rst and then link the third to either of the rst 2 objects. This establishes a link between the 3 application objects. For example, suppose you have 3 duplicate application objects (Word 1, Word 2, and Word 3) at three different sites. You begin by linking Word 1 to Word 2. Because you can link an application object to only one other application object, you now need to link Word 3 to either Word 1 or Word 2. This results in the following site list for each application object:

Word 1 linked to Word 2 and Word 3 Word 2 linked to Word 1 and Word 3 Word 3 linked to Word 1 and Word 2

The following shows the concept for the 3 applications: Figure 11-8
App3
W AN
AN W
Li
nk
Li
nk
App1 WAN Link
App2
Now, all three application objects are linked. Similarly, you can link multiple application objects for all sites on your network. As a result, this reduces WAN trafc and associated costs.

Objective 4
Implement Remote Alternate Applications

When users access applications remotely, you might want to implement alternate remote-access applications. These are applications that are only used over a slow connection. Terminal server or web applications are usually implemented as alternate remote-access applications. For example, when a user is accessing the application in remote mode, you might want the application to be run from a terminal server. To implement alternate remote access applications, you need to know the following:

Alternate Remote Application Configuration Options How to Configure Alternate Remote Access Applications
Alternate Remote Application Conguration Options

You can specify alternate remote access application conguration options by accessing the properties of an application object and then selecting the Fault Tolerance > Alternate Remote App tab.

The following page appears: Figure 11-9
From this page you can congure the following options: Table 11-3
Option Application Object to Use When Running Remotely Effect Use to select the application object for the terminal server or web application you want to use.

(continued)
Table 11-3
Option Always Use this Alternate Application When Running Remotely
Effect Use to force Application Launcher to use the alternate application instead of a locally installed application. Select this if the application requires access to a database or some other network resource that is available only if the alternate application is used. By default, Application Launcher does not use the alternate application if the original application is installed on the users workstation; instead, it uses the locally installed application.
How to Congure Alternate Remote Access Applications

You can congure alternate remote access applications that run on a terminal server by doing the following:
1.
Create a terminal server application: a. From ConsoleOne, right-click the container where you want to create the terminal server application and select New > Application. Select A Terminal Server application; then select Next. In the Object Name eld, enter the name of the object; then select Next.
b. c.
d. Choose a Windows terminal server session by either selecting RDP Session or ICA Session. RDP is usually used by small organizations; ICA is usually used by large organizations.

11-24
e.
If you chose ICA, congure the following:
Version 1
Published Application Name. By default, this field is populated with the Application object name you previously entered. If the name does not match the application name exactly as it is defined in Citrix, change the name to the Citrix published application name.
Servers Hosting This Application. Add the Citrix servers that host the application. To add a server, select Add and specify the server's IP address or hostname; then select OK. Terminal Server Address and Port. Specify the terminal server's IP address or hostname. Server Domain. If the terminal server is part of a Windows NT domain or an Active Directory domain, specify the domain name. Application Path. Specify the path to the application's executable file. Working Directory. Specify the path to the directory you want the application to use for its working files.
f.
If you chose RDP, congure the following:
g. Select Next. h. Congure your distribution rules, then select Next. i. j. Associate and congure the application; then select Next. Select Finish.
x
2.
For more information on creating a terminal server application, see Describe Terminal Server and Web Applications on 9-106
On the local application object, specify the alternate remote access application: a. From your container, right-click the application object for which you want to congure a remote access application.

Version 1
11-25
x
b. c. e.
Do not select the remote application.
Select Properties. Select Fault Tolerance > Remote Alternate App.
d. From the Application object to use when running remotely eld, browse to your remote application object; then select OK. Select Always use this alternate application when running remotely; then select OK. This forces Application Launcher to use the alternate application instead of a locally installed application. f. Close ConsoleOne.

Exercise 11-1
Congure a Remote Alternate Application

As network administrator for the Digital Airlines SLC Ofce, you decide it will be easier for your users if there is only one icon for OpenOfce in the Application Explorer. In this exercise, you congure the OpenOfce application to use OpenOfce - Remote when the workstation is outside the rewall. You use the following Host computers and VMware virtual machines:
Figure 11-10
DA-CITRIX Win2K Server 10.200.200.200
Do the following:
1.
Start the DA-CITRIX terminal server: a. From VMware Workstation on the Host 1 machine, make sure the DA-CITRIX tab is selected; then from the tab page, select Start this virtual machine.

Version 1
11-27
b.
When the Welcome to Windows dialog appears, press Ctrl+Alt+Insert; then log in as Administrator with a password of novell. From the Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. Start ConsoleOne. From ConsoleOne, browse to and right-click OpenOfce.Apps.slc.da. A Properties of OpenOfce dialog appears.
2.
Implement Remote Alternate Applications: a.
b. c.
d. Select Properties. e. f. Select the Fault Tolerance > Remote Alternate App tab page. In the Application object to use when running remotely eld, browse to and select OpenOfce Remote.Apps.slc.da; then select OK.
g. Select the Always use this alternate application when running remotely check box; then select OK. This forces Application Launcher to use the alternate application instead of the local application.
3.
Remove OpenOffice - Remote from Application Explorer: a. b. c. e. From ConsoleOne, browse to and right-click OpenOfce Remote.Apps.slc.da. Select Properties. A Properties of OpenOfce-Remote dialog appears. Select the Associations tab. Select OK. d. Select Users.slc.da; then select Delete.

4.
Verify that the OpenOffice-Remote application is available for remote access: a. Make sure the DA-CITRIX virtual server is running and that you are logged in as administrator with a password of novell. From the WS2 virtual workstation, log off and then log in as BWayne with a password of novell. When prompted about your connection speed, select Yes. Browse to the Digital Airlines Applications > OpenOfce folder. Start the OpenOfce application by double-clicking the OpenOfce shortcut. The application launches OpenOfce on the Terminal Server. g. When prompted, log in as Administrator with a password of novell. The OpenOfce application opens from the DA-CITRIX terminal server. h. Close OpenOfce. i. Close the terminal server connection by selecting the X in upper right corner of the window. A Novell TS Client - Disconnect session dialog appears. j. Disconnect the session by selecting OK.
b. c. e. f.
d. From your desktop, double-click Application Explorer.
(End of Exercise)

Objective 5
Describe Optimization Tips for Application Management

To optimize application management, keep the following in mind:
eDirectory objects. Keep application and user objects close to each other. Dont separate them across a WAN link. Application Launcher (NAL). Do the following:

Organize applications by creating folders. Reduce tree walking by designating the top of a conguration tree. Customize the Application Launcher conguration based on user or group requirements. For example, the mode of access can be one of the following: local, remote, or disconnected. Deliver applications based on access mode. For example, if the application is accessed using a LAN, it must be from a local server. However, if the application is accessed across a WAN, it must be accessed through a terminal server.
Application objects. Do the following:
Select the Display Details After Creation option to make the Properties window appear after creating an object. Make sure you verify all conguration settings of the application object. When using application dependencies, make sure you congure the dependency to install in the right order. Use database reporting for medium and large networks. Use XML reporting to report events outside a rewall.
Application reporting. Do the following:


Source resilience. Do the following:
Use source list load balancing and fault tolerance if possible. This reduces the number of application objects you need to manage. If you are using the Application Object load balancing option, create duplicate objects by using the An application by using an existing Application object option. Use load balancing when all servers for application objects are at a single site. Use application site lists instead of load balancing when servers are at various sites throughout a large WAN. However, the servers must reside in the same eDirectory tree. Force Application Launcher to use the alternate remote access application in the case of slow connections for remote users.
Remote alternate applications. If you have remote users, consider creating remote alternate applications for those users when they are on slow connections.

Objective 6
Describe How to Simplify a Distributed Application Environment Using ZENworks Server Management
In large ZENworks Desktop Management environments, it is recommended that each site have a copy of the application object and its associated les. This means that if you have many sites, you also have to manage many application objects. While it is true that ConsoleOne provides a method for duplicating the application, this process is neither automated nor complete. When an application is copied with ConsoleOne, the following problems exist:

The application object is copied, but not the application files. Several settings such as dependencies, folders, GUIDs, and associations are not copied. File rights are not copied.
In addition to these problems, copying applications using ConsoleOne is also a manual process. This means that you must manually copy the application to each location, correct the problems discussed, and then maintain the new application. The biggest problem is that as the size of your ZENworks Desktop Management environment increases, so does the number of applications you have to manage. In many organizations there are hundreds or even thousands of applications. To solve this problem you can use ZENworks Server Management to distribute the ZENworks Desktop Management application.

Doing so solves the problem of distributing the application and solves the following additional problems:
When using ZENworks Server Management to distribute applications not only is the application object copied, but so are the associated files and the rights assigned to these files. Applications copied using ZENworks Server Management also automatically modify the SOURCE_PATH macro or the Common > Sources tab to reference the local source, instead of the original source. If you are using application chains or remote alternate applications these are automatically copied and then relatively link to the new copies of the applications. ZENworks Server Management provides automatic handling of associations. This allows you to distribute the application and automatically associate containers, groups, or workstation groups to the new application. ZENworks Server Management also provides the ability to automatically configure fault tolerant or load balanced applications and simplifies the application site list linking process. When copying applications using ZENworks Server Management, the GUID of the original application is used as the GUID for all of the subsequent copies of the application.
Using ZENworks Server Management to distribute ZENworks applications can signicantly reduce the time you spend managing your ZENworks Desktop Management application environment.
x
Version 1
For information and training on how to use ZENworks Server Management, the ZENworks Server Management Advanced Technical Training course is available.
11-33
Summary
Objective
1. Implement Load Balancing
What You Learned As a network administrator, you must implement load balancing when the utilization percentage of the server is high. Although load balancing and fault tolerance are congured using the same tab in ZENworks, the procedures are different. Load balancing is congured to optimize server utilization. Fault tolerance is congured to handle server failover. To implement load balancing, you need to do the following:

Identify how load balancing works Create a duplicate Application object (optional) Determine conguration options Congure load balancing
2. Implement Fault Tolerance
You implement fault tolerance by creating duplicate application objects whose application les are on different servers or volumes. You can implement both load balancing and fault tolerance, if necessary. By default, Application Launcher implements load balancing rst and then fault tolerance. To implement fault tolerance, you need to know how to do the following:

Determine conguration options Congure fault tolerance

Objective
3. Implement Application Site List
What You Learned Application site lists give users who travel from one site to another fast access to their applications while reducing WAN trafc and associated costs. Application site lists can be implemented, regardless of whether users authenticate using the Novell Client or a ZENworks Middle Tier server. As such, it is useful to be able to do the following:
Identify how application site lists are implemented using the Novell Client Identify how application site lists are implemented using a ZENworks Middle Tier server Congure application site lists
4. Implement Remote Alternate Applications
When users access applications remotely, you might want to implement alternate remote-access applications. These are applications that are only used over a slow connection. Terminal server or web applications are usually implemented as alternate remote-access applications. To implement alternate remote access applications, you need to know the following:
Alternate remote application conguration options How to congure alternate remote access applications

Objective
5. Describe Optimization Tips for Application Management
What You Learned To optimize application management, you need to account for the following:

eDirectory objects Application Launcher (NAL) Application objects Application reporting Source resilience Remote alternate apps
6. Describe How to Simplify a Distributed Application Environment Using ZENworks Server Management
In large ZENworks Desktop Management environments it is recommended that each site have a copy of the application object and its associated les. This means that if you have many sites, you also have to manage many application objects. While it is true that ConsoleOne provides a method for duplicating the application this process is neither automated nor complete.

Deploy Personality Migration Services
SECTION 12
In this section, you learn to deploy ZENworks Personality Migration Services.
Objectives
1.
Describe the Role and Function of Personality Migration Services Install ZENworks Personality Migration Migrate Workstations
2. 3.

Introduction
If youve ever been responsible for a major hardware upgrade for a large organization, you know how difcult it can be to migrate a users les, desktop settings, and preferences from the old system to the new system. It can be a very time-consuming process for you as well as a frustrating process for the end user. ZENworks 7 includes the Personality Migration Services product to automate this labor-intensive process.

Objective 1
Describe the Role and Function of Personality Migration Services

ZENworks Personality Migration, powered by Desktop DNA (from Computer Associates) creates personality les. A personality le is made up of user settings, data, and preferences that make a PC unique to a particular user (that users DNA). ZENworks Personality Migration works with Desktop Management policies to gather information from users computers. These personality les enable you to perform faster and more efcient migrations, upgrades, and backups. To describe the role and function of Personality Migration Services, you need to understand the following:

Personality Migration Features Personality Migration Types Personality Migration Components How Personality Migration Components Work
Personality Migration Features

Personality migration lets you use ZENworks Personality Migration and ZENworks Desktop management to

Capture and store a particular computers DNA Deliver the DNA to a destination computer
Personality Migration lets you migrate the following:
User accounts: User profiles for the logged-on user or for multiple users Desktop: Shortcuts, system tray, wallpaper, display settings, and more

Version 1
12-3
Network settings: Dial-up settings, local network settings, TCP/IP and DNS settings, mapped network drives, and directory shares Printer settings: Printer settings if printer drivers are compatible with the destination system's operating system Applications: Any application on the source system
While you can migrate applications with Personality Migration, We recommend that you use Application Manager to distribute applications instead.
Application settings: Preferences, templates, bookmarks, address books, macros, and other settings Files: Any explicitly-specified files or files identified using search filters Folders: Folders and their contents
Personality Migration Types

ZENworks Personality Migration supports the following migration types:

Real-Time Migration Deferred Migration
Real-Time Migration
Real-time migrations take place over a TCP/IP network and transfer a workstation's personality directly from the old workstation to a new workstation.

This type of migration is useful if you are replacing an old workstation with a new workstation. Its best suited to situations where you are only migrating a small number of computers.
For complete information on real-time migrations, refer to Part V: Application Management on page 189 of the Novell ZENworks 7 Personality Migration Installation Guide (pm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Deferred Migration
Deferred migrations save the personality le on a local or network drive, writable CD/DVD, or any other writable external media. You can transfer your personality le to your destination workstation using an application object. This type of migration is best suited for situations where you are upgrading the hardware in a large number of computers all at once. Its also useful when upgrading workstation operating systems. It can even be used to back up users settings and restore them in the event of a system failure. This section focuses on a deferred migration using Personality Migration to create a template to collect users' DNA les, store them in a network location, and then collect and apply the DNA les using Desktop Management application objects.

Personality Migration Components

Personality Migration Services includes the following components:

Application Scripts Template Files DNA Files DNA Engine Options File Log Files
Application Scripts
Application scripts detect whether a given application is on the source machine. These scripts record the keys and associated values found in the workstation's Registry. They also record the names of the les and directories to be included in a migration and execute the actual transfer of data between the source and destination computers. Application scripts are based on Computer Associates proprietary script language. They have a .dnasym extension.
Template Files
Template les customize and automate the migration process. You can create them in one of two ways:

By running the DNA Engine on the source machine By creating a custom template using the DNA Template Editor

12-6
Template les have a .dtf extension.
Version 1
DNA Files
A DNA le is a record of the source computers settings and preferences (referred to as the workstations personality). You can create a DNA le by running the DNA Engine on the source workstation. You can then use the DNA le to move the personality to the new system. You can restore settings from the DNA les in one of two ways:
Execute the DNA Engine with the /A switch and specifying the name of the DNA file to be restored. or
Use the DNA Engine to convert the DNA file to a self-extracting .exe file.
DNA les have a .dna extension.
DNA Engine
The DNA Engine (DesktopDNA.exe) is the heart of Personality Migration Services. On the source computer, the DNA Engine can create a

Template file DNA file Log file
On the destination system, the DNA Engine restores the DNA le using the settings in the Template le. This, essentially, recreates the source system on the destination system.

Options File
The Options le controls how the DNA Engine functions. It is named DDNAOptions.dox.
Log Files
The DNA Engine creates four different log les:
UNDO log. The UNDO log lets you back out a migration on the destination system. Generating an UNDO log is optional and adds considerable overhead to the DNA file generation process. UNDO log les have a .UNDO extension.
Event log. The Event log displays warnings and errors encountered when the DNA file was restored to the destination system. The Event log is named DNAEvent.log.
Network log. The Network log lists any problems that occurred during the migration process that might have been caused by network communication issues. The Network log is named DNANetwork.log.
Debug log. The Debug log can be used by Novell Support engineers to isolate recurring migration problems. The Debug log is named DNADebug.log.

How Personality Migration Components Work

The following illustrates the function of the Personality Migration Services components when extracting a personality from a workstation: Figure 12-1

The following gure shows the function of these components when restoring a personality to a workstation: Figure 12-2
The process of integrating ZENworks Desktop Management and ZENworks Personality Migration consists of installing Desktop DNA, setting up a network directory structure to store Desktop DNA templates and personality les, creating the DNA template, and creating Desktop Management application objects to collect and restore DNA. In the next objective, you learn how to install Personality Migration.

Objective 2
Install ZENworks Personality Migration

In this objective, you learn how to do the following:

Prepare the Server for Personality Migration Prepare Workstations for Personality Migration Install ZENworks Personality Migration
Prepare the Server for Personality Migration

A functioning ZENworks Desktop Management system is a prerequisite for the ZENworks/Desktop DNA Personality Migration integration. To prepare your Desktop Management server for Personality Migration, you need to do the following:

Create the Desktop DNA Template Store Create the Personality Store
Create the Desktop DNA Template Store
Desktop DNA templates can be thought of as policies dening the collection of settings and data from legacy workstations. You create DNA templates on the source workstation and then store them in a network location that is accessible to users. You can store the templates on the Personality Migration server or by doing one of the following:

Create a Template Store on a NetWare or Linux Server Create a Template Store on a Windows Server

Create a Template Store on a NetWare or Linux Server
To create a template store on a NetWare or Linux server, do the following:

1.
Create a directory named Ddna at the root of one of your server volumes. This directory holds the ZENworks Personality executable le, DNA templates, and workstation DNA personality les.
x
2. 3. 4. 5.
You should not create this directory on your NetWare or Linux servers SYS volume.
Copy the contents of the Ddnarun directory from the ZENworks Personality Migration CD to the Ddna directory on your server. Make the container where the users exist a trustee of the Ddna directory and grant it Read and File Scan rights. Grant users Read and File Scan rights to the Ddna directory. Create a a directory named Templates within the Ddna directory on your server. This directory is used as a storage location for Desktop DNA templates.
6.
Grant users Read and File Scan rights to the Templates directory. Grant migration administrators Read, Write, Create, Erase, Modify, and File Scan rights to the Templates directory.
7.
The next task is to create a Personality Store.

Create a Template Store on a Windows Server
To create a template store on a Windows server, do one of the following:

1.
Create a directory named \Ddna. This directory holds the ZENworks Personality executable le, DNA templates, and workstation DNA personality les.
2.
Copy the contents of the Ddnarun directory from the ZENworks Personality Migration CD to the \Ddna directory on your server. Create a a directory named Templates within the Ddna directory on your server. This directory is used as a storage location for Desktop DNA templates.
3.
4. 5. 6.
Share the \Ddna directory as DDNA. Provide users with basic Read permissions to this share. Provide OS and migration administrators with Full Control permissions to this share.
The next task is to create a Personality Store.
Create the Personality Store
A typical personality should be approximately 1015 MB in size, assuming you are storing Microsoft Ofce settings, templates, and so on. The size of the personality can exceed 500 MB if user data is consolidated and relocated. These personalities are housed in a personality store. A typical corporate personality store should start with a minimum of 15 GB of free storage space for personalities.

You can create a personality store by doing one of the following:

Create a Personality Store on a NetWare or Linux Server Create a Personality Store on a Windows Server
Create a Personality Store on a NetWare or Linux Server
To create a personality store on a NetWare or Linux server, do the following:

1.
On your NetWare or Linux server, create a directory named Data within your existing Ddna directory. Make the container where the users exist a trustee of the Data directory and grant it Read, Write, Create, and File Scan rights. Grant users with Read, Write, Create, and File Scan rights to this directory.
2.
3.
After creating the template and personality stores, you need to prepare your workstations.
Create a Personality Store on a Windows Server
To create a personality store on a Windows server, do the following:

1.
On a Windows server that users have access rights to, create a directory named Data within your existing Ddna directory. Share the \ddna\data directory as DDNADATA. Provide users with Read and Write permissions to this share. We recommend that you use group membership to control access to this share.
2. 3.
After creating the template and personality stores, you need to prepare your workstations.

Prepare Workstations for Personality Migration

To deploy Personality Migration, you need to do the following:

Prepare the Migration Management Workstation Prepare User Workstations
Prepare the Migration Management Workstation
The ZENworks Personality Migration management workstation is a Windows computer used by the network administrator. In addition to installing Personality Migration on this workstation, you should also install ConsoleOne so you can create application objects. To create a template in versions of ZENworks Personality Migration before 6.5, you were required to set up a staging workstation that had each corporate and line-of-business application locally installed. You then used this workstation to create a Desktop DNA template that dened the personality and application settings that would be subsequently collected from individual workstations in your organization. ZENworks Personality Migration includes the Desktop DNA Template Editor. This product eliminates the need to set up a workstation that has each corporate and line-of-business application locally installed. You can use the Template Editor to dene personality settings for most, if not all, of the applications used in your environment.

Prepare User Workstations
To collect and apply workstation personalities using ZENworks Personality Migration, user workstations
Need to be able to access the Ddna directory you created on your server. Must have Microsoft XML Parser 3 installed. With Windows XP Professional installed or running Microsoft Internet Explorer 6, you should already have XML Parser 3 installed. If you need to install the XML Parser 3,
Consider using a ZENworks application object to install this. Set a Distribution Rule on the Personality backup application that checks for this or make the XML Parser application a dependency.
You can download XML parser 3 from the Microsoft Download Center.
The user whose workstation is to run desktopdna.exe must be logged in as a local workstation administrator whether desktopdna.exe is launched from the local machine or from a server location (whether run manually or from an Application object distributed by the Novell Application Launcher).
Install ZENworks Personality Migration

You can run ZENworks Personality Migration from a Windows workstation or a Windows server. You use either the workstation or the server to open the Desktop DNA Template Editor to create the personality templates that will collect users' workstation personalities.

12-16
Version 1
If you want to install Personality Migration on a Windows server, refer to Installing ZENworks Personality Migration on page 17 of the Novell ZENworks 7 Personality Migration Installation Guide (pm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
To install Personality Migration on a workstation, do the following:

1.
Insert the ZENworks Personality Migration CD into the CD drive of the workstation you will be using for Migration Management. The following appears:
Figure 12-3
2.

Version 1
Select Personality Migration. Select ZENworks Personality Migration.
12-17
4.
Select Install ZENworks Personality Migration. The following appears:
Figure 12-5

5.
In the Welcome screen, select Next. The following appears:
Figure 12-6
6. 7.
Review the license agreement. Select I Accept the Terms of the License Agreement; then select Next.

8.
Fill in the fields in the Customer Information page; then select Next.
These elds must be lled out before the installation will continue.

9.
Select the type of installation you want (Typical, Compact, or Custom); then select Next.

10. On the Ready to Install the Program page, select Install.
Wait while the files are copied.

When the file copy is complete, the following appears: Figure 12-10
11. On the Select Options page, select the options you want (View
Readme, Run ZENworks Personality Migration, or Add Shortcut to Desktop).

12. Select Next; then select Finish. 13. Close the Winsetup.exe window.

Objective 3
Migrate Workstations
As mentioned earlier, you can migrate workstation DNA in one of two ways:

Real-Time Deferred
This objective focuses on the deferred migration option. To perform a deferred migration, you need to do the following:

Use the DNA Template Editor to Create a Template Create an Application Object to Collect the Personality Create an Application Object to Apply the Personality
Use the DNA Template Editor to Create a Template

Each customer can have specic requirements for personality migration. Obviously, it is outside the scope of this course to explore the various implications and parameters for all possible migration scenarios. However, the main factors that drive the complexity and, ultimately, the size and scope of the personality migration, include

Whether the legacy environment is well managed Whether you have defined and adhered to a standard operating environment (SOE) How many notebooks and remote users are part of the migration project How much data is stored locally on workstations as opposed to stored using network storage
VIEW ONLY Desktop DNA templates can be thought of as policies dening the NO PRINTING collection of settings and data from the legacy workstation. ALLOWED
To create the Desktop DNA template in the Template Editor, do the following:
1.
On your management workstation, select Start > All Programs > Novell > ZENworks > ZENworks Personality Migration > Migration Toolkit > DNA Template Editor. The following appears:
Figure 12-11
2.
Select your template settings:
Users. Lets you add or remove user proles from your template. Unless you are logged in to the workstation as Administrator, only the current user's settings are migrated.
Only Windows NT, 2000, and XP support multiple user accounts.
x
Version 1
12-25
If you authenticate to the workstation as a user other than Administrator during the migration, then you should not add any users to the template. If this is the case, the personality that will be migrated belongs to the user logged in to the system at the time of the migration. If you are authenticated as Administrator, you can migrate the personality of any workstation user account. To add a user, select Users in the left pane of the Template Editor window; then select Add User. The following appears: Figure 12-12
You can use the Selection tab to locate and select the user account that you want to add.

12-26
System. Lets you edit all the system settings listed in the right pane of the Template Editor window.
Version 1
To add system settings, select System in the left pane of the Template Editor window; then select Add Option. When you do, the following appears: Figure 12-13
Select the settings you want migrated. You can expand the folders by selecting the plus sign (+) next to each item.
Applications. Lets you edit applications to be migrated, their settings, and their associated documents.

To add applications and settings, select Applications in the left pane of the Template Editor window; then select Add Option. When you do, the following appears: Figure 12-14
In this dialog, you can select applications and settings to be migrated. Select the + sign next to an application to display the application settings you can choose. Mark the check box next to an application to migrate the application and all possible settings for that application. To migrate just the application, expand the application and mark only the Application check box; deselect any settings. To migrate only the application settings, such as macros, dictionaries, and preferences, mark only the Settings check box.

12-28
Muscle. Lets you migrate applications for which there are no scripts available. These are called muscle migrations.
Version 1
Muscle migration is disabled by default in ZENworks Personality Migration.
For complete information on enabling muscle migration, refer to Re-enabling the Muscle Migration Function on page 21 of the Novell ZENworks 7 Personality Migration Installation Guide (pm7install.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Files. Lets you edit le and folder migration selections. To select Files settings, select Files in the left pane of the Template Editor window; then select Add File. When you do, the following appears:
Figure 12-15

Select the + sign to expand the list and show all of the les and folders within a drive or folder. Mark the check box next to a drive to select the entire contents of the drive. You can also select individual folders, items within a folder, or individual les.
Filters. Lets you edit the lters you created to implement a search for les, folders, or drives. To edit Filters settings, select Filters in the left pane of the Template Editor window. When you do, the following appears:
Figure 12-16
Personality Migration allows a number of sophisticated methods for searching for and migrating les and folders on the source system. To search for les and folders, you must

12-30
Specify search criteria in the appropriate search tab pages: Application & Type, Name & Location, Date, and/or Size.
Version 1
Add lters to the Filter list. If you want to display the items found by the search, select Find Now.
By default, all lters are selected when added. An unchecked lter will not be applied.
3.
To create the Desktop DNA template, select File > Save. Use the default template name, Mydnatemplate.dtf, or give the template a descriptive name and save the le on the server in the \Ddna\Templates directory that you created earlier.
After you save the template, you are ready to create application objects to collect and apply the personality information.
Create an Application Object to Collect the Personality

Personality Migration uses an application object to collect the DNA personality from associated workstations and store the DNA personality les on the network. You can use the DNA personality les to restore users' personality settings after upgrading to a new operating system or replacing hardware, or you can store the DNA personality les in a network location as part of your disaster-recovery process. To create the Application object, do the following:
1.
In ConsoleOne, right-click the container that you want to create the Application object in. Select New > Application.
2.

3.
In the New Application Object screen, select the Simple Application option; then select Next.

4.
In the Object Name field, enter a name for the application object (for example CollectDNA); then select Next.

5.
In the Path to File field, browse to and select the DesktopDNA.exe executable file. The path to the executable must be a UNC path that includes the server name or server IP address.
6.
Select Next.

The following appears: Figure 12-20 ]
7. 8.
Configure your distribution rules; then select Next. Associate the application object with the users or the workstations on which you want the application to run. You can also associate the object with group objects, workstation group objects, and container objects. If you select a container object, you are given the choice of associating all the container's user and/or workstation objects with the application.
9.
After you create the association, mark Force Run; then select Next. Marking Force Run runs Desktop DNA as soon as Novell Application Launcher or Workstation Helper starts. The CollectDNA application object runs and the workstations personality is taken.

Version 1
12-35
10. Review the application object settings; then mark Display
Details After Creation.

11. Select Finish. 12. In the application objects Properties screen, select Run Options
> Application.
13. Select Path to File. 14. In the Parameters field, enter the following (all on the same line):
DDNA_ACTION DDNA_DATA\DDNA_USER\DDNA_WS /T DDNA_SOURCE\Templates\DDNA_TEMPLATE /X /M or /Q
For example, if your server is named Server1 and you created your Ddna directory on a Vol1 volume, you would enter
/DNA \\server1\vol\ddna\data\%CN%\%DNA_MACHINE_NAME% /T \\server1\vol\ddna\templates\mydnatemplate.dtf /X /M
The following describes each switch used in this example: Table 12-1
Switch /T Description Use a template to specify migration settings. Parameters Template le to use for this migration. Use a UNC path to specify the location. None.
/M
Starts the migration and executes it automatically. The user sees the wizard screens, but isnt allowed to interact with them.
/X
Exits Desktop DNA None. ZENworks Edition when migration is completed unless an error occurred.

(continued)
Table 12-1
Switch /Q
Description Starts the migration and executes it automatically; however, it doesnt display an interface to the user.
Parameters None.
The following describes each CollectDNA option: Table 12-2

Parameter DDNA_ACTION Value /DNA /APPLY Description /DNA takes the personality of the workstation. /APPLY applies the personality to the workstation. DDNA_DATA UNC path to ddnadata share or directory Species the directory where the personality le will be copied to or retrieved from. Species the directory where the Desktop DNA executable is located. Species the lename of the template le to use. Species the user name of the current user. Species the workstation machine name.
DDNA_SOURCE
UNC path to ddnarun share or directory
DDNA_TEMPLATE Template le
DDNA_USER
%CN% %DNA_MACHIN E_NAME%
DDNA_WS

DesktopDNA.exe can be run from a login script as well as from an Application object. To do this, call DesktopDNA.exe as an external program (using @) from the login script with the switches discussed here. Note that the %CN% variable wont work in a login script while the %DNA_MACHINE_NAME% variable will.
15. Save the Application object information by selecting OK.
When the user boots the workstation, the application object is executed and the personality is captured. With the personality captured, you need to create an application object to apply the personality to the destination system.
Create an Application Object to Apply the Personality

To create an application object to apply the personality to users' workstations, you copy the information from an existing application object. Do the following:
1.
In ConsoleOne, right-click the container that you want to create the application object in. Select New; then select Object. Select Application; then select OK. Select An Application By Using an Existing Application Object; then select Next. Browse to and select the application object you used to capture the workstations personality. Select Next.
2. 3. 4.
5.

12-38
Version 1
7.
In the Object Name field, enter a descriptive name for the new object (such as ApplyDNA); then select Next. (Conditional) If necessary, define the distribution rules that a workstation must meet before the application is distributed; then select Next. Associate the application object with the users or workstations that you want to distribute the application to.
8.
9.
10. Mark Force Run; then click Next. 11. Review the settings for the application object. 12. Mark Display Details After Creation; then select Finish. 13. Select the Run Options tab; then select Application. 14. In the Parameters field, enter the following (on one line): /APPLY DDNA_DATA\%CN%\%DNA_MACHINE_NAME% /T DDNA_SOURCE\Templates\DDNA_TEMPLATE /X /M or /Q
For instance, using the example presented earlier, you would enter the following:
/APPLY \\server1\vol\ddna\data\%CN%\%DNA_MACHINE_NAME% /T \\server1\vol\ddna\templates\mydnatemplate.dtf /X /M
The parameter is the same as the parameter for the CollectDNA application object. However, the /DNA (create the DNA le) switch has been replaced with the /APPLY (apply the DNA le) switch.
15. Select OK to save the application object information.

Exercise 12-1
Capture a Workstations Personality

You would like to upgrade the operating system on the workstations through out your network, maintaining the users custom settings, and have decided to use Personality Migration to capture and then restore the personality of the workstations. In this exercise, you use an application object to capture the WS1 virtual workstations personality using the following Host computers and VMware virtual machines:
Figure 12-21
Do the following:

Part I: Create a Template with the DNA Template Editor Part II: Create an Application to Collect Workstation Personality Part III: Capture the Personality of Your Deployment Workstation

Part I: Create a Template with the DNA Template Editor
Create a template by doing the following:

1.
From the Host2 computer, select Start > All Programs > Novell > ZENworks > ZENworks Personality Migration > Migration Toolkit > DNA Template Editor. A MyDNA Template - DNA Template Editor dialog appears.
2. 3.
From the left pane, select Settings > System. In the right pane, expand Desktop Settings; then select the following:

Appearance Screen Saver
4. 5. 6. 7.
From the left pane, select Settings > Files. Select the My Documents check box. Create the Desktop DNA template by selecting File > Save. In the Save in field, browse to and select \\DA-ZEN\Data\Ddna\Templates. When prompted, enter a filename of MyDNATemplate.dtf; then select Save. Select File > Exit.
8.
9.
Part II: Create an Application to Collect Workstation Personality
After you save the template, you are ready to create application objects to collect the personality information. Do the following:

Version 1
1.
From the Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell.
12-41
2. 3. 4.
Start ConsoleOne. From ConsoleOne, browse to and right-click Apps.slc.da. Select New > Application. A New Application Object dialog appears.
5.
Select A simple application (no .AOT/.AXT/.MSI file); then select Next. In the Object Name field, enter CollectDNA; then select Next. In the Path to File field, enter \\Da-zen\DATA\Ddna\DesktopDNA.exe.
The path to the executable must be a UNC path.
6. 7.
x
8. 9.
Select Next. From the Add rules to control availability of this application page, select Next.
10. On the Add user and workstation associations page, select Add. 11. Browse to and select Workstations.slc.da; then select OK. 12. When prompted, mark Workstations within this Container;
then select OK.

13. Select Force Run; then select Next. 14. Select the Display Details After Creation check box; then select
Finish. A Properties of CollectDNA dialog appears.

15. Select the Distribution Options > Registry tab page. 16. Highlight HKEY_LOCAL_MACHINE; then select Add >
Key.

12-42
17. Name the new key Software and press Enter.
Highlight software; then select Add > Key.
Version 1
19. Name the new key DigitalAirlines and press Enter. 20. High digitalairlines; then select Add > DWORD. 21. In the Value name field, enter DNABackup. 22. In the Value data field, enter 1. 23. Select OK. 24. Select the Run Options > Applications tab page. 25. In the Parameters field, enter the following (all on the same line): /DNA \\DA-ZEN\DATA\Ddna\Data\%CN%\%DNA_Machine_Name% /T \\DA-ZEN\DATA\Ddna\Templates\MyDNATemplate.dtf /X /M 26. Select the Run Application Once check box. 27. Select the Run > Options > Environment tab page. 28. Select Run As Unsecure System User. 29. Select the Availability > Distribution Rules tab page. 30. Select Add > Registry.

31. In the Key field, enter the following:
HKEY_LOCAL_MACHINE\Software\DigitalAirlines
32. Make sure Key exists is selected. 33. In the Name field, enter DNABackup. 34. Select Value does not exist; then select OK. 35. Select Add > Client.
A Novell Client Rule dialog appears.

36. From the Client Dependent drop-down list, select Connection is

Version 1
using Novell Client; then select OK. Select the Common > File Rights tab page.
12-43
38. Select Add. 39. Browse to and select DA-ZEN_DATA.slc.da. 40. Select OK. 41. From the Rights pane, select the Read, Write, Create, Erase,
Modify and File Scan options.

42. Save the application object information by selecting OK.
Part III: Capture the Personality of Your Deployment Workstation
Do the following:
1.
Restart the WS1 virtual workstation; then from the Novell Client dialog, log in as CKent with a password of novell. When prompted if you are using a slower connection, select No. DesktopDNA.Exe is automatically executed. Wait while the workstations personality is captured. This can take up to 15 minutes.
2.
3.
When the personality capture is complete, explore the DNA file by doing the following: a. From your Host2 computer, select Start >All Programs > Novell ZENworks Personality Migration > Migration Toolkit > DNA Explorer. A DNA Explorer window appears. b. c. Select File > Open. Browse to and open \\Da-zen\data\Ddna\Data\WS1--WINXP\WS1.dna. When youre nished, select File > Exit.
d. Explore the settings that were captured. e.

4.
Change the WS1 desktop settings: a. b. c. From the WS1 virtual workstation, log off and then log in as CKent with a password of novell. When prompted if you are using a slower connection, select No. Right-click on the desktop and select Properties. A Display Properties dialog appears d. Select the Appearance tab e. f. From the Windows and buttons drop-down menu, select Windows XP style. From the Color scheme drop-down menu, select Silver.
g. From the Font size drop-down menu, select Extra Large Fonts. h. Select the Screen Saver tab. i. j. In the Screen Saver drop-down list, select the Mystify screen saver. Save your changes and close the Display Properties dialog by selecting OK. Right-click in the My Documents window and select New > Bitmap Image.
k. Select Start > My Documents. l.
m. Name the le MyBitmap.bmp. n. Right-click MyBitmap.bmp; then select Open With > Paint. o. Add elements to the bitmap to make it distinct; then save the le and exit Paint. p. Close My Documents. You will restore the personality you captured in the next section.
VIEW ONLY (End of Exercise) NO PRINTING ALLOWED

Summary
Objective
1. Describe the Role
and Function of Personality Migration Services
Summary ZENworks Personality Migration, powered by Desktop DNA (from Computer Associates) creates personality les. A personality le is made up of user settings, data, and preferences that make a PC unique to a particular user (that users DNA). Personality Migration lets you migrate the following:

User accounts Desktop Network settings Printer settings Applications Application settings Files Folders
2. Install ZENworks
Personality Migration
In this objective, you learned how to do the following:
Prepare the server for personality migration To prepare your Desktop Management server for personality migration, you need to do the following:

Create the desktop DNA template store Create the personality store

Objective
2. Install ZENworks
Personality Migration (continued)
Summary
Prepare workstations for personality migration To deploy Personality Migration, you need to do the following:
Prepare the migration management workstation Prepare user workstations
Install ZENworks personality migration You can run ZENworks Personality Migration from a Windows workstation or a Windows server. You use either the workstation or the server to open the Desktop DNA Template Editor to create the personality templates that will collect users' workstation personalities.
3. Migrate
Workstations
You can migrate workstation DNA in one of two ways:

Deferred Real-time
This objective focused on the deferred migration option. To perform a deferred migration, you need to do the following:
Use the DNA template editor to create a template Create an Application object to collect the personality Create an Application object to apply the personality


Image Workstations with ZENworks 7
SECTION 13
In this section, you learn the basic skills for imaging workstation
hard disks using ZENworks 7.
Objectives
1. 2. 3. 4. 5. 6.
Describe Workstation Imaging Components Describe Common Imaging Deployment Strategies Prepare the ZENworks Imaging Server Prepare Workstations for Imaging Create and Restore Images Configure Imaging Policies

Introduction
Installing operating systems and required applications on new workstations is a common administrative task. This task must be repeated when existing operating systems on workstations fail or become corrupted. These tasks can consume excessive amounts of time if an enterprise has a large number of workstations. ZEnworks 7 provides workstation imaging that leverages eDirectory to ease the task of installing operating systems and applications on workstations. Using workstation imaging, you can create an exact image of one workstation and distribute it to multiple workstations on a network. In addition, the cost of troubleshooting workstations can be high. For many organizations, its often more economical to restore a workstation from an image than to troubleshoot it.
For complete information on imaging workstations with ZENworks 7, refer to Part VI: Workstation Imaging on page 539 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Objective 1
Describe Workstation Imaging Components

To provide workstation imaging, ZENworks Desktop Management uses the following components:

ZENworks Imaging Windows Agent Imaging Engine (img) ZENworks Image Explorer ZENworks Imaging Proxy Server ZENworks PreBoot Services Environment Linux Boot Image Image-Safe Data Viewer and Editor Imaging Boot Disk Creator
ZENworks Imaging Windows Agent

The ZENworks Imaging Windows agent (Ziswin.exe) is an extension to the Windows bootup procedure on a workstation. You can install the ZENworks Imaging Windows agent on each workstation when you install the Desktop Management agent. During installation of the Desktop Management agent, you must select Workstation Imaging on the Select Features page. On Windows 98 workstations, the default location is C:\Windows\System\Ziswin.exe. On Windows 2000/XP workstations, the default location is C:\Windows\System32\Ziswin.exe.
VIEW ONLY workstation without the Desktop Management agent installed. NO PRINTING ALLOWED
You can also run the ZENworks Imaging Windows agent on a
The ZENworks Imaging Windows agent is copied to the NetWare imaging server in Sys:\Public\Zenworks\Imaging\Ziswin.exe during the Desktop Management Server installation process. However, it is not installed on a Linux server at all. When you run Ziswin, the following appears: Figure 13-1
The ZENworks Imaging Windows agent runs before any network communications are established. It enables you to
Make an existing Windows workstation safe for re-imaging When you install the ZENworks Imaging Windows agent on an existing Windows workstation, it saves certain workstation-unique data (such as the IP address and computer name) to an area on the hard disk that is safe from re-imaging. After the workstation is re-imaged and Windows reboots, the agent restores the data from the image-safe area so the workstation can communicate on the network using the same identity as before.

Automatically assign a network identity to a new workstation A new workstation (with no Windows operating system) doesn't have a network identity established yet. You can dene network identity information for such a workstation in a Novell eDirectory policy and apply it when the workstation receives its rst Windows image. In this scenario, the Windows image is put down (including the ZENworks Imaging Windows agent) on the workstation and the identity information from the eDirectory policy is written to the image-safe area on the hard disk. When the workstation reboots, the agent reads the data from the image-safe area and applies it to the Windows installation, establishing the workstation's network identity automatically.
Manage image safe data You can run Ziswin to customize the identity that is assigned. By selecting Edit > Modify Image-safe Data, you can customize the parameters that are assigned to the workstation, as in the following:
Figure 13-2

Configure image safe data collected and restored Ziswin also lets you congure a collection mask and a restore mask by selecting Edit > Options. A collection mask lets you prevent specied items from being overwritten in the image-safe data store when Ziswin collects data from Windows. The following is the collection mask conguration screen:
Figure 13-3
To prevent particular image-safe data from being overwritten, mark the desired component. If an item is marked, that information will not be written to the workstation's image-safe data. Any corresponding existing image-safe data will not be overwritten. If an item is not marked, that information will be collected from the workstation and stored with the workstation's image-safe data. Any corresponding existing image-safe data will be overwritten.

13-6
Version 1
A restore mask is used to prevent restoration of certain image-safe data components to the workstation when Ziswin restores image-safe data, as in the following: Figure 13-4
To prevent particular image-safe data from being restored to the workstation, mark the desired component. If an item is marked, that information will not be restored to the workstation from the image-safe data. If an item is not marked, that information will be restored to the workstation from the image-safe data. The data that the ZENworks Imaging Windows agent saves to (or restores from) the image-safe area includes the following:
Whether a static IP address or DHCP is used. If a static IP address is used, the IP address, subnet mask, and default gateway (router) are stored. The computer (NETBIOS) name The workgroup that the workstation belongs to, if any The workstation security ID (SID)

Version 1
13-7
If the workstation has been registered in eDirectory, the distinguished name and context of the workstation object, and the eDirectory tree that the workstation object belongs to are stored DNS settings (including DNS sufx, hostname, and servers)
If a workstation has just received a new Windows 2000/XP base image, the agent also locates and modies all instances of the security identier (SID) with a random SID, in addition to restoring the above data. This ensures that the workstation has an SID that is unique from other workstations that might receive the same image.
Imaging Engine (img)

The imaging engine is used to create and restore images on workstations. It is a Linux-based program called img. The imaging engine is not eDirectory-aware and can be started manually or automatically. When the imaging engine is started manually, administrators can create an image, store it on a locally attached medium, such as a Jaz drive, or send the image to a ZENworks server. In addition, the imaging engine can also pull down an image from a server to the workstation. When the imaging engine is started, the imaging engine can take the image of a workstation locally. After taking the image, the imaging engine sends the image to a ZENworks server.

ZENworks Image Explorer

You can use the ZENworks Image Explorer utility (imgexp.exe) at a Windows workstation to view or modify workstation images, create add-on images, compress image les, and split images. Imgexp.exe is located in the Sys:\Public\Zenworks\Imaging directory on your NetWare Imaging server and /opt/novell/zenworks/zdm/imaging/winutils on your Linux Imaging server. This utility can also be run from within ConsoleOne by selecting Tools > ZENworks Utilities > Imaging > Image Explorer. After starting Image Explorer, the following appears: Figure 13-5

Version 1
To use Image Explorer to open images stored on a NetWare server that are larger than 4 GB, the workstation must be running Novell Client 4.9 or newer and the images must be stored on an NSS volume.
13-9
ZENworks Imaging Proxy Server

The imaging server is a software component of the Desktop Management server, and exists on the following platforms:

NetWare (imgserv.nlm) Windows (imgserv.dlm) Linux (/usr/lib/nds-modules/libzimgserv.so.1.0.0)
The imaging server enables imaging clients (workstations that are booted from an imaging device) to connect with the network to receive imaging services, including the following:

Storage or retrieval of an image on a server Automatic imaging based on an eDirectory policy or setting Logging of the results of an imaging operation A multicast imaging session
The Imaging server starts automatically when you boot the server after installing Desktop Management. After the imaging server has started, you can view information about the status and results of the imaging requests that it has received from imaging clients. A statistical summary of these requests is shown on the server console in NetWare. In Linux these statistics are available via the /opt/novell/zenworks/preboot/bin/novell-zmgmcast -stats command.
x
13-10
All statistics are reset to zero if the Imaging server is restarted.
In addition to maintaining the statistics and reading image les from the hard drive, the server must also act as an eDirectory proxy for the workstation.
Version 1
This component receives requests from an imaging engine on port 998 (TCP). It then takes the information sent by the agent and checks to see if there is work to do congured in eDirectory. These operations are dened by the workstation imaging policy and the imaging server policy. When imaging operations are complete, the image engine sets a ag in the image-safe data indicating that the workstation has been imaged. Resetting this ag prevents the workstation from being imaged again at the next reboot (if the workstation is not imported). If the workstation is imported, then the image server resets the ag on the eDirectory object so that if the workstation is imported it is not re-imaged again.
ZENworks PreBoot Services Environment

This component lets PXE-enabled workstations perform ZENworks imaging tasks. PXE is an industry standard dened by Intel as a method of booting from the network. PXE checks with the image proxy server to see if a workstation is designated to receive an image. If PXE receives a positive response, it forces the imaging process to begin when the workstation boots. If there is a negative response, it allows the workstation to boot to the default operating system. PXE uses the following to perform imaging operations:
DHCP server. PXE contacts the DHCP server for the IP address of the PXE-enabled workstation. If ZENworks PreBoot Services is running on the DHCP server you will need to congure the DHCP server to send option 60 (Vendor Class Identier).

Version 1
13-11
After DHCP option 60 is congured, the workstations will be aware that the server is both a DHCP and PDHCP server. If ZENworks PreBoot Services is running on a server other than the DHCP server, the DHCP server must be congured to provide IP addresses of the appropriate imaging server and router information to the workstation.
Proxy DHCP (PDHCP) server. This responds to PXE-enabled workstations to indicate the boot server to be used and which network boot program to download. ZENworks uses the DINIC.SYS network boot program. You might need to change the default PDHCP conguration in the following instances:

If the PDHCP server is running on the DHCP server If there are multiple NICs on the server acting as the PDHCP server
The PDHCP server runs with a standard DHCP server to provide PXE clients with the IP addresses of the Trivial File Transfer Protocol (TFTP) server and DiNic Transaction Server (DTS).
TFTP server. PXE-enabled workstations use the TFTP server to request the files required to perform imaging tasks. TFTP enables PXE clients to increase the number of tasks they can perform by requesting additional les from the server. For example, a PXE-enabled workstation uses TFTP to download the PXE client software. The PXE client software is the DiNic client used to connect to DTS.

13-12
PreBoot Policy Look-up Service (PPL). PXE-enabled workstations connect to PPL to determine if an imaging operation must be performed on the workstation.
Version 1
Linux Boot Image

This is the Linux operating system image used to execute the imaging engine. The ZENworks imaging engine is implemented as a Linux executable. When the workstation boots, PXE determines if an imaging task must be performed. If so, PXE forces the workstation to boot using the Linux image. For workstations with PXE-enabled NICs, this Linux partition is stored on the TFTP server. Otherwise, the boot partition must be stored locally on boot disks, CDs, or hard drives.
Image-Safe Data Viewer and Editor

After booting a workstation from an imaging device, you can enter zisedit and zisview at the Linux Bash prompt to edit and view the image-safe data for that workstation.
You can also use the ZENworks Imaging Windows Agent (Ziswin.exe) to view and edit a workstation's image-safe data.
After booting a workstation from an imaging device, you can enter zisview at the Linux Bash prompt to view the image-safe data for that workstation.

The image-safe data viewer (zisview) displays the following information about the workstation: Table 13-1
Category Image-Safe Data Information
Version. The version number of the Imaging Agent (ziswin). Just Imaged Flag. If this ag is set to False, the Imaging Agent (ziswin) reads data from the Windows registry and writes it to the image-safe data store. If this ag is set to True, the Imaging Agent will read data from the image-safe data store and writes it to the Windows registry.
Last Base Image. The last base image that was restored to the workstation. Last Base Image Time. The time stamp of the last base image that was restored to the workstation. Last Base Image Size. The size of the last base image that was restored to the workstation. Scripted Image Flag. If this option is set to True, the last imaging operation was a scripted image. If this option is set to False, the last imaging operation was not a scripted image. Script Checksum. Displays the checksum value representing the last script run. The imaging engine uses the checksum to prevent the same script from re-running on the workstation unless you specify in ConsoleOne that you want to rerun the same script.

(continued)
Table 13-1
Category Workstation Identity Information
Information
Workstation Tree. The Novell eDirectory tree that contains the workstation object for this workstation. Workstation Object. The distinguished name of this computer's workstation. Workstation ID. The workstation identication number. Preferred Tree. The Novell eDirectory tree containing the workstation object. Computer Name. The computer name for the workstation. Workgroup. The Microsoft network workgroup of the workstation. Windows SID. The Windows Security ID of the workstation, a unique number that identies this workstation in Windows. DHCP. Displays whether this workstation uses DHCP to obtain its IP address. IP Address. Displays the static IP address that this workstation uses. Subnet Mask. Displays the subnet mask that this workstation uses. Gateway. Displays the gateway that this workstation uses. DNS Servers. Displays the number of DNS nameservers used for DNS name resolution. DNS Sufx. Displays the DNS context of the workstation. DNS Host Name. Displays the DNS local host name of the workstation.
Network Information

To use zisview, enter any of the following commands at the Linux Bash prompt: Table 13-2
Command zisview zisview -z eld Details Displays all image-safe data. Displays information about a specic eld or elds. The eld parameter should contain one or more eld names separated by a space. All of the following are valid eld names:

JustImaged ScriptedImage LastBaseImage Tree ObjectDN NetBIOSName WorkGroup SID WorkstationID DHCP IP Gateway Mask DNSServerCount DNSServer DNSSufx DNSHostName
zisview -s
Creates a script that can be used to generate environment variables that contain all the image-safe data elds. Displays help for zisview.
zisview -h

After booting a workstation from an imaging device, you can enter zisedit at the Linux Bash prompt to change, clear, or remove information in the image-safe data for that workstation. To use zisedit, enter any of the following commands at the Linux Bash prompt: Table 13-3
Command zisedit Explanation This displays a screen showing all the image-safe data elds. You can add or change any of the information in the elds. You can change the information for one eld using this syntax, where eld is any valid eld name and new_information is the information you want this eld to contain. For example, you could enter zisedit Mask=255.255.252.0 to enter this information in the Subnet Mask eld. zisedit -c zisedit -r zisedit -h Clears all image-safe data elds. Removes the image-safe data store. Displays help for zisedit.
zisedit eld=new_information
Imaging Boot Disk Creator

You can use the Imaging Boot Disk Creator (Zimgboot.exe) at a Windows workstation to create or update imaging boot disks so you can boot workstations to perform imaging tasks.

When Zimgboot.exe runs, the following appears: Figure 13-6
You can also use this utility to create a PXE boot disk to be used with a workstation that cannot be PXE enabled, and to create a disk that contains Linux utilities. Zimgboot.exe (and other imaging utilities) are located in the following Imaging server directories:

NetWare (Sys:\Public\Zenworks\Imaging) Linux (/opt/novell/zenworks/zdm/imaging/winutils) Windows (C:\Novell\public\zenworks\imaging)
Zimgboot.exe is also accessible from the Tools menu of ConsoleOne.

Objective 2
Describe Common Imaging Deployment Strategies

ZENworks 7 lets you deploy workstation imaging in a variety of ways. This objective covers the following strategies:

Install a Standard Image Before Deploying New Workstations Enable Existing Workstations for Future Re-Imaging Re-Image Corrupted Workstations Restore Lab or Classroom Workstations to a Clean State
Install a Standard Image Before Deploying New Workstations

Before deploying new workstations, you can install a standard software platform and enable the workstation for future unattended re-imaging. Do the following:
1. 2.
Create a model workstation of each type that you'll deploy. Create an image of each model workstation on a Desktop Management Workstation Imaging server. These images should include the Imaging agent and either the Novell Client plus the Desktop Management agent or the Desktop Management agent alone. ZENworks Desktop Management lets ZENworks work with or without the Novell Client on the workstation. If your setup does not require the client, you must install the Desktop Management agent.
3.

Version 1
(Conditional) If you are using Preboot Services, install Desktop Management Preboot Services (PXE Support) on your Imaging server.
13-19
4.
(Conditional) If you are using a bootable CD, bootable disks, or a hard disk partition, create a boot CD or disks that point to the Desktop Management Workstation Imaging server where the model images are stored. Create a policy for unregistered workstations that specifies which image to put on a new machine, depending on its hardware. As each new workstation comes in, do the following: a. (Conditional) If you are using Preboot Services, check to see if the workstation is PXE capable. Enable PXE if it isn't enabled by default. Physically connect the workstation to the network. Do one of the following:
5.
6.
b. c.
If you are using Preboot Services, boot the workstation from the Imaging/Preboot Services server. If you are not using Preboot Services, boot the workstation with the imaging boot CDs or disks and install the Desktop Management Workstation Imaging (Linux) partition.
or
d. After you have installed the partition, reboot the workstation from the Desktop Management Workstation Imaging partition. e. f. Let the workstation be auto-imaged by the policy. After deploying the machine, register it as a workstation object in Novell eDirectory.

Enable Existing Workstations for Future Re-Imaging

With minimal disruption to users, you can also enable existing workstations for future re-imaging. You can complete this process in phases by doing the following:
1.
Upgrade each workstation to the latest Novell Client and/or install the Desktop Management agent. (Conditional) If necessary, install the Desktop Management Imaging agent on each workstation using an Application object. Register each workstation as a workstation object in eDirectory. Do one of the following:
2.
3. 4.
If the workstations are PXE capable, make sure PXE is enabled and make sure that Desktop Management Preboot Services (PXE Support) has been installed on your Imaging server. or If youre not using PXE, prepare sets of imaging boot disks or CDs that users can use when they run into trouble. These devices could point to an Imaging server that contains the same clean images used for new workstations.
Re-Image Corrupted Workstations

Without causing data loss or undue disruption to users, you can x workstations that have become miscongured or corrupted by doing the following:
1.
Create a policy for registered workstations. Use the same image-selection logic as the policy for new (unregistered) workstations.

Version 1
When a workstation needs to be fixed, have the user back up any files to the network that he wants to keep.
13-21
3.
Flag the workstation object in eDirectory to receive an image the next time it boots. If the workstation has a Desktop Management imaging partition or is PXE-enabled, the user should boot the workstation from the Desktop Management imaging partition or Imaging/Preboot Services server. If you are using Preboot Services, make sure that Desktop Management Preboot Services (PXE Support) has been installed on your Imaging server. If the workstation does not have a Desktop Management Workstation Imaging (Linux) partition, the user should boot the workstation with the imaging boot CD or disks.
4.
5.
After the image is laid down, restore any user files that were backed up.
Restore Lab or Classroom Workstations to a Clean State

ZENworks imaging can be useful for managing workstations in a classroom or lab environment. After each session, you can restore every workstation to a clean state, removing any changes or additions made during the session by doing the following:
1.
Create an image of a clean model workstation and store it on a Desktop Management Workstation Imaging server. The image should include the Imaging Agent and the Novell Client and/or the Desktop Management Agent.
2.

13-22
If you are using Preboot Services, make sure that Desktop Management Preboot Services (PXE Support) has been installed on your imaging server.
Version 1
If you are using Preboot Services and the workstations are PXE capable, make sure that PXE is enabled. or
If you are not using Preboot Services, create an imaging boot CD or disks that point to the Desktop Management Workstation Imaging server where the clean image is stored.
3.
Create a policy for unregistered workstations that specifies which clean image to restore. Choose the option to always force down the same base image.
4.
Deploy each lab workstation as follows: a. b. Physically connect the workstation to the lab network. Do one of the following:
If you are using Preboot Services, boot the workstation from the Imaging/Preboot Services server. If you are not using Preboot Services, boot the workstation with the imaging boot CD or disks and install the Desktop Management Workstation Imaging (Linux) partition.
or
c.
After you have installed the partition, reboot the workstation from the Desktop Management Imaging partition.
d. At the end of each lab session, reboot each workstation and let it be auto-imaged by the policy.

Objective 3
Prepare the ZENworks Imaging Server

In this objective, you learn the following:

How to Install Preboot Services How Preboot Services Works
The information in this objective covers installing and conguring preboot services on a Linux Imaging Server. For information on deploying preboot services using NetWare, refer to Deploying Desktop Management Preboot Services in a Network Environment on page 557 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
How to Install Preboot Services

Before you can use ZENworks Desktop Management imaging services, you must install the Automatic Workstation Import and Imaging components. The Automatic Workstation Import and Imaging components enable the server to act as an imaging server and to register workstations in Novell eDirectory for auto-imaging (unattended) operations. If you have not installed the Automatic Workstation Import and Imaging components during installation of Desktop Management, use the following steps to install the needed components:
x
13-24
Make sure your server meets the requirements specied in Section 1 of this course. In addition to the specic hardware requirements for the server, the Imaging server must have enough space to store workstation images. These images can be very large.
Version 1
Do the following:
1.
From the Linux desktop, open a terminal window by selecting the Terminal Program icon (a monitor with a shell) from the bottom of the screen. A Shell - Konsole window appears.
2.
From the shell prompt, switch to the root user: a. Enter su . The su command (without indicating a user name) switches you by default to the root user. Including the switches you to the environment settings for the root user. b. Enter the root password.
3.
Insert the ZENworks 7 Desktop Management Linux CD and view the files on the CD: a. b. Insert the ZENworks 7 Desktop Management CD. From the terminal window, change to the /media/CD_mountpoint directory by entering the following: cd /media/CD_mountpoint (where CD_Mountpoint can be a directory such as cdrecorder or cdrom) c. Display the contents of the directory by entering ls. You should see a setup script le.
4.
Start the installation by entering the following: ./setup Make sure you enter a leading period, or Linux will not nd the setup script.
x
Version 1
13-25
The setup script begins extracting and unpacking the JRE, preparing to install, and then launches the Novell ZENworks 7 Linux-Based Desktop Management Installation program.
5.
Continue by pressing Enter. An Installation Prerequisites page appears.
6.
Continue by pressing Enter; then exit the prerequisite page by typing q. A License Agreement page appears.
7. 8.
Exit the license agreement text by pressing Enter; then typing q. Accept the terms of the license agreement by entering Y. A Choose Install Set page appears. From this page, you can install the ZENworks Desktop Management server (back-end services), the ZENworks Middle Tier server, or install both at the same time on the same computer by selecting All Features.
9.
Select Customize by entering 4.
10. From the list of Product Features, choose 9-PXE.
You are asked for the name or IP address and administrative credentials for an eDirectory server.
11. Accept the default for the Server Name/IP Address by pressing
Enter.
x
13-26
The default setting at each prompt is enclosed in parentheses (). You can accept the default and continue with the installation by pressing Enter. You can also move back one page in the installation script by entering back, or exit the installation by entering quit.
You are prompted for the administrative user DN. Enter the administrative user; then press Enter.
Version 1
13. Enter the proxy password; then press Enter. 14. Enter the users context; then press Enter.
A Pre-Installation Summary page appears.

The components begin installing. This can take several minutes. After installation is complete, a View Readme page appears.
How Preboot Services Works

To understand how Preboot Services works, you need to know the following:

Preboot Services Components How Preboot Services Works How to Configure Preboot Services and DHCP to Run on the Same Server
Preboot Services Components
Preboot Services includes the following components:

Version 1
Proxy DHCP Server. The Preboot Services Proxy DHCP server runs alongside a standard DHCP server to inform Preboot Services clients of the IP address of the TFTP, MTFTP, and Transaction servers.
13-27
The Proxy DHCP server also responds to PXE clients to indicate which boot server (TFTP or MTFTP) to use.
TFTP/MTFTP Server. The Preboot Services TFTP/MTFTP server is used by the Preboot Services client to request files that are needed to perform imaging tasks. The TFTP server also provides a central repository for these imaging les (root, initrd, and kernel). A PXE client uses this server to download the Preboot Services client. By default, TFTP is used because it speeds up the workstation's boot process; however, you can change the conguration to use MTFTP.
Transaction Server. The Preboot Services client connects to the Transaction server to check if there are any imaging actions that need to be performed on the workstation.
After the Desktop Management Preboot Services components are installed, the following services should be installed and running on the server:

/etc/init.d/novell-tftp /etc/init.d/novell-proxydhcp /etc/init.d/novell-zmgprebootpolicy
You can use the servicename -restart command to restart preboot services. You can use the servicename -stop to stop and servicename -start to start preboot services with a single command. For example, to restart the Proxy DHCP service, you would enter /etc/init.d/novell-proxydhcp -restart at a terminal server prompt.

You should not need to change the default conguration of these services unless the default multicast IP is already in use in your environment or you moved any of the PXE-installed les from their default directories. For complete information on conguring these services, refer to Checking the Preboot Services Server Setup on page 554 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
How Preboot Services Works
Preboot Services (Preboot Execution Environment) leverages the PXE protocol. PXE is an industry-standard protocol that allows a workstation to boot up and execute a program from the network before the workstation operating system starts. To help you understand how Preboot Services works, weve provided the following:

Preboot Services and PXE A Preboot Services Example
Preboot Services and PXE
PXE uses DHCP (Dynamic Host Conguration Protocol) and TFTP (Trivial File Transfer Protocol). The PXE environment is loaded from either the NIC ROM or the system BIOS. Desktop Management Preboot Services uses PXE to nd out if there is imaging work specied for a workstation and to provide the workstation with the les necessary to boot to the Desktop Management imaging environment.

Version 1
13-29
By using Preboot Services, you can put an image on a workstation even if the workstation's hard disk is blank. You do not need to use Desktop Management imaging boot disks, a ZENworks Desktop Management imaging boot CD or DVD, or an imaging hard-disk partition on the workstation. Before you can use Preboot Services, you need to do the following:
Install the Desktop Management Imaging and Preboot Services (PXE Support) components on your imaging server. Enable PXE on the workstation. Have a standard DHCP server, either on your Imaging server or on another network server.
When a PXE-enabled workstation starts to boot up, it sends a DHCP discovery request to determine the IP address of the Preboot Services/Imaging server. The DHCP server responds with an IP address for the client to use, and the Proxy DHCP server responds with the IP addresses of the Transaction server, TFTP, and MTFTP (Multicast TFTP) servers, as well as the lename of the Preboot Services client. The PXE workstation then downloads the Preboot Services client (Dinic.sys or novlnbp.sys) using TFTP. After the Preboot Services client is downloaded and executed, the workstation checks the Preboot Services Transaction server to see if there is any imaging work to do. If there is imaging work to do, it downloads the Desktop Management Workstation Imaging environment (kernel, root, initrd) from the server so that the workstation can be booted to Linux and any imaging tasks can be performed. If there are no imaging tasks to perform, these les are not downloaded and the workstation proceeds to boot to its operating system.

13-30
Version 1
A Preboot Services Example
The following example (Figures 13-7 through 13-15) shows the interaction between a Preboot Services (PXE) client workstation and a Preboot Services/Imaging server, from when the PXE client workstation is turned on and begins to boot up, and ending when imaging work begins on that workstation. In this example, the DHCP server and the Preboot Services/Imaging server are two separate servers on the network, although it is possible to run both from the same server. This example also assumes that the client workstation and the servers are in a LAN environment. Figure 13-7
The following occurs in Figure13-7:

1.
When the device boots, the PXE BIOS issues a DHCP request with PXE extensions. The request is broadcast on port 67. The DHCP server responds with IP configuration information on port 68, including tag 60 for PXEClient, which indicates that novell-proxydhcp is running on the same server.
2.

Figure 13-8
The following occurs in Figure 13-8:

1.
When the device sees tag 60 in the DHCP response, the PXE BIOS reissues the DHCP request on port 4011. The Proxy DHCP server responds on port 68 with the name of the bootstrap program (nvlnbp.sys) and the IP address of the TFTP daemon where it can be found.
2.
Figure 13-9

1.
The PXE BIOS requests nvlnbp.sys from the TFTP server. The TFTP server sends nvlnbp.sys to the PXE device.

13-32
Version 1
3.
The PXE device loads nvlnbp.sys into memory.
Figure 13-10

1.
Hardware detection is performed by nvlnbp.sys and it reads the image-safe data. Nvlnbp.sys requests the PXE Menu configuration from the Data Model via the novellzmgprebootpolicy daemon. The novell-zmgprebootpolicy daemon returns the PXE Menu configuration. In this case, the menu described in pxemenu.txt is displayed when a user presses the hot key.
2.
3.

Figure 13-11

1.
Assuming no PXE Menu is displayed, the device asks the Data Model (via novellzmgprebootpolicy) if any work is assigned. Assuming work is assigned, the novell-zmgprebootpolicy daemon responds with the name of the configuration file to use in performing the preboot work (z_auto.cfg in this example).
2.

Figure 13-12

1. 2.
The PXE device requests pxelinux.0 from the TFTP server. The TFTP server sends pxelinux.0 to the device.
Figure 13-13

1.
Pxelinux.0 replaces nvlnbp.sys in memory and requests z_auto.cfg from the TFTP server. The TFTP server sends the z_auto.cfg file to the device.
2.

Figure 13-14

1.
Pxelinux.0 requests and receives /boot/kernel from the TFTP server. Pxelinux.0 requests and receives /boot/initid from the TFTP server. Pxelinux.0 requests and receives /boot/root from the TFTP server. Pxelinux.0 requests and receives /boot/updateDrivers.tzg from the TFTP server, but is denied because the file does not exist (it is used to provide post-release software updates).
2.
3.
4.

Figure 13-15

1. 2.
Linux Server is loaded and run on the device. The ZENworks Imaging Engine (img) requests the assigned Preboot Services work details and performs the work. The image is laid down on the device and it automatically reboots.
3.
How to Congure Preboot Services and DHCP to Run on the Same Server
If your DHCP service and your Proxy DHCP services are running on the same NetWare server, you need to congure your DHCP server to deliver option 60.

Do the following:
1.
Configure the DHCP Option 60: Because your DHCP service and the Imaging service are running on the same server, you need to congure DHCP Option 60. a. b. c. From your Linux server, select the YaST icon and enter the root password of when prompted. From the left pane, select Network Services. From the right pane, select DHCP Server. A DHCP Server Conguration dialog appears. d. From the left pane, select Expert Settings. e. f. From the Congured Declarations window, select Global Options. Select Edit. A Global Options page appears. g. Select Add. h. From the Selected Options drop-down list select option vendor-class-identier. i. j. Select OK. In the option vendor-class-identier eld enter PXEClient (include the quotation marks). You are returned to the Global Options page. l. Save the changes by selecting OK. If DHCP and the Imaging Service are running on the same server, youll notice that the DHCP Server daemon wont load properly if the Proxy DHCP Server daemon is loaded rst on the server. m. Finalize the DHCP conguration by selecting Finish.
k. Select OK.

13-38
Version 1
2.
Edit the Proxy DHCP configuration file. a. b. c. e. f. From the Linux desktop, select the start menu shortcut on the toolbar. Select Run Command from the menu. A Run Command KDE desktop dialog appears. Enter kdesu kate. When prompted for a password, enter the root password. Select File > Open. /etc/opt/novell h. Select novell-proxydhcp.conf and then select OK. i. j. Find the line LocalDHCPFlag = 0 and change the 0 to 1. Select File > Save. d. Select Run.
g. In the address eld enter the following:
k. Close the Kate dialog.

Objective 4
Prepare Workstations for Imaging

In addition to conguring your Imaging server, you also need to prepare your workstations for imaging. To prepare your workstation, you need to know the following:

Workstation Requirements How to Configure an Imaging Boot Method How to Enable Workstations for Auto-Imaging Operations
Workstation Requirements
The following are requirements for the workstation that is to be imaged: Table 13-4
Requirement A supported Ethernet NIC. Details The workstation must connect with the imaging server to store or retrieve the images. This connection is made when the workstation is under the control of the Desktop Management Workstation Imaging engine (which is a Linux application), not when the workstation is running under Windows. Therefore, make sure the workstation has a supported NIC. NOTE: NEC PC98 hardware architecture is not supported by ZENworks Imaging.

Table 13-4
Requirement Windows 98, 2000, or XP installed
Details For full ZENworks imaging functionality, the ZENworks agent needs to be installed on the workstation. The imaging agent is responsible for storing and restoring image safe data. If you do not need image safe data functions, you can image any operating system that runs on a FAT, FAT32 or NTFS partition. ZENworks Linux Management includes support for Ext2/Ext3 and ReiserFS.
50 MB free disk space Unless you are using Preboot Services unattended operations require a Desktop Management Workstation Imaging (Linux) partition to be installed on the workstation hard disk so that the imaging engine can gain control on bootup. The default partition size is 150 MB, and the minimum partition size is 100 MB. The 50 MB of free space can be inside an existing partition. This partition is not required if you are performing manual imaging operations using bootable CDs, DVDs, or disks. PXE (Optional) If you are going to deploy Preboot Services, your network adapter and BIOS must be PXE enabled. Optionally, you can create a PXE-on-Disk boot disk.
Imaging does not support workstations running boot managers. Boot managers create their own information in the MBR and overwrite the ZENworks boot system, which prevents the workstation from communicating with the Imaging server.
VIEW ONLY If you are using boot managers, you should disable or remove them before performing imaging operations. NO PRINTING ALLOWED
How to Congure an Imaging Boot Method

The Novell ZENworks Desktop Management imaging engine that performs the actual imaging of a workstation is a Linux application. For this reason, the workstation must be temporarily booted to Linux while the imaging is performed. Unless you use Preboot Services, you need to prepare a boot device that has the Linux kernel, Desktop Management Workstation Imaging engine, and network drivers installed. This topic covers the following options:

Using Preboot Services (PXE) Prepare Imaging Boot CDs or DVDs Create an Imaging Hard Disk Partition
Using Preboot Services (PXE)
ZENworks Desktop Management Preboot Services uses PXE to nd out if imaging work has been specied for a workstation and to provide the workstation with the les necessary to boot to the ZENworks Desktop Management imaging environment. Before you can use Preboot Services, you need to do the following:
1.
Install the Desktop Management Imaging and Preboot Services (PXE Support) components on your imaging server. Enable PXE on the workstation or create a PXE-on-Disk boot disk. Make sure you have a standard DHCP server, either on your Imaging server or on another network server.
2.
3.

4.
(Conditional) If necessary, enable PXE on the workstation NIC card: When PXE is enabled, it can lengthen the time of the boot process slightly, so most NICs have PXE turned off by default. a. Access the computer system BIOS and look at the Boot Sequence options. The PXE activation method for a workstation varies from one manufacturer to another, but generally one of the following methods is used:
Some BIOSs have a separate entry in the BIOS configuration to enable or disable the PXE functionality. In this case, set either the PXE Boot setting or the Network Boot setting to Enabled. Some BIOSs extend the entry that allows you to configure the boot order. For example, you can specify that the system should try to boot from a disk before trying to boot from the hard drive. In this case, set the system to try Network Boot before trying to boot from a disk or from the hard disk. If PXE is not listed in the Boot Sequence options and if the NIC is embedded in the motherboard, look at the Integrated Devices section of the BIOS, which might have an option to enable PXE. PXE might be called by another name, such as MBA (Managed Boot Agent) or Pre-Boot Service.
b.
After enabling PXE in the Integrated Devices section, look at the Boot Sequence options and move PXE so that it is rst in the Boot Sequence. Save any changes you have made and exit the system BIOS.
c.
d. Reboot the workstation.

If the workstation does not have the NIC and PXE integrated into the motherboard, it might use the installed NIC management software to prompt you to start PXE conguration during the boot process. For example, many NICs that are PXE-aware will prompt you to press Ctrl+S during the boot process to allow you to congure the PXE functionality. Other network adapters might prompt you to press Ctrl+Alt+B or another key combination to congure PXE. If the computer system does not have an integrated NIC, you might need to use NIC management software to congure your NIC to support PXE. Refer to your NIC documentation for support of PXE. After you have activated PXE, it will become available in the Boot section of the BIOS. PXE is correctly enabled on a workstation when the workstation attempts to establish a PXE session during the boot process. You can see this happening when the workstation pauses during the boot process and displays a message similar to the following on the screen:
CLIENT MAC ADDR: 00 E0 29 47 59 64 DHCP...
Although the actual message displayed varies from one manufacturer to another, you can identify it by the obvious pause in the boot process as the workstation searches for DHCP. Some older workstations might not support PXE and require you to install PXE on them. There are several ways to do this:
Update your NIC or NIC driver. Most NIC manufacturers supply a PXE Boot ROM chip that you can fit into your NIC to enable PXE on the workstation. Contact the NIC manufacturer or a supplier to see if they sell a PXE Boot ROM. It is also possible that your current NIC might need an upgraded driver to become PXE-enabled.

13-44
Version 1
Update your BIOS version. Most manufacturers that supply motherboards with the NIC embedded in the motherboard offer a BIOS upgrade that will PXE-enable the workstation. Check the manufacturer's Web site or contact a supplier to check for a BIOS upgrade.
Use the Desktop Management Preboot Services PXE-on-Disk utility if no PXE is available for the workstation. With this utility, you can create a boot disk that enables the workstation to participate in the PXE environment. The PXE-on-Disk utility is installed to the Imaging server as part of Preboot Services (PXE Support) in Desktop Management and is available from the Create PXE Disk button in the Imaging Boot Disk Creator (in ConsoleOne, select Tools > ZENworks Utilities > Imaging > Create or Modify Boot Diskette).
For complete information on using PXE-on-Disk utility, refer to Using the Desktop Management Preboot Services PXE-on-Disk Utility on page 575 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Prepare Imaging Boot CDs or DVDs
If you have CD- or DVD-burning software and hardware, you can create an imaging boot CD or DVD for performing imaging operations. This is a bit harder than preparing imaging boot disks, but you have more room to store any custom les that you might want to add, such as images and Linux device drivers.

Version 1
13-45
Desktop Management Imaging does not currently support booting from a SCSI CD-ROM device.
You can use the bootcd.iso image available on the Desktop Management Workstation Imaging server to create an imaging boot CD or DVD. To create an imaging boot CD or DVD, do the following:
1.
Copy the /opt/novell/zenworks/zdm/imaging/winutils/settings.txt file to a temporary directory on your workstations hard drive. The Settings.txt le contains parameters that control how the imaging boot-up process occurs. This is le copied to the root of the CD or DVD. Settings.txt is a plain text le that contains various parameters, each on a separate line. Each parameter has the general format of PARAMETER=VALUE. Lines that begin with a pound sign (#) are comments and are ignored during the imaging bootup process. The format and function of each parameter in the Settings.txt le are described the following:
Table 13-5
Parameter PROMPT
Description Species whether to prompt for each conguration setting when you boot a workstation from the imaging device. If you leave this parameter commented out or set it to No, the workstation boots using the conguration settings specied in Settings.txt.

13-46
Version 1
(continued)
Table 13-5
Parameter PROMPT (continued)
Description You cant override the settings during bootup unless you type cong at the boot prompt before the Linux operating system begins to load. If you set this parameter to Yes, you are automatically prompted for each conguration setting during bootup.
MANUALREBOOT
Species whether you must reboot a workstation manually after it was booted from the imaging device in automatic mode. If the workstation was booted from the imaging device in manual mode, you must always reboot the workstation manually. If you boot a workstation from the imaging device and you let the bootup process proceed in automatic mode, the imaging engine starts and checks the imaging server to see if an imaging operation should be performed on the workstation. If so, it performs the imaging operation and then quits. If not, it quits without doing anything.

(continued)
Table 13-5
Parameter MANUALREBOOT (continued)
Description What happens next depends on how you set this parameter. If you leave it commented out or set it to No, you are prompted to remove the imaging device (if necessary) and press any key to reboot the workstation to the native operating system. If you set this parameter to Yes, the workstation doesn't reboot automatically but instead displays the Linux prompt, allowing you to perform additional imaging-related tasks from the Linux menu or at the command line.
PARTITIONSIZE
Species the number of megabytes to allocate to the ZENworks partition if you choose to create one locally on a device when you boot the device from the imaging boot media. The default size is 150 MB. The minimum partition size is 50 MB. The maximum size allowed is 2048 MB (2 GB).

(continued)
Table 13-5
Parameter PARTITIONSIZE (continued)
Description If you plan to store an image in the ZENworks partition, such as to enable the device to be restored to a certain state without connecting to the network, you might want to specify a larger size on this parameter. Example: PARTITIONSIZE=500
netsetup
If you are using DHCP, keep this option enabled. If you are using a specic IP address, replace dhcp with 1 and uncomment and congure the other three IP address lines (HostIP, NETMASK, and GATEWAY). Example: netsetup=dhcp
HostIP
The IP address used by a device to communicate on the network when you boot the device from the imaging boot media, if a static IP address is needed. Example: HostIP=137.65.95.126 If you want DHCP to be used, leave this commented out.

(continued)
Table 13-5
Parameter netmask
Description Species the subnet mask to be used by the device, if the device is using a static IP address. Example: NETMASK=255.255.252.0 If DHCP is being used, leave this parameter commented out.
GATEWAY
The IP address of the gateway router to be used by the workstation, if the workstation uses a static IP address. Example: GATEWAY=137.65.95.254 If DHCP is being used, leave this parameter commented out.
NAMESERVER
The IP address of the DNS servers to use for resolving DNS domain names. Use a space to separate entries. Example: NAMESERVER=123.45.6.7 If DHCP is being used, leave this parameter commented out.
DOMAIN
Species the list of DNS domain sufxes to be used to identify connections used by this device. Use a space to separate entries. Example: DOMAIN=digitalairlines.com

13-50
If DHCP is being used, leave this parameter commented out.
Version 1
(continued)
Table 13-5
Parameter PROXYADDR
Description The IP address or full DNS name of the imaging (proxy) server to connect to when you boot a workstation from the imaging device in auto-imaging mode. Example: PROXYADDR=imaging.novell. com This parameter is used to set the PROXYADDR environment variable in Linux when the workstation is booted from the imaging device. The imaging engine then reads this variable to determine which server to contact when running in automatic mode. Whether its running in automatic or manual mode, the imaging engine attempts to log the imaging results to the server specied in this variable.
2.
Edit the Settings.txt file to match your implementation requirements. Save your changes to the file. In the temporary directory, add any image files you want to store on the CD or DVD. Use your CD- or DVD-burning software to create a CD or DVD using the /opt/novell/zenworks/zdm/imaging/winutils/bootcd.iso image. Be sure you do not close the disc.
3. 4.
5.

Version 1
13-51
x
6.
You can use the Add Linux Drivers button in the Imaging Boot Disk Creator (zimgboot.exe) to copy the Linux drivers to a disk; and then copy the a:\drivers directory from the diskette to the temporary directory.
Use your CD- or DVD-burning software to add the contents of your temporary directory to the root of the CD or DVD, including the Settings.txt file, any Linux network drivers, and any Desktop Management image files. This process creates a multi-session CD/DVD. To boot a workstation from such a disc, your drive must support multi-session CDs/DVDs. If you cant create a multi-session disc or you are using a drive that does not support multi-session discs, you can still create an imaging boot CD/DVD. Create the disc from the bootcd.iso le as discussed above then create a disk containing the Settings.txt le. Boot the workstation using the CD/DVD. When you are prompted for Settings.txt, insert the disk in the disk drive and press Enter.
You can also use an existing installation of Linux or WINISO to add settings.txt to the ISO le. Doing so with Linux is a topic covered in the ATT-ZENworks 7 Desktop Deployment course.
Create an Imaging Hard Disk Partition
If you want to set up a workstation for unattended imaging operations and cannot use Preboot Services (PXE), you must create a Desktop Management Workstation Imaging (Linux) partition on the hard disk.
VIEW ONLY PXE is the preferred imaging boot method. NO PRINTING ALLOWED
If you make the partition big enough, you can even store an image of the workstations hard disk. To create a Desktop Management Imaging partition, you must rst create imaging boot disks or a bootable imaging CD/DVD, and boot the workstation from them. Then do the following:
1.
Take an image of the workstation. Do this even if you have taken an image of the workstation previously. This ensures that the new image captures the changes you made in the preceding steps.
2.
When the image has been created, reboot the workstation using your boot CD or boot disks. At the boot prompt, enter install. This starts the process of creating the Desktop Management imaging partition in the rst partition slot. It also destroys all existing partitions. By default, the Desktop Management imaging partition size is 100 MB. If the Desktop Management imaging partition already exists, it will be upgraded and your existing Windows partitions will be left intact.
3.
4. 5.
If prompted, reinsert the first imaging boot disk and press Enter. (Optional) When the Desktop Management imaging partition has been created and the Bash prompt reappears, enter img dump. This displays a list of the partitions on the workstation. Unless you are upgrading your Desktop Management imaging partition, each partition slot should be empty and none should be active.

The Desktop Management imaging partition is hidden from the list, so the number of partition slots in the list should be one less than before.
6.
At the Bash prompt, restore the image you took earlier by entering the img restorep command or by entering the img command to start the image engine. If you enter the img command, select Restore Image from the Imaging drop-down list; then follow the steps of the restore wizard.
7.
(Optional) When the image has been restored and the Bash prompt reappears, enter the img dump command to redisplay the list of the partitions on the workstation. You should now see information about the Windows partitions that were restored and activated. The Desktop Management imaging partition is hidden.
8. 9.
At the Bash prompt, enter lilo.s. When the Bash prompt reappears, remove the disk and reboot the workstation. The workstation should boot to Windows.
10. (Conditional) If the Bash prompt reappears, enter lilo.s again and
reboot a second time.
How to Enable Workstations for Auto-Imaging Operations

Auto-imaging can be implemented by registering the workstation as an object in your eDirectory tree, installing a ZENworks Desktop Management Imaging agent on the workstation, and installing a PXE-enabled NIC or implementing an imaging (Linux) partition on the hard disk.

Remember that PXE-enabled systems are the preferred imaging strategy. An imaging partition on the workstation hard drive is only necessary if you are not using Preboot Services (PXE). If you have enabled PXE on the workstation and have installed ZENworks Desktop Management Preboot Services on your imaging server, an imaging partition is not required for performing unattended imaging operations. In addition, PXE or an imaging partition are only required if the system is to be auto-imaged. If you are performing manual imaging operations, you can use the PXE, imaging partition, boot CD, or boot disk option. To prepare the workstation for automatic imaging operations, do the following:
1.
(Conditional) If you haven't already done so, install the Novell Client and/or the Desktop Management agent on the workstation. (Conditional) If you haven't already done so, register the workstation as an object in your eDirectory tree. For the workstation to be automatically imaged, you must define a Workstation or Server Imaging policy. For example, create a Server policy package that contains a minimal Workstation Import policy, using the defaults for naming, groups, and limits, and then associate the Server package with the container where you want the workstation object to be created.
2.
3.
4.
Set a flag in the workstation object that triggers the imaging operation you want. Install and run the Desktop Management Imaging agent on the target workstation.
5.

When you boot a Windows workstation from an imaging device or method and allow the bootup process to proceed in auto-imaging mode, the imaging engine runs on the workstation and contacts a Desktop Management Workstation Imaging server.
6.
Configure the workstation to communicate with the import service on the Imaging server; then reboot the workstation. When you boot a Windows workstation from an imaging device or method and allow the bootup process to proceed in auto-imaging mode, the imaging engine runs on the workstation and contacts a ZENworks Desktop Management Workstation Imaging server. When you put a new base image on a Windows workstation, the workstation receives the same identication data as the workstation from which the image was taken, including such settings as the IP address and computer (NETBIOS) name. The ZENworks Desktop Management Imaging agent on the target workstation takes care of this by saving the workstation's current identity settings to an area on the hard disk that's safe from re-imaging. When the workstation reboots after being re-imaged, the agent restores the original settings. The Imaging agent does not save or restore any Windows 2000/XP Domain information. If you change a workstation's domain and then restore an image, the workstation receives whatever domain is embedded in the new image. Alternatively, if you use a Server package, you can congure specic TCP/IP information to be delivered with the image along with a random workstation name.
From this point on, whenever the workstation is rebooted, the imaging engine takes control and checks the Imaging server to see if an imaging operation should be performed.

If you have not congured the workstation object in eDirectory to trigger an unattended imaging operation, the imaging engine simply exits and automatically reboots the workstation to Windows.

Objective 5
Create and Restore Images

ZENworks Desktop Management provides tools for creating and compressing images of workstation hard disks as well as images of specic add-on applications or le sets. Desktop Management also provides tools for customizing such images and for making images available to auto-imaging operations through eDirectory. Desktop Management Imaging supports devices that physically connect to the network. Desktop Management Imaging does not support imaging operations (creating or restoring images) using wireless connectivity. In this objective, you learn how to do the following:

Create a Workstation (Base) Image Create an Add-On Image Use Image Explorer to Customize an Image Make an Image Available for Automatic Imaging
For additional information on creating and restoring images, refer to Creating and Restoring Images on page 597 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Create a Workstation (Base) Image

A base image is an image of all the partitions and data on a source workstations storage devices, such as hard disks. Normally, such an image is prepared with the intent to completely replace the contents of a target workstations storage devices. The overall process of creating a base image includes the following steps:
1. 2.
Boot the source workstation using an imaging method. Run the Desktop Management Workstation Imaging engine to take an image of the workstation. You can do this manually or automatically. In manual mode, you interrupt the boot process and issue an imaging command at the Linux prompt. In automatic mode, you set a ag in the workstations workstation object using ConsoleOne and then let the boot process proceed without interruption.
If the workstation is not imported then you must use manual mode imaging. For complete information on manually imaging workstations, refer to Performing Manual Imaging Operations on page 605 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.

Create an Add-On Image

An add-on image is an archived collection of les to be applied to an existing Windows installation on a target workstation. The existing partitions and les on the target workstation are left intact, except for any les that the add-on image might update. An add-on image typically corresponds to an application or utility, or simply to a set of data les or conguration settings. You can create an add-on image in one of the following ways, each resulting in a different kind of add-on image:
Produce the add-on image from an application object. You do this in ConsoleOne by using the Imaging property page (on the Common tab) of the application object. An add-on image created in this manner is not fully installed on the target workstation until after the workstation reboots from being imaged and Application Launcher/Explorer starts up and runs the new application object.
Drag files into a new image archive using Image Explorer. You do this by starting Image Explorer, dragging les and folders from an existing Windows installation into the new image archive, and saving the archive to a le with a .zmg extension. Generally, an add-on image created in this way doesnt require any post-processing on the target workstation. It is simply a set of les that are copied to the appropriate locations on the hard disk, much like what happens when you unzip a WinZip archive. One exception is that the add-on image can contain Windows registry (.reg) les that are applied to the registry automatically when the workstation reboots after being imaged (if the Imaging agent is installed on the workstation).

13-60
Version 1
Use Image Explorer to Customize an Image

After you have created a base or add-on image, you can customize it using the Image Explorer utility. Specically, you can
Compress the image. You can compress an image by 4060% of the original file size. The following compression options are available:
Optimize for Speed. Takes the least amount of time but creates the largest compressed image le. Optimize for Space. Creates the smallest image le but might take a signicant amount of time. Balanced. Provides a compromise between compression time and image le size. This option is used by default when an image is created.
Images created by previous versions of Desktop Management can be compressed by Image Explorer.
Desktop Management provides the following compression methods: Compress. Use this option to compress an image le that you currently have open in Image Explorer. QuickCompress. Use this option to compress an image le without waiting for the le to fully load into Image Explorer.
You can also use the options on the ZENworks Imaging Conguration property page for the workstation object in ConsoleOne to congure compression defaults.

Version 1
Split the image. You can specify a workstation image file that you want to split into separate files so that the entire image can be spanned across several CDs or DVDs.
13-61
Splitting a workstation image is helpful for putting down or restoring images in a disconnected environment.
If you split an image, you must manually restore each piece unless you write a script to automate the process.
Resize a partition in an image. For workstation (base) images, you can edit the value in the Original Size text box to let you change how big the imaging engine will make the partition when the image is restored. Purge deleted files. Excluded or hidden files and folders can be completely removed from an open image. This saves space in the image if you no longer want to include the files. If you delete les from an image to create a variant, you should purge them before delivering the image.
Exclude individual files and folders from the image. In doing this, you create variants of the image by specifying which of ten possible filesets (variants) to exclude a given file or folder from. The variants exist merely as internal attributes of the same image archive.
You should not exclude BPB les from a base image or the workstation wont be able to boot the new operating system after receiving the image. In addition, if you delete les from an image to create a variant, you should purge them before delivering the image.
Add files and folders to the image. By default, any file or folder you add is included in all variants. To change this, you must explicitly exclude the file or folder from one or more variants.

Add Windows registry (.reg) files. If the Imaging agent has been installed on the workstation, the registry settings contained in the .reg files that you add are applied after the image is put down and the target workstation reboots to Windows. As with any other le or folder that you add, a .reg le is included in all variants of the image unless you explicitly exclude it from one or more variants.
Make an Image Available for Automatic Imaging

When you boot a workstation from an imaging method and allow the bootup process to proceed in auto-imaging mode, the imaging operation that is performed on the workstation is determined by policies and settings that you dene in eDirectory. To make an image available to such operations, you must congure it as a ZENworks Image object in eDirectory. Otherwise, when you dene imaging policies and settings in eDirectory, you wont have any way to refer to the image. Creating a ZENworks Image object also lets you combine a base image and one or more add-on images into a single entity that can be put down on target workstations. You can specify a standard image le to put down, or you can create a script to further customize your imaging operation. You can also specify that a particular variant of an image be used. To make an image available for automatic imaging, do the following:

Create a ZENworks Image Object Associate an Add-On Image with a Base Image Perform an Automatic Imaging Creation or Restoration Use a Variant of an Image

Version 1
13-63
Create a ZENworks Image Object
To create an image object that lays down your base image to workstation, do the following:
1.
Create the base image that the ZENworks Image object will reference. Copy the image file to an Imaging server in your eDirectory tree. In ConsoleOne, browse to the container where you want to create the ZENworks Image object. Right-click the container and select New > Object > ZENworks Image from the list of object classes. Select OK. Specify a name for the new object; then select Standard ZENworks Image or Scripted ZENworks Image. Select Define Additional Properties; then select OK. The following appears:
2. 3.
4.
5. 6.
7.
Figure 13-16

8.
(Conditional) If you selected Scripted ZENworks Image, specify the script you want to use. A scripted image lets you perform any action that works in a Bash shell script.
x
9.
For more information on using scripted image objects, consider attending the ATT-ZENworks 7 Desktop Management Deployment course.
(Conditional) If you selected Standard ZENworks Image, select Browse next to the Base Image File field. If the ZENworks Image object will consist only of add-on images, leave the Base Image File eld empty.
10. Browse to and select the Imaging server where the image
resides.
11. Specify the path and lename of the image; then select OK. 12. (Conditional) If you are using Preboot Services but formerly
booted from Desktop Management Workstation Imaging (Linux) partitions on workstations, you can delete the Desktop Management imaging partition at the same time you put down an image. To do so, mark Delete the ZENworks Imaging Partition, If It Exists, When Bringing Down The Base Image. You can delete the Desktop Management imaging partition only when the workstation is booted from an imaging boot device other than the Desktop Management imaging partition. After you have deleted the Desktop Management imaging partition, you need to make sure that the image you put on the workstation was made on a workstation without a Desktop Management imaging partition.

Otherwise, the wrong MBR (Master Boot Record) is restored, and the workstation will fail to boot. In addition, if you remove the Desktop Management imaging partition from a Windows 2000/XP machine, Windows cannot boot. You should remove the Desktop Management imaging partition only if you are going to restore an image to the workstation.
13. Save the Workstation Imaging object by selecting OK.
Associate an Add-On Image with a Base Image
To deliver an add-on image in addition to the base image, do the following:

1.
Create the add-on image that you will associate with the base image. Copy the image le to an Imaging server that is accessible as a server object in your eDirectory tree. We recommend that you copy the add-on image to the same location as the base image.
2.
3.
In ConsoleOne, browse to the ZENworks Image object associated with the base image. Right-click the object; then select Properties. Under Add-on Image Files, select Add. Select the Imaging server where the add-on image resides. Specify the path and lename of the image; then select OK. You can associate more than one add-on image with a base image. The add-on images are put down after the base image in the order listed in this screen.
4. 5. 6. 7.
8.
Save the Workstation Imaging object by selecting OK.

Perform an Automatic Imaging Creation or Restoration
By setting a ag in the Workstation object, you can automatically take or restore an image to or from the workstation the next time it is booted. If you want to automatically restore an image on the workstation, do the following:
1.
If you havent already done so, create the image to be put on the workstation and store it on your Imaging server. In ConsoleOne, create a ZENworks Image object in your tree. Configure the object to point to the image le that is to be put on the workstation. In ConsoleOne, right-click the Workstation object; then select Properties. On the ZENworks Imaging Configuration page, do the following to take an image of the workstation the next time it boots: a. b. c. Select the rst check box. Select the Browse button. Browse to and select your Imaging server, path, and lename under which to store the new image.
2. 3.
4.
5.
d. Select Use Compression and select a compression option.
x
1.
Make sure that the Imaging server storing the image or the workstation receiving the image has enough disk space for the image. Otherwise, you will receive a Failed to write to proxy error.
To restore an image to the workstation the next time it boots, do the following: Select Check for Imaging Work on Next Boot. Specify that you want to use an image other than the effective policy image or multicast session.

Version 1
13-67
3. 4.
Select Browse. Browse to and select the ZENworks Image object you created previously; then select OK. Select OK to save the imaging configuration settings. After the imaging operation has been performed on the workstation, Desktop Management clears these imaging conguration settings automatically so that the imaging operation wont keep recurring.
5.
6.
When you reboot the workstation, verify that the imaging operation occurs as expected.
If any add-on images were not successfully laid down, the job is not marked as complete in ConsoleOne. You can see the last base image and the last add-on images that were successfully laid down by looking at the workstation objects properties in ConsoleOne.
Use a Variant of an Image
As mentioned earlier, you can exclude individual les and folders from any of 10 possible variants of an image. The variants exist merely as internal attributes of the same image archive. Because creating an image of a workstation can take a considerable amount of time, it is more efcient in some cases to just create an image of a few workstations and customize those images to get all the variants you need. Even though the variants do not all exist as separate, physical image les, you can access them as though they were. To use a variant, do the following:

13-68
Open ConsoleOne and browse to your ZENworks Image object.
Version 1
2. 3.
Right-click the object and select Properties. In the ZENworks Image object, specify the number of the variant in the Use File Set field. All eDirectory policies and settings that specify this ZENworks Image object use the specied variant. You can create multiple ZENworks Image objects that point to the same base image but to different variants.
4.

Objective 6
Congure Imaging Policies

In this objective, you learn how to set up policies for imaging services and how to congure general imaging server settings. The procedures that are applicable to you depend on your imaging deployment strategy. To congure imaging policies, you need to know how to do the following:

Define Imaging Policies for Unregistered Workstations Define Imaging Policies for Registered Workstations
For additional information on conguring imaging policies, refer to Setting Up Image Policies on page 591 of the Novell ZENworks 7 Desktop Management Administration Guide (dm7admin.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7 or from the ZENworks7_Docs directory on your 3062 Course CD.
Dene Imaging Policies for Unregistered Workstations

Imaging policies for unregistered workstations use server policies. If a Windows workstation hasn't been registered as a workstation object in eDirectory and you boot that workstation from an imaging method in auto-imaging mode, the Imaging server is contacted and checks its Imaging server policy in eDirectory to determine which image to put down on the workstation. If the base image specied by the policy is the same as the base image currently on the workstation (as reported by the imaging engine), the Imaging server doesn't send any new images to put down on the workstation unless the policy is congured to force down the base image again.

13-70
Version 1
If the policy is congured to force down the base image or if the base image currently on the workstation is different than the base image specied by the policy, the Imaging server sends down the new base image and any add-on images specied by the policy. In addition, if the imaging engine reports to the Imaging server that data is missing from the workstation's image-safe area, the Imaging server obtains the missing data from the server policy and sends it to the imaging engine, which then saves the data to the image-safe area.
If you congure a server policy to send an add-on image only (no base image) to a workstation, the workstation receives the add-on image, but it also reboots and brings down the image again, resulting in a reboot/imaging loop. To avoid this problem, send the add-on image using a scripted image. By doing so, the workstation will detect that the add-on image has been restored and will not enter into the reboot/imaging loop.
To dene a server policy for one or more Imaging servers, do the following:
1. 2.
Prepare the various workstation images for the policy to use. (Conditional) If a Server Package hasn't already been created to hold the policies for the target imaging servers, create one. Right-click the Server Package; then select Properties.
3.

4. 5. 6. 7.
Enable the Imaging Server policy. Select Properties to display the Rules page. Select Add to display the New Image Selection Rule dialog box. Select the Browse button next to the Use This Image field to select a ZENworks Image object. Use the drop-down fields and operators to specify the conditions under which the selected image should be used; then select OK. Repeat this step as needed to provide rules that cover all the workstations serviced by the target Imaging servers. These rules are used by your Imaging server to determine which image to put on workstations during unattended imaging operations.
8.

The various hardware conguration data specied in the rules is compared against the actual hardware conguration data detected by the Workstation Imaging engine on the workstation. To see this data for a particular workstation, boot it with the imaging boot CD or disks in manual mode or boot using Preboot Services and enter maintenance mode. Then issue the img info command. Be sure to choose rules that apply only to the unregistered workstations you want imaged. Otherwise, an image could be unintentionally pushed to another workstation.
9.
(Conditional) If you want the Imaging server to force down the base image determined by this policy even if it is the same as the base image currently on the workstation, select Force Down a ZENworks Base Image to a Machine at the bottom of the Rules page. Use this option with care. Putting down a base image destroys all data that was added to the workstation since the last base image was put down. In most scenarios, you'll want to use this option only while a specic workstation is being imaged and not generally for all workstations, unless this policy is designed for a lab environment where you want the workstations to be reimaged every time they reboot. If you select this option as a temporary measure, be sure to deselect it after the specic imaging task is done.
10. (Conditional) If you are using Preboot Services but previously
booted workstations from a Desktop Management Workstation Imaging (Linux) partition, you can disable the Desktop Management imaging partition on the Imaging Partition property page by doing the following: a. Select the down-arrow next to Work To Do. Select Imaging Partition.

Version 1
b.
13-73
c.
Select Disable the ZENworks Imaging Partition, If It Exists. The partition is disabled but is not removed with this option.
11. (Optional) If you want to specify the availability of the PXE
menu, which displays when you boot a PXE-enabled workstation, do the following: a. b. c. Select the PXE Settings tab. Select an option. (Conditional) If you want to specify a different PXE menu le when using Preboot Services rather than the default menu le, specify the le and pathname.
12. On the Image-safe Data tab, fill in the IP Configuration,
Windows Networking, and DNS Settings fields. These pages supply image-safe data values that might be missing on the workstations that are serviced by the target Imaging servers.
13. Save the policy by selecting OK. 14. On the properties of the Server Package, select the Associations
tab and add the containers and/or server objects that represent the target set of Imaging servers; then select OK. Remember that the policy won't actually be consulted by the associated Imaging servers unless the client requesting the imaging operation is an unregistered workstation that has been booted in auto-imaging mode.
Dene Imaging Policies for Registered Workstations

Imaging policies for registered workstations use Workstation Policies.

13-74
Version 1
If a Windows workstation has been registered as a Workstation object in eDirectory and you boot that workstation from an imaging method in auto-imaging mode, the Imaging server is contacted and checks the workstation object to see if it has been agged to receive an image. If this is the case and you havent specied which image to use, the Imaging server consults the Workstation Imaging policy associated with the workstation object to determine which image to send down. To dene the Workstation Imaging Policy for one or more workstations, do the following:
1. 2.
Prepare the various workstation images for the policy to deliver. (Conditional) If a Workstation Package hasnt already been created to hold the policies for the target workstations, create one. Right-click the Workstation Package; then select Properties. Enable the Workstation Imaging policy; then display the Rules page by selecting Properties. Display the New Image Selection Rule dialog box by selecting Add. Select the Browse button next to the Use This Image field; then select a ZENworks Image object. Use the drop-down fields and operators to specify the conditions under which the selected image should be used; then select OK. Repeat this step as many times as needed to specify the particular images that should be used under different conditions. These rules are used by your Imaging server to determine which images to put on workstations during unattended imaging operations.
3. 4.
5.
6.
7.

The various hardware conguration data specied in the rules is compared against the actual hardware conguration data detected by the Workstation Imaging engine on the workstation. To see this data for a particular workstation, boot the workstation with the imaging boot CD or disks in manual mode or boot using Preboot Services and enter maintenance mode. Then enter the img info command. Be sure you choose rules that apply only to the workstations you want imaged. Otherwise, an image could be pushed to another workstation unintentionally.
8.
(Conditional) If you are using Preboot Services but previously booted workstations from a Desktop Management Workstation Imaging (Linux) partition, you can disable the Desktop Management imaging partition on the Imaging Partition property page by doing the following: a. b. c. Select the down-arrow next to Work To Do. Select Imaging Partition. Mark Disable the ZENworks Imaging Partition, If It Exists. The partition is disabled but is not removed with this option.
9.
(Optional) If you want to specify the availability of the PXE menu, which is displayed when you boot a PXE-enabled workstation, do the following: a. b. c. Select the PXE Settings tab. Select an option. (Conditional) If you want to specify a different PXE menu file other than the default when using Preboot Services, specify the le and pathname.
10. Save the policy by selecting OK.

11. On the properties page of the Server Package, select the
Associations tab and add the container, Workstation Group, or workstation objects that represent the target set of workstations; then select OK. Remember that the policy wont actually be consulted by the Imaging server unless you ag a Workstation object to receive an image on the next boot.

Exercise 13-1
Deploy a Workstation Image

In this exercise, you use ZENworks Desktop Management Imaging Services to pull down a Windows XP image to your deployment workstation. You use the following Host computers and VMware virtual machines:
Figure 13-18
Do the following:
1.
Configure the DHCP Option 60: Because your DHCP service and the Imaging service are running on the same server, you need to congure DHCP Option 60. a. b. c. From the DA-ZEN virtual server, click the YaST icon and enter a password of n0v3ll when prompted. From the left pane, select Network Services. From the right pane, select DHCP Server. A DHCP Server Conguration dialog appears.

13-78
Version 1
d. From the left pane, select Expert Settings. A dialog appears indicating that you are entering the expert settings area of the DHCP server conguration, and asking if you want to continue. e. f. Continue by selecting Yes. A DHCP Server Conguration page appears. From the Congured Declarations list, select Global Options. A Global Options page appears. h. Select Add. i. j. From the Selected Options drop-down list select option vendor-class-identier. Select OK.
g. Select Edit.
k. In the option vendor-class-identier eld enter PXEClient (include the quotation marks). l. Select OK. You are returned to the Global Options page. m. Save the changes by selecting OK. n. Finalize the DHCP conguration by selecting Finish. You are returned to the YaST Control Center. o. Select Close.
2.
Create a directory where the images will be stored and managed. a. b. c. From the Host2 computer, using Windows Explorer, browse to the DA-ZEN\DATA location. From the menu bar select File > New > Folder. Name the folder Images.
d. Close Windows Explorer.

3.
Enable the Imaging Server Policy to control where images can be created on the Imaging Server: a. From the Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. Start ConsoleOne. From ConsoleOne, browse to and right-click DA-ZEN Server Package.Policies.slc.da. Enable the Imaging Server Policy; then select Properties. Select the Security > Upload Restrictions tab page.
b. c.
d. Select Properties. e. f.
g. Select the Only allow uploads to the following directories check box. h. Select Add. An Image Upload Path dialog appears. i. In the Allow images to be uploaded to the following directories on ZENworks Imaging Server eld, enter /media/nss/DATA/Images. Save the changes by selecting OK.
j.
4.
k. Select OK. Force the workstation to be imaged on the next re-boot: a. b. c. From ConsoleOne, browse to and right-click WS1--WINXP.Workstations.slc.da. Select Properties. A Properties of WS1--WINXP dialog appears. Select the ZENworks Imaging > Conguration tab page. d. Select the Take an image of this workstation on next boot check box. e. In the Save the image as eld, select the browse button. An Image File Location dialog appears.

13-80
Version 1
f.
In the Server eld, select the browse button. A Select Object dialog appears.
g. Browse to and select DA-ZEN.slc.da; then select OK. h. In the Path eld, enter /media/nss/DATA/Images/MyWS.zmg; then select OK. i.
5.
Select OK.
Create an image of the WS1 virtual workstation with the Novell Client using PXE: a. b. c. Reboot your WS1 virtual workstation. As the system is rebooting, press Esc in the VMware BIOS startup screen. From the Boot menu, select Network boot. This starts the image uploading to the server. d. When the Novell Client login dialog appears, log in as CKent with a password of novell. e. When prompted if you are using a slower connection, continue by selecting No. Change the screen saver to something other than Mystify. Delete the Mybitmap.bmp le. Empty the Recycle bin.
6.
Change settings on the WS1 virtual workstation: a. b. c.
7.
Create a ZENworks Image object for the image file that will be restored to the workstations. a. b. c. From your Host2 computer in ConsoleOne, browse to and right-click the Workstations.slc.da container. Select New > Object. In the Class eld, select ZENworks Image; then select OK. Make sure that Standard ZENworks Image is selected. Select Dene Additional Properties; then select OK.
d. In the Name eld, enter MyWS.

Version 1
e. f.
13-81
g. To the right of the Base Image File eld, select the Browse button. h. In the Server eld, browse to and select DA-ZEN.slc.da. i. j.
8.
In the Path eld, enter /media/nss/DATA/Images/MyWS.zmg. Select OK twice.
Because the deployment workstation has been imported into the tree, you need to configure a Workstation Policy to manage imaging: a. b. c. From ConsoleOne, browse to and right-click SLC Workstation PackagePolicies.slc.da. Select Properties. A Properties of SLC Workstation Package dialog appears. Select the Policies > General tab page. d. Enable Workstation Imaging Policy; then select Properties. e. f. Select the Work To Do > Rules tab page; then select Add. In the Use this image eld, browse to and select MyWS.Workstations.slc.da; then select OK.
g. From the rst drop-down list, select RAM. h. From the second drop-down list, select >. i. j. In the third eld, enter 128. From the end drop-down list, select AND.
k. From the rst drop-down list of the next line, select IP Address. l. From the second drop-down list, select begins with. m. In the third eld, enter 10.200.200. n. Select OK three times.

9.
Prepare the workstation to receive an image on the next reboot: a. b. c. From your Host2 computer in ConsoleOne, browse to and right-click WS1--WINXP.Workstations.slc.da. Select Properties. Select the ZENworks Imaging > Conguration tab.
d. Select the Put an image on this workstation on next boot check box. e. Select OK.
10. Reboot the WS1 virtual workstation using the PXE boot method
to pull down the new Windows XP image: a. b. c. Reboot your WS1 virtual workstation. As the system is rebooting, press Esc in the VMware BIOS startup screen. In the Boot menu, select Network boot.
Wait while the imaging engine loads and the image le is restored. This might take some time to nish.
(End of Exercise)

Exercise 13-2
Restore the Deployment Workstations Personality

In the previous section, you used Personality Migration to capture the conguration of your WS1 Windows XP workstation. Now that the imaging process is complete, you need to restore the personality with an Application object. In this exercise, you use the following Host computers and VMware virtual machines:
Figure 13-19
Do the following:
Part I: Configure an Application Object to Apply Workstation Personality Part II: Apply the Personality of the Deployment Workstation

Part I: Congure an Application Object to Apply Workstation Personality
Do the following:
1.
From your Host 2 computer in ConsoleOne, browse to and right-click Apps.slc.da. Select New > Application. A New Application Object dialog appears.
2.
3.
Select An application by using an existing Application object; then select Next. In the Application Object field, browse to and select CollectDNA; then select OK. Select Next. In the Object Name field, enter ApplyDNA; then select Next. From the Add rules to control availability of this application dialog, select Next. From the Add user and workstation associations dialog, select Add. Browse to and select workstations.slc.da; then select OK. then select OK.
4.
5. 6. 7.
8.
9.
10. When prompted, select Workstations Within This Container; 11. Select the Force Run check box; then select Next. 12. Select the Display Details After Creation check box; then select
Finish. A Properties of ApplyDNA dialog appears.

13. Select the Distribution Options > Registry tab page. 14. Expand HKEY_LOCAL_MACHINE > Software >

Version 1
DigitalAirlines. Highlight DNABackup; then select Modify.
13-85
16. In the Value name field, enter dnarestore. 17. Select OK. 18. Select the Availability > Distribution Rules tab. 19. Highlight the Registry data rule; then select Modify.

20. In the Name field replace DNABackup with DNARestore. 21. Select OK. 22. Select the Run Options > Application tab. 23. In the Parameters field, edit the text string to match the following
(all on the same line): /APPLY \\DA-ZEN\DATA\Ddna\Data\%CN%\%DNA_Machine_Na me% /T \\DA-ZEN\DATA\Ddna\Templates\MyDNATemplate.dtf /X /M

24. Save the Application object information by selecting OK.
Part II: Apply the Personality of the Deployment Workstation
Complete the following:

1.
Restart your WS1 virtual workstation; then using the Novell Client log in as CKent with a password of novell. DesktopDNA.exe is automatically executed. Wait while the workstations personality is applied. This can take up to 15 minutes.
2.
When the process is complete, restart your WS1 virtual workstation and log in as CKent with a password of novell.

3.
Verify that your old workstations configuration has been migrated by making sure that the Screen Saver and Appearance have changed.
(End of Exercise)

Summary
Objective
1. Describe Workstation Imaging Components
What You Learned To provide workstation imaging, ZENworks Desktop Management uses the following components:

ZENworks Imaging Windows agent Imaging engine (img) ZENworks Image Explorer ZENworks Imaging Proxy server ZENworks PreBoot Services environment Linux boot image Image-safe Data Viewer and Editor Imaging Boot Disk Creator
2. Describe Common Imaging Deployment Strategies
ZENworks 7 lets you deploy workstation imaging in a variety of ways. This objective covered the following strategies:
Install a standard image before deploying new workstations Enable existing workstations for future re-imaging Re-image corrupted workstations Restore lab or classroom workstations to a clean state

Objective
3. Prepare the ZENworks Imaging Server
What You Learned In this objective, you learned the following:
How to install preboot services Before you can use ZENworks Desktop Management imaging services, you must install the Automatic Workstation Import and Imaging components.
How preboot services works To understand how Preboot Services works, you need to know the following:

Preboot services components How preboot services works How to congure preboot services and DHCP to run on the same server
4. Prepare Workstations for Imaging
In addition to conguring your imaging server, you also need to prepare your workstations for imaging. To prepare your workstation, you need to know the following:

Workstation requirements How to congure an imaging boot method How to enable workstations for auto-imaging operations
5. Create and Restore Images
ZENworks Desktop Management provides tools for creating and compressing images of workstation hard disks as well as images of specic add-on applications or le sets. In this objective, you learned how to do the following:

Create a workstation (base) image Create an add-on image Use image explorer to customize an image Make an image available for automatic imaging

Version 1
13-89
Objective
6. Congure Imaging Policies
What You Learned In this objective, you learned how to set up policies for imaging services and how to congure general imaging server settings. To congure imaging policies, you need to know how to do the following:
Dene imaging policies for unregistered workstations Dene imaging policies for registered workstations

Configure Remote Management
SECTION 14
Congure Remote Management
In this section, you learn to remotely manage users Windows workstations using the Remote Management component of ZENworks Desktop Management.
Objectives
1. 2. 3.
Describe the Role and Function of Remote Management Configure Remote Management Perform Remote Management Tasks

Introduction
In most organizations, employees are hired for their expertise in a given area. They are generally not expected to be experts with Windows desktop operating systems or PC system hardware. To support these users, most organizations have established some form of Help Desk function. Providing Help Desk support can be a challenging job. Usually, support incidents are initially opened over the phone or with an email message. Many incidents can be resolved in this manner. However, many incidents require the Help Desk technician to have access to the users system to diagnose and troubleshoot workstation problems. In the past, this meant the technician had to physically visit the users workstation. This could be a time-consuming process. With the Remote Management component of ZENworks 7, however, Help Desk technicians can remotely access user workstations, allowing them to troubleshoot and repair problems without having to physically visit the workstation.

Objective 1
Describe the Role and Function of Remote Management

The Remote Management component of Novell ZENworks Desktop Management gives you the ability to remotely manage workstations. This functionality can provide signicant cost savings for your Help Desk organization. In this objective, you learn about the following:

Remote Management Features and Benefits Remote Management Components Remote Management Tools
Remote Management Features and Benets

Remote Management lets you

Remotely wake up a powered-off managed workstation. Remotely control the managed workstation Remotely run executables found on the managed workstation with system rights, even if the logged-in user is not a member of the local Administrators group Transfer files between the remote management console and the managed workstation Display information to diagnose problems on the managed workstation Log audit record information about the Remote Management sessions running on the managed workstation Blank the managed workstation screen during a Remote Control session Lock the keyboard and mouse controls at the managed workstation during a Remote Control session

Version 1
14-3
Remote Management Components

To effectively implement and use Remote Management, you need to understand the following Remote Management service components:

Managed Workstation Management Server Management Console Remote Management Agent
Managed Workstation
The managed workstation is a workstation that is being remotely managed. To remotely manage a workstation, you must rst install the ZENworks Remote Management Agent on the workstation.
Management Server
The management server is the server where ZENworks Desktop Management is installed, and is typically the server performing schedule wake-on-LAN tasks.
Management Console
The management console is a Windows workstation running Novell ConsoleOne. The management console provides an interface to manage and administer your users Windows workstations.
Remote Management Agent
VIEW ONLY managed workstation. It enables the remote operator to remotely NO PRINTING manage that workstation. ALLOWED
14-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
The Remote Management agent is a component that is installed on a
Version 1
The Remote Management agent starts automatically when the managed workstation boots up. It veries whether the Remote Operator is authorized to perform operations on the workstation before the Remote Management session begins.
Remote Management Tools

To effectively implement and use Remote Management, you need to understand the following Remote Management service tools:

Remote Control Remote View Remote Execute Remote Diagnostics File Transfer Remote Management Auditing Remote Wake Up
Remote Control
Remote Control establishes a connection between the management console and the managed workstation. Remote Control lets you control a managed workstation from the management console, providing user assistance as well as troubleshooting workstation problems.
Remote View

Version 1
Remote View also establishes a connection with a managed workstation. However, Remote View only lets you view the managed workstation instead of controlling it.
14-5
This functionality can be very helpful in troubleshooting problems that you suspect are due to user error. For example, you can observe how the user at a managed workstation performs certain tasks to ensure that the user performs tasks correctly.
Remote Execute
Remote Execute lets you run any executable on the managed workstation from the management console. An application can be remotely executed by specifying its name and path of the executable le in the Remote Execute window.
Remote Diagnostics
Remote Diagnostics helps you shorten problem resolution times using remote workstation diagnostic routines. Diagnostics provide real-time information, letting you diagnose workstation problems. The following diagnostic information is available on Windows 2000 and Windows XP managed workstations:

Windows Memory Environment Network Protocols Name Space Provider Event Log Device Drivers Services
Diagnostic information is available over TCP/IP only. You cant run diagnostics on workstations running only IPX.

File Transfer
File Transfer lets you move les between the management console and a managed workstation. You can also rename and delete les, as well as create directories on the management console and on the managed workstation. From the File Transfer window, you can view the properties of les and directories on the management console and the managed workstation. File Transfer also lets you open les with the associated application on the management console.
File Transfer does not allow access to removable media drives on the managed workstation.
Remote Management Auditing
Remote Management Auditing generates audit records for every Remote Management session running on the managed workstation. The managed workstation where the Remote Management Agent is installed stores this information in the Audit log le.
Events for Remote Management sessions are stored in the Application log. These can be viewed using Event Viewer in Windows.
Remote Wake Up
Remote Wake Up lets you remotely power up a single workstation or a group of powered-down workstations in your network (provided the network card in the workstation is Wake on LAN enabled).
VIEW ONLY downtime for system maintenance and upgrades. It also facilitates NO PRINTING saving power while keeping systems available for maintenance. ALLOWED
This feature lets you manage nodes during off-hours, minimizing
ZENworks 7 provides a way to both immediately wake a workstation up, from the administration console and to schedule wake-up using the Wake-On-LAN service on the management server. With this background in mind, youre ready to set up and congure Remote Management.

Objective 2
Congure Remote Management

Conguring Remote Management involves several tasks. To set up Remote Management on your server and workstations, you need to do the following:

Select a Remote Management Deployment Strategy Configure Remote Management Ports (Optional) Configure Remote Management Policies Assign Rights to Remote Operators Start Remote Management Operations Using ConsoleOne Start User-Initiated Sessions
Select a Remote Management Deployment Strategy

You can choose from the following basic Remote Management deployment strategies when conguring the product:

Password-Based Remote Management Directory-Based Remote Management
The difference between the two is based on the type of authentication used.
Password-Based Remote Management
Password-based remote management is a secured means of Remote Management authentication. The remote operator can establish single sign-on access with the managed workstation. As a result, you can automatically initiate Remote Management operations without re-entering passwords or authentication information each time.

Version 1
14-9
In this type of Remote Management deployment, you can initiate a Remote Management session with the managed workstation whether or not the managed workstation is imported as an eDirectory workstation object. To deploy Password-Based Remote Management, do the following:
1.
Install the Remote Management server-side components of ZENworks Desktop Management. Install the Remote Management agent component only on the workstations that you want to remotely manage.
Note that to remote manage registered workstations, both Workstation Manager and the Remote Management agent must be installed.
2.
x
3.
Set the Remote Management Agent password at the managed workstation by completing the following: a. b. c. Right-click the Remote Management Agent icon in the system tray. Select Security > Set Password. Enter a password of ten or fewer ASCII characters. The password is case-sensitive and cannot be blank. d. Select OK.
Directory-Based Remote Management
In directory-based Remote Management, the managed workstation must be imported as an eDirectory workstation object for the Remote Management agent to accept a Remote Management request.

14-10
The Remote Management agent uses eDirectory-based authentication to verify whether the remote operator requesting to remotely manage the workstation is authorized to do so.
Version 1
The effective policy settings are computed from the Remote Control policy for the workstation object and the user object of the user logged in to the managed workstation. To deploy directory-based remote management, complete the following:
1.
Install Remote Management agent and Workstation Manager on workstations to be remotely managed. Import the workstations into the eDirectory tree as Workstation objects. Configure Remote Management policies to allow remote management of the workstation. Assign rights to the users that you want to manage the workstation.
2.
3.
4.
This section focuses on remotely managing workstations that have been imported into the eDirectory tree.
Congure Remote Management Ports (Optional)

By default, the Remote Management Agent and Remote Control Listener bind to TCP ports 1761 and 1762, respectively. In the event that there is a port conict with another application, you can change the port number assignments by doing the following:

Configure the Remote Management Agent Port Configure the Remote Control Listener Port

Congure the Remote Management Agent Port
The Remote Management Agent port binds to TCP port 1761 by default. To change this assignment, do the following:
1.
On the managed workstation, run a text editor and open the \Agent_directory\Remotemanagement\Rmagent\Rmcfg.ini file. Under the Remote Management Agent Port section, set the DefaultCommPort to the desired port number. Save the changes to the file and exit the text editor. Restart the Remote Management Agent.
2.
3. 4.
To initiate a remote session to a managed workstation where the Remote Management Agent is running on any port other than 1761, you need to make the following modications on the management console:
1.
Open the ConsoleOne_directory\1.2\Bin\Rmports.ini file in a text editor. Under the Remote Management Agent Ports section, add the new port number. If you have congured the Remote Management Agents on different managed workstations to use different port numbers, list each port number used on separate lines under the Remote Management Agent Ports section.
2.
3. 4.
Save the changes to the file and exit the text editor. Restart ConsoleOne.

Congure the Remote Control Listener Port
The Remote Control Listener port binds to TCP port 1762 by default when ConsoleOne is started. You may congure it to run on a different TCP port by completing the following steps:
1.
Open the ConsoleOne_directory\1.2\Bin\Rmports.ini file in a text editor. Under the Remote Control Listener Port section, set the DefaultCommPort to the desired port number. Save the changes to the file and exit the text editor. Restart ConsoleOne.
2.
3. 4.
To initiate a remote session request to a management console, where the Remote Control Listener is running on any port other than 1762, the following modications need to be made to any managed workstations:
1.
Open the Agent_directory\Remotemanagement\Rmagent\Rmcfg.ini file in a text editor. Under the Remote Control Listener Ports section, add the new port number. Save the changes to the file and exit the text editor. If you have congured Remote Control Listeners on different management consoles to use different port numbers, list the port numbers on separate lines under the Remote Control Listener Ports section.
2.
3.
4.
Restart the Remote Management Agent.

Congure Remote Management Policies

The Remote Management policy is a ZENworks policy object in User and Workstation policy packages. The Remote Management policy enables the remote operator to specify security settings for Remote Management sessions. You can use the ZENworks Policy Wizard to create a policy package or use an existing policy package. By default, the Remote Management policy is available from all the listed User and Workstation policy packages provided by ZENworks Desktop Management, including

General Windows 9x Windows NT Windows 2000 Windows XP
The default values are provided for parameters in each page of the Remote Management policy. You can change the default values to suit your requirements. To change the default values, do the following:
1.
Open ConsoleOne and browse to your User or Workstation policy package. Right-click your policy package; then select Properties. Select the Policies tab; then select the operating system you want to establish the policy for.
2. 3.

4. 5.
Enable the Remote Control Policy. Select Properties > Remote Management.

6.
Select the remote session tab on which you want to change settings; then select the options that you want to use. The following table provides a description of options available in the Remote Management policy:
Table 14-1
Tab General
Options Enable Diagnostics
Description Allows the remote operator to diagnose the managed workstation. Allows the remote operator to establish Remote Management session with the managed workstation using password mode of authentication.
Enable Password-based Remote Management

14-16
Version 1
(continued)
Table 14-1
Tab
Options Enable Session Encryption
Description Encrypts the Remote Control and Remote View sessions. The Remote Operator will not be able to change this to an unencrypted mode. When this option is disabled, the remote sessions will be unencrypted by default. In this case, the Remote Operator will have an option to switch over to encrypted mode. NOTE: This option will not work with ZENworks for Desktops 4.x and older versions.
Allow User to Request Remote Session
Allows the user at the managed workstation to request that the Remote Operator on the management console open a remote session. NOTE: This option will not work with ZENworks for Desktops 4.x and older versions.
Terminate Session When New User Requires To Be Prompted for Permission

Version 1
Terminates any ongoing Remote Management session when a new eDirectory user, whose permission for initiating any Remote Management operation is required, logs in to the managed workstation.
14-17
(continued)
Table 14-1
Tab
Options Accept Connections Across NAT/Proxy
Description Enables the Remote Management Agent to accept connections with the management console across NAT routers or proxy servers. This is applicable for connections initiated only through the Directory-based authentication.
Prompt User for Permission to Accept Connections across NAT/Proxy
Allows the user at the managed workstation to accept or reject connections across NAT routers or proxy servers. This is applicable for connections initiated only through the Directory-based authentication.
Display Remote Management Agent Icon to Users
Displays the Remote Management Agent icon in the taskbar of Windows 98 and Windows 2000/XP managed workstations on which the Remote Management agent is running. Allows the remote operator to remotely control the managed workstation.
Control
Enable Remote Control

(continued)
Table 14-1
Tab
Options Prompt User for Permission to Remote Control
Description Allows the user at the managed workstation to either accept or reject the Remote Control session initiated by the remote operator. Generates an audible signal on the managed workstation every time the remote operator remotely controls the managed workstation. You can modify the time interval as to when the audible signal should be generated. Displays a visible signal with the name of the remote operator on the managed workstation every time the remote operator remotely controls the managed workstation. You can modify the time interval as to when the name should be displayed.
Give User Audible Signal When Remote Controlled
Give User Visible Signal when Remote Controlled
Allow Blanking User's Screen
Allows the remote operator to blank the screen of the managed workstation during a remote control session and also lock the users mouse and keyboard.

(continued)
Table 14-1
Tab
Options Allow Locking User's Keyboard Mouse
Description Allows the remote operator to lock the mouse and keyboard of the managed workstation during a remote control session. Allows the remote operator to view the desktop of the managed workstation. Allows the user at the managed workstation to either accept or reject the Remote View session initiated by the remote operator. Enables the management console to send an audible signal to the managed workstation every time the remote operator remotely views the managed workstation. Enables the management console to send a visible signal to the managed workstation every time the remote operator remotely views the managed workstation. Allows the remote operator to transfer les between the management console and the managed workstation.
Remote View
Enable Remote View
Prompt User for Permission to Remote View
Give User Audible Signal When Remote Viewed
Give User Visible Signal When Remote Viewed
File Transfer
Enable File Transfer

(continued)
Table 14-1
Tab
Options Prompt User for Permission to Transfer Files
Description Allows the user at the managed workstation to either accept or reject the File Transfer session initiated by the remote operator. Allows the remote operator to execute applications or les on the managed workstation. Allows the user at the managed workstation to either accept or reject the Remote Execute session initiated by the remote operator.
Remote Execute
Enable Remote Execute
Prompt User for Permission to Remote Execute
Using the Remote Management policy, you can custom congure your implementation. Be aware, however, that many of the parameters in the policy, if changed from their default settings, require that the Remote Management agent on the workstation be restarted for the change to take effect. For example, if you change the Remote Management agent icon setting, you must restart the Remote Management agent for the change to be applied.
7. 8.
Select the Associations tab; then select Add. Browse to and select the container object where your workstation objects have been imported; then select OK. Select Apply > Close.
9.

Assign Rights to Remote Operators

You can use the Manage Remote Operators wizard to set up the required rights for management console users to manage workstations.
You can also use the Remote Operators tab in the properties of a workstation object to add a user as a remote operator.
Do the following:
1. 2.
In ConsoleOne, select your eDirectory tree. Select Tools > ZENworks Remote Management > Manage Remote Operator. The following appears:
Figure 14-3

14-22
Select Use the inheritable property to modify the rights at the container level.
Version 1
4. 5.
Select Add. Browse to and select the container or the workstation for which you want to configure Remote Operators. Select Next. The following appears:
6.
Figure 14-4
7.
In the Remote Management Operations list, configure the rights assignment you want to make. You must assign at least one right.
8. 9.
Select Next. Select Add. to assign the rights.
10. Browse to and select the container or the user to whom you want 11. Select Next.

Version 1
In the Summary dialog, select Finish.
14-23
Start Remote Management Operations Using ConsoleOne

After you have congured your Remote Management policy and assigned rights, you can start Remote Management operations using ConsoleOne. The Remote Management agent on the managed workstation starts automatically when it boots up. The remote operator can then initiate a Remote Management session.
This objective focuses on starting directory-enabled Remote Management sessions. For details on how to manage password-based sessions, see http://www.novell.com/documentation/zenworks7/dm7admin/data/ af6lulg.html#adog7me.
You can initiate directory-based Remote Management using one of the following methods:

Configure Workstation Objects to Start Remote Management Configure User Objects to Start Remote Management
Congure Workstation Objects to Start Remote Management
The following describes how to initiate Remote Management sessions from a workstation object: Table 14-2
Type of Session Remote Control Steps Do the following:
1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > Remote Control.

(continued)
Table 14-2
Type of Session Remote View
Steps Do the following:

1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > Remote View.
File Transfer
Do the following:
1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > File Transfer.
Remote Execute
Do the following:
1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > Remote Execute.
Diagnostics
Do the following:
1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > Diagnostics.
Remote Wake Up
Do the following:
1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > Remote Wake Up.
Remote Audit
Do the following:
1. Right-click the managed workstation object in your eDirectory tree. 2. Select Actions > Remote Audit.

Congure User Objects to Start Remote Management
In addition to the workstation object, you can also use user objects to start Remote Management sessions. To congure a user object to start Remote Management sessions, do the following:
1.
In ConsoleOne, right-click a user object.

The selected user must have logged in to at least one managed workstation before Directory-Based Remote Management can be initiated.
x
2.
Select Remote Management. The following appears:
Figure 14-5
3.
In the Remote Management dialog box, do the following: a. Select the IP address of the managed workstation which you want to remotely manage.

If the user has logged in to the tree through a ZENworks Middle Tier server, the list of IP addresses will actually display the IP address of the Middle Tier server. To lter this address, open the ConsoleOne_directory\1.2\Bin\Drishtitype.ini le in a text editor and add the XTierServerAddresses property. Set this property to the Middle Tier servers IP address. For example, XTierServerAddresses = 192.168.1.254.
b. c.
Select a Remote Management operation which you want to perform. Select Directory-Based > OK. The specied operation is executed and the interface is displayed. For example, if you selected Remote Control, the following appears:
Figure 14-6

Start User-Initiated Sessions

If the managed workstation is congured behind a dynamic NAT router, the managed workstation cannot be accessed from the management console. However, the management console can be accessed from the managed workstation. In this situation, the user must initiate the Remote Control session by doing the following:
1.
At the managed workstation, the user initiates a request for a Remote Management session by doing the following:
Before initiating a Remote Management session from the Remote Management agent, the remote operator must ensure that ConsoleOne is running on the management console.
a. b. c.
In the System Tray, right-click the Remote Management Agent icon. Select Request Session. Enter the IP address or the DNS name of the management console.
d. Select Remote Control or Remote View from the drop-down list. e. Select OK. The Remote Management Listener identies the request and noties the remote operator.
2.
The remote operator must accept the request and do the following in the Select Authentication Mode screen: a. b. Select either the Directory or the Password option to specify the type of authentication you are using. If the password-based authentication is selected, enter the password for authentication. Select OK.

14-28
c.
Version 1
Objective 3
Perform Remote Management Tasks

In this objective, you learn how to do the following common Remote Management tasks:

Perform Remote Control Operations Execute Remote Wake Up Sessions View Diagnostic Information
Perform Remote Control Operations

Remote Control lets you remotely control a managed workstation. You can use Remote Control to provide user assistance and to help resolve workstation problems. You start Remote Control operation using the steps presented in Start Remote Management Operations Using ConsoleOne on 14-24. When Remote Control is running, you can control and customize a Remote Control session by doing the following:

Control the Display of the Viewing Window Manage Remote Control Sessions
Control the Display of the Viewing Window
You can control the display of the managed workstation by doing the following to use the Viewing window control options:
1.
Select the Remote Management Agent icon, located at the top left corner of the Viewing window.

2.
Select Configure. The following appears:
Figure 14-7
3.
Select the control options you want to enable for the remote session. The following describes the options you can use to control the display of the Viewing window.
Table 14-3
Option
Description
Block Mouse Blocks all the mouse movements to the Movements to Agent Agent; reducing network bandwidth consumption. Enable High-Quality Scaling Enhances the quality of images in the Scale To Fit mode.

(continued)
Table 14-3
Option Enable Accelerator Keys
Description Enables the accelerator keys on the management console so that you can change the default accelerator key sequences during the remote session. Encryption is an optional feature and will be effective per session. If the Remote Management policy has encryption enabled, the session will be encrypted from the start of the session. Encrypting a whole session provides greater security because the data transferred will be encrypted.
Enable Encryption
System Key Pass
Passes Alt-key sequences from the management console to the managed workstation. Suppresses any wallpaper displayed on the managed workstation. This option is enabled by default. If you want to display the wallpaper on the managed workstation during a Remote Control session, disable this option.
Hide Wallpaper

(continued)
Table 14-3
Option Color Quality
Description Determines the number of colors displayed. By default, on a fast link, Color Quality is set to Normal. On a slow link, the color quality is set to 256 colors. You can change the color quality to one of the following:
16 Colors. Forces the use of 16-color palette on the managed workstation during a Remote Management session. This enhances the Remote Management performance over a slow link. 256 Colors. Forces the use of 256-color palette on the managed workstation during a Remote Management session. This enhances the Remote Management performance over a slow link. Normal. The color is not altered and the setting is the same on the managed workstation during a Remote Management session.
Network Type
Enhances performance over slow links. If the managed workstation is connected by a LAN, select the Fast Links option to enhance the Remote Management performance. If the managed workstation is connected over a dial-up link or by WAN, select the Slow Links option to enhance performance.
4.
Save the Control Parameter settings by selecting Save on Exit; then select OK.

Manage Remote Control Sessions
Within a Remote Control session, you can perform the following actions using the buttons on the viewing window toolbar: Table 14-4
Option Screen Blanking Keystroke Shortcut Function Ctrl+Alt+B Blanks the screen at the managed workstation. When the remote operator selects this option, the screen of the managed workstation is blacked out and the operations performed by the remote operator on the managed workstation are not visible to the user at the managed workstation. This option is enabled only if the Allow Blanking User's Screen option is enabled in the Remote Control policy of the managed workstation. Be aware that this option is not supported with certain display adapters. Refer to the ZENworks Desktop Management Readme for the list of display adapters that do not support this feature. Mouse and Keyboard Lock Ctrl+L Locks the keyboard and mouse controls at the managed workstation. When the remote operator selects this option, the user at the managed workstation is not be able to use the keyboard and mouse controls of the managed workstation. Alt+R Invokes the start menu on the managed workstations.
System Start

(continued)
Table 14-4
Option Toggle
Keystroke Shortcut Function Ctrl+T Sends the Alt+Tab key sequence to the managed workstation. This switches applications on managed workstations. If you use the toolbar button, you must click it continuously to traverse through the applications; then press Tab to select the desired application.
System Key PassThrough
Ctrl+Alt+S
Sets the system key pass to On or Off. This passes Alt-key sequences on the management console to the managed workstation. Sends the Ctrl+Alt+Del keystroke to the managed workstation. Refreshes the viewing window. Scans and renders the information of the entire screen of the managed workstation continuously. Hides the scroll bars and scales the Remote Management window to t your screen. Encryption is an optional feature and will be effective per session. If the Remote Management policy has this option enabled, the session will be encrypted from the start of the session.
Reboot
Ctrl+Alt+D
Refresh Full Screen Polling Scale to Fit Session Encryption
Ctrl+Alt+R Alt+L
Ctrl+Alt+G

Execute Remote Wake Up Sessions

The Remote Management Remote Wake Up feature in ZENworks 7 supports Magic Packet technology. When a powered-down node that is Wake on LAN enabled receives the magic packet, the system will boot up. This topic covers the following:

Prerequisites for Remote Wake Up How to Remotely Wake Up Managed Workstations How to Configure a Scheduled Remote Wake Up Using the Wake-on-LAN Policy
Note that Remote Wake Up is possible because ATX motherboards and power supplies never actually power all the way off. Instead, the power supply provides a small, continuous current to the motherboard even when the system is off. This allows the chipset on the motherboard to continue to function and respond to the magic packet.
Prerequisites for Remote Wake Up
Before implementing Remote Wake Up, the following prerequisites must be met:
Make sure that the managed workstation has a network card that supports Wake on LAN. Additionally, ensure that you have enabled the Wake on LAN option in the CMOS Setup program of the managed workstation. Make sure that the managed workstation is registered in your tree. The only way an ATX system can be in a fully powered-off state is to either unplug it from the power outlet or to turn off the power supply itself with a switch.

Version 1
14-35
Some ATX power supplies have this hard-power switch, but many dont. If a switch doesnt exist on the power supply, it is always in a soft-off power state. Make sure that the remote workstation is in a soft-off power state. In the soft-off state, the CPU is powered off and a minimal amount of power is utilized by its network interface card.
Make sure that the routers connecting the management console and the remote node are configured to forward subnet-oriented broadcasts.
How to Remotely Wake Up Managed Workstations
You can perform Remote Wake Up without conguring the Wake-on-LAN policy and service. To perform a Remote Wake Up, do the following:
1.
In ConsoleOne, right-click a managed workstation, a group of managed workstations, a container, or a group of containers. Select Actions > Remote Wake Up.
2.
Alternatively, you can congure a Wake-on-LAN policy to customize the Remote Wake Up service.
How to Congure a Scheduled Remote Wake Up Using the Wake-on-LAN Policy
By conguring the Wake-on-LAN policy, you can wake up a managed workstation or a set of managed workstations automatically.

14-36
To schedule the wake up of a managed workstation or a set of managed workstations automatically through the Wake-on-LAN service, you need to do the following (in the indicated order):
Version 1
1.
Configure the Wake-on-LAN Service object: a. b. c. In ConsoleOne, right-click the Wake-on-LAN service object (WOLService_servername). Select Properties > Look Up Schedule. Modify the schedule to read the Wake-on-LAN policy.
d. Select OK.
2. 3.
(Conditional) If the Wake-on-LAN service is running, restart it. Configure the Server package for the Wake-on-LAN service: a. b. c. e. f. In the ConsoleOne, right-click the Server package. Select Properties > Policies > General. Select Add. Enter a name for the Wake-on-LAN policy. Enable the Wake-on-LAN policy.
d. Select the Wake-on-LAN policy type.
g. Select Properties > Target List. h. Select Add. i. j. l. Select the workstations or the workstation container; then select OK. Select the Policy Schedule tab. Select Apply > Close.
k. Modify the policy schedule. m. Select the Associations tab. n. Browse to and select the server object or the container where ZENworks Desktop Management is installed; then select OK twice.
4.
Load the Wake-on-LAN service at the NetWare server by entering startwol at the server console.

You can obtain the information about the Wake-on-LAN operations from the novell-zdm-wol.log le in the /var/opt/novell/log/zenworks/rm directory on the server.
View Diagnostic Information

As mentioned earlier, Remote Management provides you with the ability to gather diagnostic information about the managed workstation. This provides Help Desk technicians with a wealth of troubleshooting data without a physical visit to the workstation in question. To view diagnostic information, do the following:
1.
In ConsoleOne, right- click the user or managed workstation; then select Remote Management. The following appears:
Figure 14-8
2.

14-38
In the Workstation drop-down list, select your deployment workstations IP address. In the Operation drop-down list, select Diagnostics.
Version 1
4.
Verify that Directory is marked under Authentication Mode; then select OK. The following appears:
Figure 14-9
5. 6.
Expand Diagnostics. To view Windows Memory diagnostics, select Operating System > Memory > Windows Memory. To view Environment diagnostics, select Operating System > Environment. To view the Event Log, do the following: a. b. c. Select Operating System > Event Log. Select Security, System, or Application. Select an event in the Event Log table to view its details.
7.
8.
9.
To view Device Drivers information, select Operating System > Device Drivers. Services.

Version 1
10. To view Services information, select Operating System >
14-39
11. To view WIN32 Processes, select Operating System > WIN32
Processes.
12. To view WIN32 Modules information, select Operating System
> WIN32 Modules.

13. To view NetWare Connections, select Network > NetWare
Connections.
14. To view Novell Client information, select Network > Novell
Client.
15. To view Network Protocols, select Network > Network
Protocols.
16. To view Network Drives, select Network > Network Drives. 17. To view Network Open Files, select Network > Network Open
Files.
18. To view Printer Captures, select Network > Print Capture.

Exercise 14-1
Conguring Remote Management

In this exercise, you congure a Remote Management session between your administrative workstation (your Host2 computer) and the WS1 workstation. You use the following Host computers and VMware virtual machines:
Figure 14-10
Do the following:

Part I: Configure a Remote Management Policy Part II: Give Rights to Remote Operators Part III: Test the Configuration for the CKent User Part IV: Customize the Remote Control Session for the BWayne User Part V: View Diagnostic Information

Part I: Congure a Remote Management Policy
Complete the following:

1.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. From your Host2 computer desktop, start ConsoleOne. From ConsoleOne, browse to and right-click SLC User Package.Policies.slc.da. Select Properties. A Properties of SLC User Package dialog appears.
2. 3.
4.
5. 6. 7.
Select the Policies > Windows XP tab page. Enable Remote Control Policy. Select Properties. A Properties of SLC User Package:Windows XP:Remote Control Policies dialog appears.
8.
From the Remote Management tab page, select the General tab; then select the following:

Enable Diagnostics Enable Session Encryption Allow user to request remote session Enable Remote Control Prompt user for permission to remote control Give user visible signal when remote controlled Allow blanking users screen Enable Remote View Give user visible signal when remote viewed
9.
Select the Control tab; then select the following:

10. Select the View tab; then select the following:

14-42
Version 1
11. Deselect Prompt user for permission to remote view. 12. Select OK twice.
Part II: Give Rights to Remote Operators
Do the following:
1.
From your Host2 computer in ConsoleOne, browse to and select DA-TREE. From the menu bar, select Tools > ZENworks Remote Management > Manage Remote Operator. A Remote Operator Wizard dialog appears.
2.
3. 4. 5.
Select Add. Browse to and select da; then select OK. Select the Use the inheritable property to modify the rights at the container level check box. Select Next. A Remote Operator Wizard dialog appears.
6.
7.
In the Remote Management Operations list, give rights to the following by clicking the icon to the left of the option until a checkmark appears in a white box:

Remote Control Remote View File Transfer Remote Execute Remote Wake-Up
8. 9.
When you finish, select Next. Select Add. Browse to and select CKent.Users.slc.da; then select OK.

Version 1
14-43
11. Select Next. 12. From the Summary page, select Finish.
Part III: Test the Conguration for the CKent User
In this part of the exercise, you test the conguration for the CKent user by requesting a Remote Control session from the Host2 computer, and remote controlling the CKent user desktop. Do the following:
1.
From the WS1 virtual workstation using the Novell Client, log off and then log in as CKent with a password of novell. When prompted about your connection speed, select No. From the system tray, right-click the Remote Management Agent icon. Select Request Session. A Request Session dialog appears.
2. 3.
4.
x
5. 6. 7.
If the dialog does not appear, try rebooting the WS1 workstation; then log in as CKent and start at Step 2.
In the Console field, enter 10.200.200.2. In the Operation field, make sure that Remote Control is selected. Select OK. A message appears indicating that you are waiting for the remote operator to accept the session request.
8.
Minimize the VMware Workstation window. On your Host2 computer desktop, a Remote Session Request dialog appears.

14-44
Version 1
x
9.
If you receive a message that the Remote Control Listener is not installed, select Start > Control Panel > Administrative Tools; then select Services > Find. Browse to and start Remote Access Connection Manger.
From your Host2 computer desktop, accept the remote session by selecting Yes.
10. Maximize the VMware Workstation window.
A Request for Permission dialog appears on the WS1 desktop.

11. Give permission for a remote session by selecting Yes. 12. Minimize the VMware Workstation window.
Notice that a Remote Control window appears on the Host2 desktop with the WS1 desktop displayed.
13. Close the Remote Control window. 14. From ConsoleOne on the Host2 desktop, right-click
CKent.Users.slc.da; then select Remote Management. A Remote Management dialog appears.

15. From the Workstation drop-down list, select the WS1 virtual
workstation IP address.
16. From the Operation drop-down list, select Remote Control. 17. Under Authentication mode, make sure that Directory is
selected; then select OK.



Version 1
The WS1 workstation desktop appears in a Remote Control window on the Host2 desktop.
14-45
21. Perform tasks such as the following from the remote WS1
workstation desktop:
Open the Digital Airlines Charter document from the icon on the desktop. Open WinZip from the icon on the desktop. Open the OpenOfce text document window from the icon in the system tray.
22. When you are done, close the Remote Control window.
Part IV: Customize the Remote Control Session for the BWayne User
In this part of the exercise, you test the conguration for the BWayne user by requesting a Remote Control session from the Host2 computer, and remote controlling the BWayne user desktop. Do the following:
1.
From the WS1 workstation using the Novell Client, log off and then log in as BWayne with a password of novell. When prompted about your connection speed, select No. From the system tray, right-click the Remote Management Agent icon. Select Request Session. A Request Session dialog appears.
2. 3.
4.
5. 6.
In the Console field, enter 10.200.200.2. In the Operation field, make sure that Remote Control is selected. Select OK. A message appears indicating that you are waiting for the remote operator to accept the session request.
7.

14-46
Version 1
8.
Minimize the VMware Workstation window. On your Host2 computer desktop, a Remote Session Request dialog appears.
x
9.
If you receive a message that the Remote Control Listener is not installed, select Start > Control Panel > Administrative Tools; then select Services > Find. Browse to and start Remote Access Connection Manger.
From your Host2 computer desktop, accept the remote session by selecting Yes.

Notice that a Remote Control window appears on the Host2 desktop with the WS1 desktop displayed.
13. Customize the Remote Control session by doing the following:
a. b. c.
Right-click the top left corner of the Remote Control window. Select Congure. A Control Parameters dialog appears. Under Settings, select Enable High Quality Scaling. This option enhances the quality of images when you expand the Remote Control window to a full screen size (Scale to Fit mode).
d. Deselect Hide Wallpaper. e. Select Save On Exit; then select OK. Notice that the wallpaper for the WS1 desktop remote session appears.

Version 1
14-47
14. Close your Remote Control window.
Part V: View Diagnostic Information
Do the following:
1.
From ConsoleOne on the Host2 computer, right-click BWayne.Users.slc.da; then select Remote Management. A Remote Management dialog appears.
2. 3. 4.
From the Workstation drop-down list, select the WS1 IP address. From the Operation drop-down list, select Diagnostics. Under Authentication mode, make sure that Directory is selected; then select OK. A Diagnostics dialog appears.
5.
View Windows Memory diagnostics by doing the following: a. b. c. From the left pane, expand Operating System > Memory. Select Windows Memory. Review the memory statistics for WS1. From the left pane under Operating System, select Environment. Review the system variables for WS1. From the left pane under Operating System, expand Event Log. Select Application. From the Event Log table in the right pane, select an event to view the event details.
6.
View Environment information by doing the following: a. b.
7.
View the Application Event Log by doing the following: a. b. c.

8.
View Device Drivers information by doing the following: a. b. From the left pane under Operating System, select Device Drivers. Review the device drivers on WS1.
9.
(Optional) View other diagnostic information.
10. When you finish, close the Diagnostics window. 11. Close the Remote Management window.
(End of Exercise)

Summary
Objective
and Function of Remote Management
Summary The Remote Management component of Novell ZENworks Desktop Management gives you the ability to remotely manage workstations. This functionality can provide signicant cost savings for your Help Desk organization. In this objective, you learned about the following:

Remote Management features and benets Remote Management components To effectively implement and use Remote Management, you need to understand the following Remote Management service components:

Managed workstation Management server Management console Remote Management agent
Remote Management tools To effectively implement and use Remote Management, you need to understand the following Remote Management service tools:

Remote control Remote view Remote execute Remote diagnostics File transfer Remote Management auditing Remote wake up

14-50
Version 1
Objective
2. Congure Remote
Management
Summary Conguring Remote Management involves several tasks. To set up Remote Management on your server and workstations, you need to do the following: Select a Remote Management deployment strategy
Congure Remote Management ports (optional) Congure Remote Management policies Assign rights to remote operators Start Remote Management operations using ConsoleOne Start user-initiated sessions
3. Perform Remote
Management Tasks
In this objective, you learned how to do the following common Remote Management tasks:

Perform remote control operations Execute remote wake up sessions View diagnostic information


Objective
2. Congure Remote
Management
Summary Conguring Remote Management involves several tasks. To set up Remote Management on your server and workstations, you need to do the following: Select a Remote Management deployment strategy
Congure Remote Management ports (optional) Congure Remote Management policies Assign rights to remote operators Start Remote Management operations using ConsoleOne Start user-initiated sessions
3. Perform Remote
Management Tasks
In this objective, you learned how to do the following common Remote Management tasks:

Perform remote control operations Execute remote wake up sessions View diagnostic information


Configure Workstation Inventory and Reporting
SECTION 15
Congure Workstation Inventory and Reporting
In this section, you learn how to gather workstation information using the Workstation Inventory component of ZENworks Desktop Management and generate inventory reports.
Objectives
1. 2. 3.
Describe the Role and Function of Workstation Inventory Configure Workstation Inventory Run Inventory Reports

Introduction
As a network administrator, you know that one of the key elements in most organizations deployment, management, and disaster recovery plans is detailed documentation of the systems on the network. In the past, this documentation was maintained manually. Due to the amount of effort required to gather and update the required information, this documentation was usually outdated within a short period of time. The Workstation Inventory component of ZENworks Desktop Management, however, provides an automated system for gathering this information. It enables you to collect and update hardware and software inventory information from the workstations in your enterprise. This inventory information is scanned and stored in a database that can be accessed by the ZENworks administrator. From ConsoleOne, you can view and query the complete hardware and software inventory.

Objective 1
Describe the Role and Function of Workstation Inventory

The Workstation Inventory component of ZENworks Desktop Management gathers hardware and software inventory information from the workstations in your enterprise. Workstation Inventory collects, stores, and reports inventory information of the workstations on your network. The inventory information can be useful to help you make business decisions on how to manage workstations. For example, it can identify workstations that

Need new applications Need updated hardware and drivers Should receive an application from an application object Conform to the corporate hardware and software standard
In this objective, you learn about the following:

Workstation Inventory Components Inventory Server Roles
Workstation Inventory Components

Workstation Inventory includes the following components:
Inventoried workstation. A Windows workstation whose hardware and software information you want to scan and maintain in a central repository. To gather complete hardware and software inventory for a workstation, you must install the ZENworks Agent on that workstation.

Version 1
15-3
Inventory server. A ZENworks Desktop Management server where you run the Inventory service. The Inventory service can co-exist with other Desktop Management services on the same server. The Inventory server collects the inventory information from associated inventoried workstations and stores it in the Inventory database.
Inventory database. A repository of inventory information of all the inventoried workstations. The database is a Common Information Model-based database and is implemented in Relational Database Management System (RDBMS). It can be run in Sybase, Oracle, or Microsoft SQL.
Inventory scanners. Platform-dependent scanners that determine the hardware and software configurations of workstations. Inventory scanners are located on the inventoried workstations. When executed on the inventoried workstations, the scanner collects the inventory information for the inventoried workstations. The inventory information is subsequently transferred to the Inventory server and processed. Using the Workstation Inventory policy, you can customize settings for scans on the workstations. From the Inventory Service object (Inventory Service_server_name), you can specify the location of the inventory information and also customize software scanning using the Software Dictionary snap-ins. The Inventory scanning cycle works as follows:
1.

15-4
The Inventory scanner checks whether an updated dictionary is available at its Inventory server and downloads the updated dictionary.
Version 1
2.
The Inventory scanner sends hardware and software information from the inventoried workstations to the Inventory server according to the scan schedule. The Inventory server stores the inventory information in the Inventory database. At the management console, you can view and retrieve the inventory information from the Inventory database using Inventory tools such as Reporting and Summary.
3.
4.
Database server. A server running Sybase, Oracle, or Microsoft SQL server where your Inventory database is hosted. The database can run on the Inventory server or on a different server. Management console. A Windows workstation running ConsoleOne used to administer the inventory system. Inventory tree. A logical tree depicting the transmission of the inventory information from the inventoried workstations and the Inventory servers to the centralized enterprise Inventory database. Standalone server. An Inventory server that has an Inventory database and inventoried workstations attached to it. Leaf server. The lowest-level Inventory server in the inventory tree hierarchy. This server has one or more inventoried workstations attached to it and can have the Inventory database attached to it. This Inventory server collects the inventory information from the inventoried workstations attached to it and moves the information to the next-level Inventory server.

Version 1
Intermediate server. The Inventory server for moving the information from the lower-level Inventory servers up the Inventory server hierarchy. This server can have either inventoried workstations or the Inventory database, or both, attached to it.
15-5
Root server. The highest-level Inventory server in the inventory tree hierarchy. This server has an Inventory database that contains the inventory information of all the lower-level Inventory servers. At the Root server level, you can view complete inventory information for the entire enterprise. This server can have inventoried workstations attached to it.
Software Dictionary. A list of software identiers and rules. Each software identifier identifies a particular product installed on an inventoried workstation. Software Identifiers. An entry in the Software Dictionary that identifies a software package. Each software identifier has a set of file-matching attributes and corresponding software information attributes. During the Inventory scan, the scanner reads the attributes from the le headers. If these attributes match the attributes congured in the dictionary, the information in the corresponding software information attributes is stored in the Inventory database.
Software Dictionary Rule. A rule that represents a set of conditions that control the scope of the scanning process. Unidentified Software. Software packages identified in the scanning process that are not listed in the dictionary. They are labeled Unidentified Software. Selector. Processes the inventory information and places the information in appropriate directories. Sender and Receiver. The Sender on the Inventory server that compresses the inventory information and then transfers it from the lower-level Inventory server to the Receiver on the higher-level Inventory servers.

By using the Roll-Up policy, you can congure the next level destination Inventory server for roll-up, and also schedule the roll-up time.
Storer. Stores the collected inventory information in the Inventory database. By using the Database Location policy, you can configure the properties of the Inventory Database object (Inventory database_server_name) and associate the database object to an Inventory server. STR Converter. Converts ZENworks for Desktops 3.2 (with SP3 or later installed) inventory information to the format required by ZENworks Desktop Management. TCP Receiver. Receives the roll-up inventory information from a ZENworks for Desktops 3.2 Inventory server connected to it and converts the information to a format required by ZENworks Desktop Management. Dictionary Provider and Dictionary Consumer. All Inventory servers run the Dictionary Provider and Dictionary Consumer services. The Dictionary Consumer downloads the dictionary updates from the Dictionary Provider.
Inventory Server Roles

Your Inventory server can function in a variety of roles. As mentioned above, it can be congured as a stand-alone server or as a member of a hierarchical tree with other Inventory servers. The following describe the roles a Inventory server can fulll:

Stand-Alone Server Root Inventory Server Root Server with Inventoried Workstations Intermediate Server Intermediate Server with Database

Version 1
15-7
Intermediate Server with Inventoried Workstations Intermediate Server with Database and Inventoried Workstations Leaf Server Leaf Server with Database
Stand-Alone Server
A stand-alone Inventory server includes

Inventoried workstations attached to it An Inventory database attached to it No roll-up of scan information
The following illustrates a typical stand-alone Inventory server conguration: Figure 15-1
Root Inventory Server
You can also congure your Inventory server as a Root Inventory server. The Root server:

15-8
Is the topmost Inventory server in the inventory tree hierarchy
Version 1
Has an Inventory database attached to it
The Inventory database on the Root server contains the inventory information for all lower-level Inventory servers. At the Root server level, you can view all inventory information. The following illustrates Leaf servers connected to the Intermediate server with database with the Intermediate server attached to the Root server: Figure 15-2

Root Server with Inventoried Workstations
You can also congure your Root server with inventoried workstations. In this conguration, your Root server

Is the topmost Inventory server in the inventory tree hierarchy Has an Inventory database and inventoried workstations attached to it
The following shows a Root server with inventoried workstations and an Inventory database attached to it; Leaf servers are connected to the Root server: Figure 15-3

Novell recommends deploying inventoried workstations in this conguration in a LAN environment. Scanning operation should not cross WAN links.
Intermediate Server
In addition to a stand-alone or root server, your Inventory server can also be congured as an Intermediate server. The Intermediate server

Acts as a staging server for the lower-level Leaf servers Moves the inventory information to the next-level Inventory server Does not have inventoried workstations or an Inventory database attached to it
You can congure one or more Intermediate servers in your enterprise.

The following shows an Intermediate server connected to a Root server: Figure 15-4
In the illustration, two Leaf servers roll up the inventory information to the Intermediate server. This Intermediate server rolls up the inventory information to another Intermediate server that is connected to the Root server: In addition, many Leaf servers and Intermediate servers are depicted at different levels. The Intermediate server is a staging server for uploading the scan information to the next-level server. The last Intermediate server is attached to the topmost Root server. This scenario is typical if many Leaf servers exit in different geographical locations. All the Leaf servers move the inventory information to the Intermediate server.
VIEW ONLY In some scenarios, the Leaf server may connect to the Intermediate NO PRINTING server over a WAN. ALLOWED
Intermediate Server with Database
Your Intermediate server can be congured with an inventory database. In this conguration, the Intermediate server with database

Acts as a staging server for the lower-level Leaf servers Moves the inventory information to the next-level Inventory server Has an Inventory database attached to it
You can have one or more Intermediate servers with database in your enterprise.

The following shows two Leaf servers attached to the Intermediate server: Figure 15-5
Notice that a consolidated inventory information of all Leaf servers is available at the Intermediate server level.
Intermediate Server with Inventoried Workstations
You can also congure your Intermediate server with inventoried workstations. The Intermediate server with inventoried workstations
Acts as an intermediate server for the lower-level Leaf servers Moves the inventory information to the next-level Inventory server

15-14
Version 1
Has inventoried workstations attached to it Does not have an Inventory database attached to it
You can have one or more Intermediate servers with Inventoried Workstations in your enterprise. The following shows two Leaf servers attached to the Intermediate server: Figure 15-6
This Intermediate server also has inventoried workstations attached to it.

Intermediate Server with Database and Inventoried Workstations
Your Intermediate server can be congured with both the inventory database and with inventoried workstations. The Intermediate server with database and inventoried workstations

Acts as a staging server for the lower-level Leaf servers Moves the inventory information to the next-level Inventory server Has inventoried workstations attached to it Has an Inventory database attached to it
You can have one or more Intermediate servers with database and Inventoried Workstations in your enterprise.

The following gure depicts a Leaf server attached to the Intermediate server: Figure 15-7
Notice that the Intermediate server has inventoried workstations attached to it. A consolidated Inventory database of all Leaf servers and the inventoried workstations that are directly connected to the Intermediate server is available at the Intermediate server level:
Leaf Server
Your Inventory server can also be congured as a Leaf server. The Leaf server

Version 1
Is at the lowest level in the inventory tree hierarchy
15-17
Has inventoried workstations attached to it Moves the inventory information to the next-level Inventory server Does not have an Inventory database because there might be only a few inventoried workstations attached to the Leaf server
The following shows several Leaf servers attached to an Intermediate server: Figure 15-8
The Intermediate server is connected to a Root server. A consolidated Inventory database of all Leaf servers is available at the Root server level.

Leaf Server with Database
A Leaf server can also be congured with the Inventory database. You can assign a server as a Leaf server with database to maintain the inventory information for the inventoried workstations specific to the site. The Leaf server with database

Is at the lowest level in the inventory tree hierarchy Has inventoried workstations attached to it Moves the inventory information to the next-level Inventory server Has an Inventory database attached to it
The following illustrates two Leaf servers attached to the Intermediate server: Figure 15-9

Notice that one Leaf server has an Inventory database attached to it. This database contains a consolidated inventory of all inventoried workstations attached to this Leaf server.

Objective 2
Congure Workstation Inventory

In this objective, you learn how to design and congure a Workstation Inventory deployment by learning how to do the following:

Plan Your Workstation Inventory Deployment Install Inventory Agents on Workstations Configure the Inventory Service Object Configure the Roll-Up Policy Configure the Database Location Policy Configure Workstation Inventory Policies Configure the Dictionary Update Policy
Plan Your Workstation Inventory Deployment

Before implementing Workstation Inventory, you should plan your deployment. In this topic, you learn about the basic elements that must be included in this plan. Be aware that these elements are very generic in nature. You will need to customize them to your particular organizations needs and network conguration. In addition, this objective discusses implementing Workstation Inventory across an enterprise-wide network. However, because of classroom constraints, the exercises focus on a single-site deployment.

To plan your deployment, do the following:

1.
List the geographic sites in your network along with the link types and speeds connecting the sites, as shown in the following:
Figure 15-10
2.
Determine the best place for the Root server by considering the following:
A high-speed link is needed between the Root server and the management console High-speed links are needed between the site hosting the Root server and the sites hosting the lower-level Inventory servers A database server of suitable conguration should be provided for the Inventory server A single Inventory server should not service more than 5,000 workstations

15-22
Version 1
3.
Determine if any other database is needed. In addition to the database at the Root server, you can maintain database servers at different sites. However, for a majority of enterprises, there may be no need to have any other database besides the single database. If sites or subtrees are connected by slow links, you could consider adding additional databases. If you decide to have additional database servers, determine whether the database will service the local site or a site with many subsites. Also, identify the sites that require information in each Inventory database. All the sites served by a single database should typically access this database instead of the database at the Root server for inventory management. This reduces the load on the database at Root server.
4.
Identify the route inventory information will follow. Identify the routes for inventory information from each Inventory server to the nearest database. To devise a route plan, consider the following:
The route should trace the path inventory information travels from a particular site to its nal destination, which is the database at the Root server. Each route can have an Intermediate server at a staging site. The Intermediate server receives and transmits the information to the next destination. These are application-layer-level routes for inventory information. There can be various network-layer-level routes between two adjacent servers, which will be determined and managed by the routers in the network.

Version 1
Multiple routes are possible. Choose the fastest and most reliable route, taking into consideration the links between sites.
15-23
Routes identied and made operational can be changed later, although there might be some cost in terms of management and trafc generation. If no intermediate database is involved, you can change the route by changing the eDirectory-based policy.
Implement Intermediate servers on sites where the link speeds change substantially. Availability of Inventory servers on the intermediate site for staging the inventory information should be considered while deciding the sites for Intermediate servers. Ensure that these servers have enough disk space to store all the inventory information on the disk until the Sender sends it to the next destination.
5.
Identify servers on each site to act as Inventory and database servers. Ensure that the inventory tree you design follows these guidelines:

6.
The root of the tree is the Root server. At least one Inventory server per site is deployed (recommended). Each site has inventoried workstations to be scanned.
7.
Availability of Inventory servers on the intermediate site for staging the inventory information should be considered while deciding the sites for Intermediate servers. Ensure that these servers have enough disk space to store all the inventory information on the disk until the Sender sends it to the next destination.
8.
Start the actual deployment.

15-24
The order of steps you must follow in order to deploy Workstation Inventory depends on the type of Inventory server you are conguring. The remainder of this section lists the steps for completing each task.
Version 1
Refer to the following to determine the order in which the steps must be done: Table 15-1
Inventory Server Standalone server Steps Do the following:
1. Congure the database Location policy. 2. Congure the Workstation Inventory policy 3. (Optional) Congure the Dictionary Update policy.
Root server
Do the following:
1. Congure the Inventory Service object. 2. Congure the database Location policy. 3. (Optional) Congure the Dictionary Update policy.
Root server with Inventoried Workstations Attached
Do the following:
1. Congure the Inventory Service object. 2. Congure the Workstation Inventory policy 3. Congure the Database Location policy. 4. (Optional) Congure the Dictionary Update policy.
Intermediate server
Do the following:
1. Congure the Inventory Service object. 2. Congure the Roll-Up policy. 3. Congure the Dictionary Update policy.
Intermediate server with database
Do the following:
1. Congure the Inventory Service object. 2. Congure the Roll-Up policy. 3. Congure the Database Location policy. 4. Congure the Dictionary Update policy.

(continued)
Table 15-1
Inventory Server Intermediate server with Inventoried Workstations
Steps Do the following:

1. Congure the Inventory Service object. 2. Congure the Workstation Inventory policy 3. Congure the Roll-Up policy. 4. Congure the Dictionary Update policy.
Leaf server
Do the following:
1. Congure the Inventory Service object. 2. Congure the Workstation Inventory policy 3. Congure the Roll-Up policy. 4. Congure the Dictionary Update policy.
Leaf server with database
Do the following:
1. Congure the Inventory Service object. 2. Congure the Workstation Inventory policy 3. Congure the Roll-Up policy. 4. Congure the Database Location policy. 5. Congure the Dictionary Update policy.

Exercise 15-1
(Optional) Plan an Inventory Deployment

Digital Airlines has headquarters in Salt Lake City with many regional ofces. Each regional ofce, along with its eld ofces, is independently self-directed for marketing the services of Digital Airlines. Key regional ofces are located in London, New York, New Delhi, Tokyo, and Sydney. Each regional ofce is connected to headquarters via a point-to-point WAN link. You decide to plan an inventory deployment for Digital Airlines. You want to allow each regional ofce to roll up inventory information to headquarters. Do the following to plan the inventory deployment for Digital Airlines:
Part I: List the Inventory Sites and Identify the Root Server Location Part II: Identify Inventory Server Roles, Database Location, and Upgrade Requirements Part III: Design the Inventory Server Tree Part IV: Create an Implementation Plan

Part I: List the Inventory Sites and Identify the Root Server Location
The following provides general information about the ofces: Table 15-2
Ofce Salt Lake City London New York New Delhi Tokyo Sydney 1. Workstations 100 WAN Link not applicable 256 Kbps 256 Kbps 256 Kbps 256 Kbps 256 Kbps Field Ofces none Total Workstation s none
8 20 15 6 30
6 15 10 3 16
25 85 40 12 125
Using the information in Table 15-2, list the inventory sites.
2.
In which location will you place the root server? a. b. c. New Delhi Tokyo Salt Lake City
d. London

Part II: Identify Inventory Server Roles, Database Location, and Upgrade Requirements
Fill in the following:

Salt Lake City:
Table 15-3
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory version Available hard disk space Available RAM Upgrade requirements (if any)
Requirement DA1
NetWare 6.5 8.7.3 40 GB 512 MB
London:
Table 15-4
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory version
Requirement DA2
NetWare 5.1 8.0 100 MB
VIEW ONLY Available hard disk space NO PRINTING ALLOWED

Version 1
15-29
(continued)
Table 15-4
Inventory Server Available RAM Upgrade requirements (if any)
Requirement 256 MB
New York
Table 15-5
Requirement DA3
NetWare 5.1 8.6 2 GB 128

New Delhi
Table 15-6
Requirement DA4
Windows 2000 Server 8.6 1 GB 128 MB
Tokyo
Table 15-7
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory Version Available hard disk space Available RAM Upgrade requirements (if any)
Requirement DA5
NetWare 6 8.7 6 GB 1 GB

Sydney
Table 15-8
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory Version Available hard disk space Available RAM Upgrade requirements (if any)
Requirement DA6
NetWare 6 8.6 4 GB 512 MB
Part III: Design the Inventory Server Tree
Draw the inventory server tree design for Digital Airlines.

Part IV: Create an Implementation Plan
You have decided to set up a test site at Salt Lake City as the rst phase of the implementation plan. However, you need to plan for the rest of the implementation. Based on the decisions youve already made, ll in the following table with a phased implementation plan. You can include as many phases as you want (4 are provided). Table 15-9
Phase Phase 1 Implementation Plan
Phase 2
Phase 3
Phase 4
(End of Exercise)

Install Inventory Agents on Workstations

After installing the inventory server and database component, you must install inventory agents on workstations. Inventory agents are automatically installed on workstations during the ZENworks Desktop Management agent installation.
Congure the Inventory Service Object

The Inventory Service object holds conguration settings associated with scanning the inventoried workstations. To congure the Inventory Service object, do the following:
1.
In ConsoleOne, right-click the Inventory Service_ server_name object; then select Properties to display the Inventory Service Object Properties page. Modify the following settings:
2.
Inventory server Role. Based on the servers that you have deployed for scanning inventory, you must specify the role of the server. Discard Scan Data Time. Any scan data les (.zip les) that have scan information collected before the Discard Scan Data Time that you specify in the Inventory Service Object property page will be discarded. Scan Directory Path. The directory on the Inventory server where scans received from the workstation or rolled up from other Inventory servers are stored for further processing. By default, the volume on the server for storing the scan data les is set to the Inventory server installation directory.

Enable Scan. To scan the inventoried workstations associated with the Inventory Service object, you must enable the scan option listed in the Inventory Service object property page. To disable the scanning of the inventoried workstations, deselect this option.
Start Full Scan. When scanning the inventoried workstation for the rst time, the Scanner collects the complete inventory of the inventoried workstation. A complete inventory scan of the inventoried workstation is referred as a full scan. After the inventoried workstation is scanned, the next time the Scanner compares the current inventory information to the history data that it maintains. If there are any changes to the inventoried workstation, the Scanner creates a delta scan, which collects the changes in inventory since the last scan was done. The delta scan setting is the default scan operation for each successive scan after the rst scanning of the inventoried workstation. If the Status Log reported by the inventory component indicates the scanning on the inventoried workstation is not successful, you can enforce a full scan. This policy setting is applicable for all inventoried workstations associated with it. To override the policy, set this option for an individual inventoried workstation. Using the Workstation Inventory policy, you can congure the Schedule Full scan to send a full scan after a certain number of delta scans. The value must be between 5 and 65535. If you do not want the Schedule Full scan, set the value to 65535
3.
Select the Dictionary Settings tab. Configure the required software dictionary rules. Select OK.

Version 1
4.
15-35
If you are modifying the Inventory policies or conguring the objects, always stop the Inventory services rst. Congure the policies and properties of the objects; then start the Inventory services again.
Congure the Database Location Policy

The Database Location policy contains the location of the Inventory database. You can associate the Database Location policy with a container under which the Inventory Service object is located using the Service Location package or with an Inventory server through the Server package.
If you congure the Service Location package and the Server package, the Server package settings will override the Service Location package settings.
To associate the Database object with a container under which the Inventory Service object is located, do the following:
1.
In ConsoleOne, right-click the Service Location Package; then select Properties.

2. 3.
Enable the ZENworks Database policy. Display the Inventory Management page by selecting Properties.

4.
Browse to Inventory database_server_name; then select OK. For a Sybase database, the database object is automatically created during the Workstation Inventory installation. For an Oracle database, you must create the database and congure the object. For a Microsoft SQL database, you must congure the database object.
5. 6. 7.
Select OK. Select the Associations tab; then select Add. Do one of the following:
Browse to and select the container in which the Inventory Service_server_name is located. or Browse to and select your server object.

15-38
Version 1
8. 9.
Select OK. Select Apply > Close.
Congure the Roll-Up Policy

The Roll-Up policy congures the Inventory server for roll-up of scan information. The settings in the Roll-Up policy identify the next-level Inventory server (using the Distinguished Name (DN) of the Inventory Service object) for moving the inventory information from the selected Inventory server. These settings are stored in eDirectory and are associated with the Inventory Server object. To congure the Roll-Up policy, do the following:
1.
In ConsoleOne, right-click the Server Package; then select Properties > Policies > General. Enable the Inventory Rollup Policy. Display the Roll-Up Policy page by selecting Properties. Browse to and select the Inventory Service object. You must specify the DN of the Inventory Service object at the next level Inventory server for moving the inventory information from the selected Inventory server. You can roll up to an Inventory server in a different eDirectory tree. To do this, select Set Context; then enter the tree name and specify the Inventory Service object of the next-level server. The server that you specify must be another Intermediate server Intermediate server with Database
2. 3. 4.

Version 1
15-39
Intermediate server with Database and Inventoried Workstations Intermediate server with Inventoried Workstations Root server or Root server with Inventoried Workstations
By default, the DNS name or the IP address of the next-level server is populated in the eld.
x
5.
You can roll up to an Inventory server in a different eDirectory tree. To do this, select Set Context; then enter the tree name and specify the Inventory Service object of the next-level server.
(Conditional) If the next-level server has multiple IP addresses, select the appropriate address.
Ensure that the DNS name of the next-level server is valid. If the DNS name is invalid, you must select an appropriate server IP address.
x
6. 7. 8. 9.
(Conditional) If the roll-up is to an Inventory server that is across a firewall, specify the IP address or DNS name and the port number of the proxy server. Select Apply. Select the Roll-Up Policy tab. Select Roll-Up Schedule.
10. Modify the roll-up time schedule; then select Apply.
When you schedule the roll-up of information in the Inventory policies, Novell recommends that the roll-up happen at least once a day.

However, if the roll-up of inventory information is scheduled too frequently, the Inventory servers performance will be impacted.
11. Select Associations > Add.
The rst time you enable the Roll-Up policy, you will be prompted to associate the policy package. The policy you congured and enabled earlier will not be in effect until you associate this policy package with a Inventory server or a container.
12. Browse to and select the Inventory server or the container that
you want to associate the Roll-Up policy to, then select OK.
13. Select Apply > Close.
Remember that when modifying the Inventory policies or conguring the objects, you should always stop the Inventory services, congure the policies and properties of the objects; and then restart the Inventory services again.
Congure Workstation Inventory Policies

To congure Workstation Inventory policies, do the following:
1.
In ConsoleOne, right-click the Workstation package; then select Properties. Select the Policies tab. Select a platform from the drop-down list. The available platforms include

2. 3.
Windows 9x WinNT-2000-XP Windows NT Windows 2000

Version 1
15-41
Windows XP
4. 5.
Enable the Workstation Inventory Policy. Select Properties to display the Workstation Inventory Policy page. The following appears:
Figure 15-13
6.
From the General page, configure the following settings: a. b. Browse to and select the Inventory Service object (Inventory Service_server_name). Specify the number of delta scans after which a full scan is required.
7.
Select the Hardware Scan tab.

8.
Configure the following settings:
Enable DMI Scan: Select this option to include scanning of hardware information from Desktop Management Interface (DMI) on the inventoried workstations. Enable WMI Scan: Select this option to include WMI scanning of hardware information from Microsoft's Windows Management Instrumentation (WMI) on the inventoried workstations. Enable Custom Scanning: Select this option to include Custom scanning of the inventoried workstations. You need to enter the name of the Custom Scan executable that should be run for custom scanning. Custom Attribute Editor: Select this option to specify a list of custom attributes. Modify the list if necessary.

Version 1
Select Apply.
15-43
10. Select the Policy Schedule tab.
11. Modify the settings for scheduling the scan of the inventoried
workstations.
12. Select Apply; then select Close. 13. Select the Associations tab; then select Add. 14. Browse to and select the container object where the inventoried
workstations are registered; then select OK.

15. Select Apply; then select Close. 16. In ConsoleOne, right-click the Inventory Service object; then
select Properties.
17. Select the Inventory Service object tab.

15-44
Ensure Enable Scan of Machines is selected; then select OK.
Version 1
Congure the Dictionary Update Policy

The software dictionary contains a list of software identiers and rules. Each software identifier identifies a particular product installed on an inventoried workstation. From time to time, you will need to update your software dictionary by doing one of the following:
Manually download the dictionary from the Novell Support Web site to each Inventory server. or
Manually download the dictionary from the Novell Support web site to one Inventory server (preferably, the Root server) and automatically distribute the dictionary to all servers in your setup by configuring the Dictionary Update policy.
Manually downloading the dictionary from the Novell Support web site to one Inventory server is the preferable option in all but the smallest networks.
An Inventory server can receive dictionary updates from any other Inventory server, irrespective of the server's role. All Inventory servers have Dictionary Provider and Dictionary Consumer services that are automatically installed during the Server Inventory installation. When an Inventory server is started, the Dictionary Consumer reads the Dictionary Update policy and contacts the Dictionary Provider (running on another Inventory server) specied in the policy. Subsequently, the Dictionary Consumer checks for the dictionary updates based on the schedule set in the Dictionary Update policy. It compares the date of the dictionary le on the Dictionary Provider with the le that has been stored locally.

Version 1
15-45
If the le on the Dictionary Provider is newer, then the Dictionary Consumer downloads the le from the Dictionary Provider using XML-RPC as scheduled. The user-dened rules in the downloaded dictionary le are merged with the rules present in the local dictionary. If the merge yields a different set of rules from those locally present, the consolidated set of rules is written to the local dictionary. During the merge process, conicts might arise. These conicts are resolved based on the following:
The rules in the downloaded dictionary always override the rules in the local dictionary. If a conflict arises between the software identifiers, the conflicting identifiers in the local dictionary are removed from the final (merged) dictionary. For a software dictionary rule, the final result is obtained by first writing the downloaded rules and then the local rules into the final dictionary, eliminating the duplicates during the process. This ensures that the downloaded software rules precede the local rules.
To update and distribute the software dictionary between Inventory servers, do the following:
1.
Manually download the dictionary from the Novell Support Web site and save it in the \Zenworks\Inv\Server\Dictdir directory on the Inventory server.

2.
Configure the Dictionary Update policy: a. b. In ConsoleOne, right-click the Server Package; then select Properties. Select Policies > General. The following appears:
Figure 15-16
c.
Enable the Dictionary Update policy.
d. Display the Dictionary Update Policy page by selecting Properties.

e.
(Recommended) If you want the Dictionary Consumer to use the Inventory server in the Roll-Up policy settings as the source for dictionary updates, select Use the Roll-Up Server as the Update Source. If you select this option, select Apply > Close. If you do not select this option, the Dictionary Consumer will use the following settings congured in this policy. Continue with the next step.
x
f.
Do not select this option for a stand-alone server. You must manually congure the following settings of the policy.

15-48
In the Destination Service Object eld, browse to and select your Inventory server, which provides the dictionary updates.
Version 1
g. Select the IP address or DNS name of the Inventory server that provides the dictionary updates. h. (Conditional) If the source Inventory server is on the other side of a rewall, specify the IP address or DNS name and the port number of the proxy server. i. j. Select Apply. Select the Dictionary Update Policy tab. The following appears. Figure 15-18
k. Select Dictionary Update Schedule.
l.
Congure the Dictionary Update Schedule to establish the schedule for running the Dictionary Consumer.
m. Select Apply. n. Select the Associations tab; then select Add.

Version 1
The rst time you enable the Dictionary Update policy, you will be prompted to associate the policy package.
15-49
The policy you congured and enabled earlier will not be in effect until you associate this policy package with an Inventory server or a container. o. Browse to and select the Inventory server or the container that you want to associate the Dictionary Update policy to; then select OK > OK. p. Select Apply > Close.
Note that the Dictionary Update policy congures the Inventory server to receive the software dictionary updates from other Inventory servers.

Exercise 15-2
Congure Workstation Inventory

In this exercise, you congure Workstation Inventory on the DA-ZEN server. You use the following Host computers and VMware virtual machines:
Figure 15-19
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Configure the Database Location Policy Part II: Configure the Workstation Inventory Policy Part III: Configure Workstation Hardware Attributes Part IV: Use Application Launcher to Create a Custom Scanner Part V: Test the Workstation Inventory Configuration

Part I: Congure the Database Location Policy
Do the following:
1.
Stop the Inventory service on the DA-ZEN server; a. b. c. From the DA-ZEN server desktop, open a terminal window (monitor with a seashell icon). Switch to the root user by entering su - and a password of n0v3ll. Stop the inventory service by entering the following: /etc/init.d/novell-zdm-inv stop
2.
From your Host2 computer using the Novell Client, make sure you are logged in to DA-TREE as admin with a password of novell. From your Host2 computer desktop, start ConsoleOne. From ConsoleOne, right-click DA-ZEN Server Package.Policies.slc.da. Select Properties. A Properties of DA_ZEN Server Package dialog appears.
3. 4.
5.
6. 7.
Enable the ZENworks Database policy. Display the Inventory Management page by selecting Properties. In the Inventory database field, browse to and select Inventory Database_DA-ZEN.slc.da; then select OK. Select OK twice. by entering the following: /etc/init.d/novell-zdm-inv start
8.
9.
10. From the DA-ZEN terminal window, start the inventory service

15-52
In order for Workstation Inventory to work properly on your DA-ZEN server, you need to have Samba running.
Version 1
Although the Novell Samba service is installed on DA-ZEN, it needs to be manually started.
11. Start the Novell Samba service by entering the following:
rcsmb start
Part II: Congure the Workstation Inventory Policy
Do the following:
1.
From your Host2 computer in ConsoleOne, right-click SLC Workstation Package.Policies.slc.da. Select Properties. A Properties of SLC Workstation Package dialog appears.
2.
3. 4.
Select the Policies > Windows XP tab page. Enable Workstation Inventory Policy; then select Properties. A Properties of SLC Workstation Package: Windows XP:Workstation Inventory Policy dialog appears.
5.
In the Inventory Service Object DN field, browse to and select Inventory Service_DA-ZEN.slc.da; then select OK. From the Workstation Inventory Policy page, select the Hardware Scan tab. Deselect Enable DMI Scan. You deselect this option because there is no DMI client installed on workstations.
6.
7.
8. 9.
Select the Enable Custom Scanning check box. Select Custom Attribute Editor. A Custom Attribute Editor dialog appears.

Version 1
10. Select Add.
15-53
11. From the Class Name drop-down list, scroll to the bottom of the
list and select Computer System Information.

12. In the Attribute Name field, enter Location; then select Add. 13. In the Attribute Name field, enter Cost; then select Add. 14. In the Attribute Name field, enter Department; then select Add.
The following appears in the Custom Attribute List: Figure 15-20
15. Save the changes by selecting OK twice. 16. From the Workstation Inventory Policy page, select the
Software Scan tab.

17. Under the Software Scanning heading, select the following:

Enable software scan Product Identication Number Product Location
18. Select the Custom Scan Editor button.
A Custom Scan Editor dialog appears.

19. Select Add. 20. Enter the following:

Vendor Name eld: ZENworks Product Name eld: Software Custom Scan Product Version: 7 File Name: Notepad.exe File Size: 66048

15-54
When you finish, select OK twice.
Version 1
22. From the Properties dialog, select the Policy Schedule tab. 23. From the Policy schedule type drop-down list, select Event. 24. From the Run this policy when the following event happens
drop-down list, select User login.

25. Select OK twice.
Part III: Congure Workstation Hardware Attributes
In this part of the exercise, you congure the hardware attributes of the workstation you want scanned. Do the following:
1.
From your Host2 computer in ConsoleOne, right-click WS1--WINXP.Workstations.slc.da. Select Properties. A Properties of WS1--WINXP dialog appears.
2.
3.
Scroll to the right and select the General > Identification tab page. Enter the following:

4.
Location: Ofce Department: SLC Description: select the + key; then in the Extended Editor Dialog enter 1500 and select OK.
5.

Part IV: Use Application Launcher to Create a Custom Scanner
You can implement a custom scanner by having a development organization create one or you can create a custom.ini le in the correct format. In this part of the exercise, you use Application Launcher to generate a custom.ini le instead of creating a custom scanner. Do the following:
1.
From your Host2 computer in ConsoleOne, right-click Apps.slc.da. Select New > Application. A New Application dialog appears.
2.
3.
Make sure that A simple application object (no AOT/AXT/MSI) is selected; then select Next. In the Object Name field, enter SLC Custom Scanner. Select Next. From the Define the following information for the Application object page, select Next. From the Add rules to control availability of this application page, select Next. From the Add user and workstation association page, select Add. Browse to and select Workstations.slc.da; then select OK.
4. 5. 6.
7.
8. 9.
10. Select Workstations within this Container; then select OK. 11. Select the Force Run check box; then select Next.
A Summary page appears.

12. Select the Display details after creation check box; then select

15-56
Finish.
Version 1
A Properties of SLC Custom Scanner dialog appears.

13. Select the Distribution Options > INI Settings tab page. 14. Select Add > File. 15. A WINDIR%\file.ini entry is added to the INI Settings list. 16. Change the default entry name to C:\Zenworks\custom.ini, and
then press Enter.
The custom.ini attributes are case sensitive

17. Make sure that C:\Zenworks\custom.ini is selected; then select
Add > Section.

18. Change the name to START_CIM_OBJECT; then press Enter. 19. Make sure that START_CIM_OBJECT is selected; then select
Add > Value.


Value name: Location Value data eld: %L%
21. Select OK. 22. Select START_CIM_OBJECT; then select Add > Value. 23. Enter the following:

Value name: Cost Value data: %Description%
24. Select OK. 25. Select START_CIM_OBJECT; then select Add > Value. 26. Enter the following:
Value name: Department Value data: %OU%

Version 1
15-57
27. Select OK.
The following appears in the INI Settings list: Figure 15-21
28. Select the Distribution Options > Application Files tab page. 29. Select Add > File. 30. Enter the following:

Source le: \\DA-ZEN\Data\custom.ini Target le: C:\Zenworks\custom.ini
31. Select OK. 32. Select the Distribution Options > Options tab page. 33. Select the Distribute Always check box. 34. Select the Common > File Rights tab page. 35. Select Add. 36. Browse to and select DA-ZEN_DATA\Custom.ini; then select
OK.
37. Select OK.
Part V: Test the Workstation Inventory Conguration
Do the following:
1.

15-58
From your WS1 workstation using the Novell Client, log off and then log in as CKent with a password of novell. When prompted about your connection speed, select No.
Version 1
3.
Wait for a few moments for the inventory to run (no message appears); then from your Host2 computer in ConsoleOne, select the da container. From the ConsoleOne menu bar, select Tools > ZENworks Inventory > Configure DB. A Congure ZENworks Database dialog appears.
4.
5.
In the Choose a ZENworks Database Object field, browse to and select Inventory Database_DA-ZEN.slc.da; then select OK. Select the Apply configuration across sessions check box; then select OK. When prompted that the database was configured, select OK. Right-click WS1--WINXP.Workstations.slc.da. Select Properties. A Properties of WS1-WINXP dialog appears.
6.
7. 8. 9.
10. Scroll to the right and select the ZENworks Inventory >
Minimal Information tab page. Review the information gathered.
If no information is displayed, try shutting down (instead of rebooting) WS1; then start from Step 1 again.
11. Select More Workstation Information.
Review the additional information.

12. When you finish, close the Properties dialog; 13. Reboot WS2 and log in as BWayne; then repeat Steps 8 - 12 for
WS2--WINXP to view the inventory information.

14. When you finish, close ConsoleOne.

15. From the DA-ZEN desktop in the terminal window, shut down
the Novell Samba service by entering the following: rcsmb stop

16. Close the terminal window by entering exit twice.
(End of Exercise)

Objective 3
Run Inventory Reports

You can run reports to gather inventory information from the Inventory database. The Inventory reports are designed using Crystal Reports. You can select from a predened set of report forms to generate a report. You can print or export the reports as desired. Remember that any reports you generate will be empty if you have not congured ZENworks Desktop Management to start populating the Inventory database with the information you want. Before running the inventory reports, ensure that you have installed the appropriate ODBC client. In this objective, you learn the following:

Types of Inventory Reports How to Generate Inventory Reports How to View Inventory Data with Quick Reports How to Export the Inventory Information
Types of Inventory Reports

With ZENworks 7, you can generate the following types of reports:

Hardware Inventory System Configuration Inventory Software Inventory User-Defined Reports

How to Generate Inventory Reports

To generate an Inventory report, do the following:
1.
Select the Inventory report by doing one of the following:
To select the Inventory report from a database object, right-click the database object; then select Reporting. or To select the Inventory report from the ConsoleOne Tools menu, select Tools > ZENworks Inventory > Reporting.
2.
Select the report you want to generate. The description for the report is displayed on the right side of the screen. Specify your selection criteria.

15-62
Version 1
The Scope selection criteria will be enabled only if both ZENworks Desktop Management and ZENworks Server Management are installed on the same machine.\
For example, if you want to view the inventory information of all inventoried workstations, select Workstation as the scope selection criteria. The report will display the inventory information of all inventoried workstations within the congured Inventory database. Based on the type of report you want, you can lter the information. For example, to view all inventoried workstations that have the Windows 2000 operating system, you would select Operating System Listing, specify the selection criteria scope as Both, and the operating system type as Windows 2000. Remember that the selection criteria in the Inventory report is case-sensitive. For example, if you want to know the list of machines whose Distinguished Name is CN=MACHINE1.OU=ENG.O=NOVELL, specify OU=ENG.O=NOVELL as the selection criterion. All the machines whose DN contains OU=ENG.O=NOVELL are included in the Inventory report. However, machines whose DN contains ou=eng.o=novell are not displayed in the Inventory report. If the Reporting dialog box allows wildcards, you can use an asterisk (*) or question mark (?) with all selection criteria. The wildcard characters can be used for character data only.
4.
Select Run Selected Report. A status box appears displaying the progress of the report generation.

Version 1
15-63
When the report is generated, it appears in the viewer. Use the buttons on the toolbar to page through, print, or export the report.
How to View Inventory Data with Quick Reports

In ZENworks 7, Workstation Inventory provides a new tool called Quick Reports to easily retrieve and view the data from the ZENworks Inventory database. Each Quick Report contains a list of inventory attributes and a query that you dene using the Quick Report wizard. You can start the Quick Report Wizard by doing one of the following:
From a database object. Right-click the database object, select ZENworks Inventory, then select Quick Report. From the ConsoleOne Tools menu. Select ZENworks Inventory, then select Quick Report.
If you have already congured the Inventory database, the Quick Report wizard uses that database. To use Quick Reports you need to know how to do the following:

Create a Quick Report View the Data Retrieved by the Quick Report
Create a Quick Report
To create a Quick Report, do the following:

1.

15-64
From ConsoleOne, select Tools > ZENworks Inventory > Quick Report.
Version 1
The Create and Manage Quick Reports page appears: Figure 15-23
2.
Select New.

The Dene Query page appears: Figure 15-24
3.
From the Define Query page, you can configure the query criteria and specify the scope for viewing the data from the inventory database. You can do one of the following:
Use the default query. You can use the default query by selecting Next. The Quick Report is created with the default query: System Identication.Name Matches %

Dene a new query. To dene a new query, do the following: a. Select one of the following options: Workstations. Select this option to view the data satisfying the specied lter conditions for inventoried workstations. If you only have ZENworks Desktop Management installed, this option is enabled by default and the Servers and Both options are unavailable. Servers. Select this option to view the data satisfying the specied lter conditions for inventoried servers. If you only have ZENworks Server Management installed, this option is enabled by default and the Workstations and Both options are unavailable. Both. Select this option to view the data satisfying the specied lter conditions for both inventoried servers and inventoried workstations. If you want to view data for inventoried workstations only, or for inventoried servers only, use one of the other query options. This option is available only if you have both ZENworks Desktop Management and ZENworks Server Management installed.

b.
Change the query options by selecting Edit Query. A Dene Query dialog appears:
Figure 15-25
c.
Review the query and make changes as necessary.
d. Return to the Quick Report-Dene Query page by selecting OK. The Query to Perform pane displays the query you dene.
4.
(Optional) If you want to apply the filter condition defined in the Define Query dialog, from the Define Query page select Enable Filter. This option is available only if you dene the query using any of the following software classes and the corresponding attributes in the Dene Query window:
Software Group:

Software Group File Information Software Group Patch Information File Information Patch Information
Software:


15-68
Version 1
Exclude File Information Disk Usage
5.
Select Next. A Quick Report - Database Fields dialog page appears:
Figure 15-26
Customize the report, by doing the following: a. From the Database Fields list, select the inventory attribute that you want to report. By default, System Identication.Name is selected. You cannot deselect or change the order of this attribute. b. Add the selected inventory attribute to the Selected Fields list by selecting the Add button (a right-pointing triangle). If you select a group attribute, all attributes of the group are added.

Version 1
For example, if you select the Software attribute, the Software attributes such as vendor name, product name, and version are included in the Selected Fields list.
15-69
c.
To add an additional inventory attribute, repeat Steps 1 and 2. You can change the order of the attributes using the up and down arrow buttons.
6.
View the report by selecting View. The data is displayed in the Query Results window.
7.
Save the report by selecting Save and specifying the lename; then select OK.
Only the saved Quick Reports are listed on the Create and Manage Quick Reports page.
x
8.
Select Close.
View the Data Retrieved by the Quick Report
You can view the data retrieved by the Quick Report by doing the following:
1.
From the Create and Manage Quick Reports page, select the Quick Report that you want to view from the list of Quick Reports. You can view only one Quick Report at a time. By default, the list displays all the Quick Reports saved in the ConsoleOne_installation_directory\consoleone\1.2\reporting\ export directory. View a Quick Report residing in another directory, by selecting the Browse icon; then browse to and select the directory.
2.
Select View.

The data is displayed in the Query Results dialog: Figure 15-27
You can perform the following tasks in this dialog:

Export entries to an .xml or a .csv le. Sort the display of entries. View the data in a browser.
When you click View in Browser, the inventory data is exported in the XML format for rendering in the browser. Make sure that the browser, such as Microsoft Internet Explorer or Mozilla Firefox, is the default application associated with the XML format.
Stop the data retrieval process. The Quick Report retrieves the data from the ZENworks Inventory database. You can stop the retrieval process by selecting Stop in the status bar of the Query Results dialog box.

Version 1
The status bar displays the count of machines whose data has been retrieved.
15-71
If you stop the process while the data for a single machine has not yet been completely retrieved, the Query Results dialog box displays the data retrieved until that time, but the status bar does not contain any message. If you stop the process while the data is being retrieved for multiple machines, the status bar displays the count of machines for which the data has been completely retrieved.
Change the order of the columns by dragging and dropping them. Adjust the size of the columns. Select the entries by using the mouse or by pressing Ctrl+A. Copy and paste the entries to the Clipboard by pressing Ctrl+C and Ctrl+V.
How to Export the Inventory Information

You can customize the inventory information you want to export from the Inventory database into a comma-separated value (.csv) or an XML le. You select the inventory components that should be exported, such as the Operating System Name and Version. You can further lter the inventoried workstations whose attributes are exported depending upon the export scope. For example, you can export only those inventoried workstations with a particular processor speed. The Data Export tool exports all inventoried workstations satisfying these query conditions into a .csv or .xml le. If you want to reuse the same data export settings for export, you can save the data export congurations.

To use the Data Export feature, you need to know how to do the following:

Export the Inventory Information View the Data Export Settings
Export the Inventory Information
To export the inventory information do the following:

1.
From ConsoleOne, select Tools > ZENworks Inventory> Data Export. Select Create a New Database Query. This option lets you add a new query that denes the inventory components such as hardware, software, network, and others that you want to export. You can also specify the criteria to limit the inventoried workstations and the database sites to be included in the query. Based on the inventory components and criteria you specify, the inventory information from the database is exported to a .csv or .xml le.
2.
3. 4.
Select Next. Specify the filter conditions for the inventoried workstations: a. Select Edit Query. The Enable Filter option is available for selection only if you dene the query using the software classes and its attributes of one of the following supported categories:
Category 1: Software Group, Software Group File Information, Software Group Patch Information, Software, File Information, and Patch Information Category 2: Exclude File Information Category 3: Disk Usage

Version 1
15-73
The Enable Filter option is not available for selection if the query contains attributes belonging to different categories. For example, a query containing software.name=word, softwaregroup.name=ofce, and diskusage.name=exe. b. (Optional) If you want the results stored in .csv or .xml le to be ltered on the basis of the above query, select the Enable Filter check box. Set the scope for exporting the information from the Inventory database.
If the ConsoleOne snap-ins and the Data Export tool have been installed for both ZENworks Server Management and ZENworks Desktop Management, the Data Export tool allows you to change the scope of exporting the inventory information.
c.
By default, the Workstations option is enabled. The query locates all inventoried workstations satisfying the query expression. If ZENworks Server Management and ZENworks Desktop Management are installed in the same environment, the Workstations, Servers, and Both options are available. When you select Workstations, the query locates all inventoried workstations satisfying the query expression. Choose Both to include all inventoried workstations and inventoried servers satisfying the query expression. d. Review the query that you dene. e.
5.
Select Next.
Select the database fields from the list of database fields; then select Add. If you select a group component, all subcomponents of the group are added.

For example, if you select the Software component group, the subcomponents of Software such as vendor name, product name, and version are added.
6.
Select Next.
View the Data Export Settings
To view the data export settings, do the following:

1.
Save the configurations settings to an .exp file by selecting Save Configuration. Specify the lename for the .exp file, then select Save. The conguration le (.exp) contains settings such as the inventory components you selected and the query formed for ltering the inventoried workstation data export. You create an .exp le to reload the conguration settings and generate the .csv or .xml les at any time.
2.
3. 4.
Select Next. Indicate the machine from where you intend to perform the query by selecting one of the following options:
Perform the Query from This Computer. Runs the data export processing from the workstation computer. This option accesses the Inventory database on the specied database server and exports the data into a .csv or .xml le. Perform the Query on a Remote Server. Runs the data export program from any server that has Workstation Inventory components installed.

Version 1
Running the Data Export program from a server is recommended if you are exporting data from a large database with more than 10,000 inventoried workstations or if you have specied complex queries with more than 20 database elds selected for exporting.
15-75
5.
(Optional) If you want to apply default encoding of the machine to the .csv or .xml file, select Default Encoding. The Default Encoding check box is selected by default. To apply Unicode encoding to the .csv or .xml le, select Unicode Encoding.
x
6. 7.
If you create an .exp le to perform the data export from the local machine but use the same .exp to perform data export from a remote server and want Unicode encoding, you must manually edit the .exp le and set the value of DEExportEncode to UNICODE.
Select Next. Select one the following options:
Export to CSV. Saves the inventory information in a .csv le. Export to XML. Saves the inventory information in a .xml le.
8.
Specify the path and the lename where you want to create the .csv or.xml file. Select Finish.
9.
If the conguration settings are not saved, you are prompted to save the changes. This generates the .csv or .xml le in the specied directory. You can open the .csv le in Microsoft Excel or any other CSV-supported viewer to view the exported data. You can open the .xml le in a XML viewer such as XML Spy.

Exercise 15-3
Generate Workstation Inventory Reports

In this exercise, you generate Workstation Inventory reports from the information gathered in the previous exercise. You use the following Host computers and VMware virtual machines:
Figure 15-28
WS2 WinXP Pro XP2 10.200.200.12
Do the following:

Part I: Configure ODBC Connectivity Part II: Run Reports Part III: Create and View Quick Reports Part IV: Export the Inventory Information

Part I: Congure ODBC Connectivity
Do the following:
1.
From your Host2 computer, insert the Novell ZENworks 7 Product DVD in the DVD drive. From Windows Explorer, browse to and right-click D:\ZEN7_Companion2.iso. Select Daemon-Tools > Mount to E:. When the ZENworks 7 Install dialog appears, close the dialog. From Windows Explorer, double-click E:\Database Drivers\ SybaseODBC.zip. In the left panel, select Extract all files. An Extraction Wizard dialog appears.
2.
3. 4. 5.
6.
7. 8. 9.
Continue by selecting Next. From the Select a Destination dialog, select Browse. Expand My Computer > Local Disk (C:). and select OK.
10. Select Make New Folder; then for the folder name enter Labs 11. Select Next.
The wizard begins extracting the les.

12. When the extraction is complete, select Finish. 13. Copy the Program Files folder in the C:\Labs\Sybase directory
to C:\; then select Yes to All.

14. Double-click C:\Labs\Sybase\Sybase8ODBC.reg; then select
Yes.
15. Select OK.

15-78
16. Remove the Novell ZENworks 7 Product DVD from the DVD
drive.
Version 1
Part II: Run Reports
Do the following:
1.
From your Host2 computer in ConsoleOne, browse to and select slc.da. Select Tools > ZENworks Inventory > Reporting. A Reports dialog appears with an Available Reports list to the left. Expand Hardware Inventory. Select Processor Listing. Select the Show Chart check box; then select Run Selected Report. Wait while the report is generated. After a few moments, a Processor Listing report dialog appears.
2. 3.
4. 5. 6.
7.
From the left pane, expand and select the links to view the information in the report (on the right). From the toolbar at the top of the dialog, select the Export report icon (envelope with a down arrow). An Export dialog appears.
8.
9.
From the Format drop-down list, select HTML 4.0 (DHTML). selected.
10. From the Destination drop-down list, make sure that Disk file is 11. Select OK.
An Export to Directory dialog appears.

12. In the field below the Directory Name field, browse to and select
C:\Labs (leave html in the Directory Name field).

13. Select OK.

Version 1
Close the Processor Listing report dialog and return to ConsoleOne.
15-79
15. Browse to C:\Labs\html and view the files that were created.
Part III: Create and View Quick Reports

1.
From ConsoleOne, select Tools > ZENworks Inventory > Quick Report. Select New. The Dene Query page appears.
2.
3.
Select Next. The Quick Report is created with the default query: System Identication.Name Matches % A Quick Report - Database Fields dialog page appears:
4. 5. 6. 7.
From the Database Fields list, expand the General category. Expand Login Details. Select Current Login User. Add the selected inventory attribute to the Selected Fields list by selecting the Add button (a right-pointing triangle). From the left pane, expand Network. Select IP.
8. 9.
10. Select the Add button.
You can change the order of the attributes using the up and down arrow buttons.
11. To view the report, select View.
A Query Results: DA-ZEN.digitalairlines.com dialog appears.

12. Select View in Browser.

15-80
The information is displayed in a browser window. Close the browser.
Version 1
You are returned to the Query Results dialog

14. Select Close.
Part IV: Export the Inventory Information
To export the inventory information do the following:

1.
From ConsoleOne, select Tools > ZENworks Inventory> Data Export. An Inventory Database Export dialog appears.
2.
Make sure Create a New Database Query is selected; then select Next. A Inventory Database Export (DA-ZEN.digitalairlines.com) Dene Query page is displayed.
3.
Select Edit Query. A Dene Query dialog appears.
4.
Select OK. You are returned to the Inventory Database Export (DA-ZEN.digitalairlines.com) Dene Query page.
5.
Select Next. A Database Fields page is displayed.
6. 7. 8. 9.
From the left pane, expand Software. Select Disk Usage. Select the Add button (a right-pointing triangle). From the left pane, expand Operating System.
10. Select Windows. 11. Select the Add button.

Version 1
Select Next.
15-81
A Summary page is displayed.

13. Select Next.
A Performing the query page is displayed.

14. Make sure that the following options are selected:

Perform the query from this Computer Default encoding
15. Select Next.
A Data Export page is displayed.

16. From the Select an Export Option drop-down menu, select
Export to CSV.
17. To the right of the File Name field, select the Browse button.
A Save window appears.

18. Browse to and select the C:\Labs directory. 19. Name the file MyExport.csv; then select Save. 20. Select Finish. 21. From Windows Explorer browse to the C:\Labs directory. 22. Right-click the MyExport.csv file. 23. Select Open With > Choose Program.
A dialog appears stating that Windows cannot open the le.

24. Select Select the program from a list. 25. Select OK. 26. Select OpenOffice.org1.1.4 from the list. 27. Select OK.
A Text Import - (myexport.csv) dialog appears.

28. In the Separator options section make sure that the following
options are selected:

Separated by Comma
29. Select OK.
An OpenOfce.org1.1.4 window opens and displays the information in a spreadsheet.

30. Close OpenOffice. 31. Close any open windows and ConsoleOne.
(End of Exercise)

Summary
Objective
1. Describe the Role and Function of Workstation Inventory
What You Learned The Workstation Inventory component of ZENworks Desktop Management gathers hardware and software inventory information from the workstations in your enterprise. In this objective, you learned about the following:
Workstation Inventory components Workstation Inventory includes the following components such as the following:

Inventoried workstation Inventory server Inventory database Inventory scanners Inventory server roles Database server
Inventory server roles Your Inventory server can function in a variety of roles:

Stand-alone server Root inventory server Root server with inventoried workstations Intermediate server Intermediate server with database Intermediate server with inventoried workstations Intermediate server with database and inventoried workstations Leaf server Leaf server with database

15-84
Version 1
Objective
2. Congure Workstation Inventory
What You Learned In this objective, you learned how to design and congure a Workstation Inventory deployment by learning how to do the following:

Plan your workstation inventory deployment Install inventory agents on workstations Congure the Inventory Service object Congure Workstation Inventory policies Congure the Roll-Up policy Congure the Database Location policy Congure the Dictionary Update policy
3. Run Inventory Reports
In this objective, you learned about the following:
Types of inventory reports With ZENworks 7, you can generate the following types of reports:

Hardware inventory System conguration inventory Software inventory User-dened reports
How to generate inventory reports How to view Inventory data with Quick Reports How to Export the Inventory information

Exercise Answers
Following are the exercise answers.
Exercise 15-1. (Optional) Plan an Inventory Deployment
The following are answers for the exercise:

Part I: List the Inventory Sites
There is one inventory site in each ofce location.

Part II: Identify the Root Server Location
The root server can be located in Salt Lake City.

Part III: Identify Inventory Server Roles, Database Location, and Upgrade Requirements
Following are the answers for each location.
Salt Lake City

Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory version Requirement DA1 Root Yes
NetWare 6.5 8.7.3 40 GB

15-86
Available hard disk space
Version 1
Inventory Server Available RAM Upgrade requirements (if any)
Requirement 512 MB The server meets the minimum requirements. However, more RAM may be required in a production environment.
London
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory version Available hard disk space Available RAM Upgrade requirements (if any) Requirement DA2 Leaf No
NetWare 5.1 8.0 100 MB 256 MB The server OS must be upgraded to NetWare 6 or 6.5. The server will also need more hard disk space. It should also be upgrade to 512 MB RAM.
New York
Inventory Server Server name Requirement DA3 Leaf

Version 1
Server role
15-87
Inventory Server Attach an inventory database (yes/no) Operating system eDirectory version Available hard disk space Available RAM Upgrade requirements (if any)
Requirement No
NetWare 5.1 8.6 2 GB 128 The server must be upgrade to NetWare 6 or 6.5. It will also at least 512 MB RAM.
New Delhi
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory version Available hard disk space Available RAM Upgrade requirements (if any) Requirement DA4 Leaf No
Windows 2000 Server 8.6 1 GB 128 MB The server must have at least 256 MB RAM installed. It may also need additional hard disk space in a production environment. eDirectory must be upgraded to 8.6.2 or later (8.7.3 recommended).

15-88
Version 1
Tokyo
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory Version Available hard disk space Available RAM Upgrade requirements (if any) Requirement DA5 Leaf No
NetWare 6 8.7 6 GB 1 GB The version of eDirectory running on the sever should be upgraded to 8.7.3 (recommended).
Sydney
Inventory Server Server name Server role Attach an inventory database (yes/no) Operating system eDirectory Version Hard Disk Space Requirement DA6 Leaf No
NetWare 6 8.6 4 GB 512 MB

Version 1
Available RAM
15-89
Inventory Server Upgrade requirements (if any)
Requirement eDirectory must be upgraded on this server. Version 8.7.3 is recommended.
Part IV: Design the Inventory Server Tree
The following is a suggested design for Digital Airlines. Figure 15-29

London
Salt Lake C
kyo
Root Server
Leaf Server
ydney
Inventory Database
Attached Workstations
Attached Workstations

Part V: Create an Implementation Plan
The following is a suggested phased implementation plan.

Phase Phase 1 Implementation Plan Install and run a test site at the Salt Lake City ofce. You might want to start with a small group of workstations. Phase 2 Instruct the administrators in London, New York, New Delhi, Tokyo, and Sydney to set up and test workstation inventory with a small group of workstations. After each test site functions properly with a limited number of workstations, roll out workstation inventory to all workstations in the headquarters and regional ofces. If the inventory cycle in each ofce is running smoothly, change the role of the inventory server at Salt Lake City from standalone to root. The role of inventory servers in all regional ofces must be changed from standalone to leaf. Limit the deployment to one regional ofce a day so you can thoroughly test the links.
Phase 3
Phase 4
Phase 5
For information on planning inventory, see Plan Your Workstation Inventory Deployment on 15-21.


Install and Configure Asset Inventory
SECTION 16
Install and Congure Asset Inventory
In this section, you learn about the Asset Inventory component of ZENworks Asset Management and perform some basic administrative and reporting tasks.
Objectives
1. 2.
Describe the Role and Function of Asset Inventory Install a Standalone Deployment of ZENworks Asset Management Perform Basic Inventory Tasks With ZENworks Asset Management Evaluate the Software Compliance and Usage Components of ZENworks Asset Management (ZAM)
3.
4.

Introduction
Novell ZENworks Asset Management integrates asset inventory, software usage and license reconciliation to provide the most complete, accurate view of software installations and license compliance available. The combination of hardware, software and purchasing data enables you to get a complete view of your IT assets. This ensures license compliance and eliminates software overspending, so you purchase only the licenses your organization needs. While the Workstation Inventory component of ZENworks Desktop Management provides an automated system for collecting and updating hardware and software inventory information, ZENworks Asset Management provides an Asset Inventory component that includes several additional features. ZENworks 7 provides a license code for activating the Asset Inventory component of ZENworks Asset Management. In this objective, we focus on using the Asset Inventory component of ZENworks Asset Management, and then briey review the other ZENworks Asset Management components available when you purchase a license code for the complete product.
For details on administering ZENworks Asset Management, see the Novell ZENworks Asset Management 7 Users Guide (asset_management_users_guide.pdf). The guide is available in a Docs directory on the ZENworks Asset Management 7 CD or on your 3062 Course CD in the ZENworks7_Docs directory.

Objective 1
Describe the Role and Function of Asset Inventory

To describe the role and function of Asset Inventory, you need to understand the following:

Asset Inventory Features ZENworks Asset Management Server Components (Applications) ZENworks Asset Management Client Applications
There are also product demo options available at the ZENworks Asset Management product web site (http://www.novell.com/products/zenworks/assetmanagement/index.html). The product demos offer everything from a quick view of product capabilities to an in-depth Q&A session with a Novell sales engineer.
Asset Inventory Features

Asset management starts with an accurate inventory of IT assets in your organization. Asset Inventory automatically inventories software, hardware and network assets, detailing Linux, Mac and Windows desktops, and Linux, Windows, NetWare and UNIX servers across the enterprise. You get the data you need to ensure license compliance, save on software licensing and support, and fuel all your other critical IT projects, including migrations, lease management, helpdesk, budgeting, planning and asset redeployment. Asset inventory features include the following:
Reporting

Version 1
Comprehensive Web reporting with multiple graphing/display options
16-3
Hundreds of built-in reports and queries Asset history and trend analysis Custom reports and alerts Automatic recognition of tens of thousands of products Discovery of software, hardware and network devices Monthly knowledgebase updates Software-suite recognition Local product recognition for proprietary and legacy products easily added Unlimited user-dened elds for data collection Integrated client push utility Out-of-the-box or customized inventory process Networked-, dial-in- and standalone-device inventories Flexible kick-off options (client, login-script and system policies) Multiple scheduling options Scan-on-demand for real-time inventory of specic devices Integration with ESD and asset management tools Automatic product updates
Recognition

Operation

ZENworks Recognition Technology Looking at the contents of a hard drive for executable les isn't difcult. The hard part is making sense of what's there and resolving issues such as the following:
File header information in executable les is often inaccurate, misspelled or missing altogether. In a Windows environment, executable les aren't the same thing as applications.

16-4
Version 1
The whole point of using an autodiscovery tool is to see what's really on your desktopsnot just a list of irreconcilable executable les. Novell installs and analyzes every application we add to our knowledgebase. We also use skilled, experienced technicians to build accurate and reliable ngerprints for each identied piece of software. Novells patented ZENworks Recognition Technology embedded in Asset Inventory has been proven reliable and accurate for over 14 years on over 10 million desktops.
ZENworks Asset Management Server Components (Applications)

In order to understand how Asset Inventory works, you need to understand the architecture and components of ZENworks Asset Management (ZAM). The major components of ZENworks Asset Management are distributed among several independent applications that provide you with exibility you need to customize ZENworks Asset Management to meet your organizations needs, and let you expand your ZENworks Asset Management system as your enterprise grows.

The following illustrates ZENworks Asset Management architecture: Figure 16-1
Within this architecture, the following server components (applications) work together to perform your ZENworks Asset Management inventories:
Manager. The ZENworks Asset Management Manager application lets you set up your ZENworks Asset Management enterprise, customize it through schedules and collection option sets, and manage it through domains. You also use the Manager to analyze the inventory data through queries and reports as well as edit the data when necessary. In addition, the Manager lets you control who can use ZENworks Asset Management.
Collection Server. The Collection Server is responsible for automatically collecting inventory data according to a particular schedule and collection option set for a particular group of workstations. It also loads the data into the inventory database.

Task Server. The Task Server manages tasks such as database purges, scheduled reports, network discovery, and scheduled Product Recognition Updates (PRUs). Inventory database. The inventory database is a Microsoft Data Engine (MSDE) database, a Microsoft SQL Server database, or an Oracle database in which ZENworks Asset Management stores and maintains the data collected from workstations. File Store. The File Store is a directory on the LAN or on an FTP server that is accessible to all applications and contains non-database files that are necessary to the ZENworks Asset Management system, such as Collector-related files and recognition data. Web Console. The ZENworks Asset Management Web Console is the main access point for all Web-based ZENworks Asset Management features and reports. The Web Console gives you access to your network device inventory data, Web reports, and ZENworks Asset Management Software Compliance. You can access the Web Console directly from a web browser (such as Internet Explorer) or from the Manager.
ZENworks Asset Management Client Applications

You install the following ZENworks Asset Management client applications on workstations that you want to inventory:
Collection Client. The Collection Client runs on a workstation and manages the inventory process on the workstation. It processes information according to instructions received from the Collection Server with which the workstation is associated.

For example, the Collection Client ensures that a collection occurs when scheduled and that any required les are updated (as necessary).
Collector. The Collector gathers hardware and software data from a workstation when instructed by the Collection Client. This inventory data is stored in a workstation inventory le (a le with a .wif extension), which is then automatically loaded into the inventory database by the Collection Server.
Collection Editor. You can configure the Collection Editor to run on a workstation during the inventory process so that the workstation user can review and edit the inventory data gathered by the Collector. You set a collection option in the Manager to control whether the Collection Editor runs during the inventory process.
For basic information about automating the process of installing the client applications on your workstations, see How to Install Client Software on Your PCs or Servers on 16-27. For details, see ZENworks Asset Management Collection Client in the Inventory Preparations book of the ZENworks Asset Management Manager online help.

Objective 2
Install a Standalone Deployment of ZENworks Asset Management

Although you receive a full version of ZENworks Asset Management with ZENworks 7, you are only given a license code for the Asset Inventory component. When you install ZENworks Asset Management, you can do one of the following:
Install an evaluation copy of ZENworks Asset Management In this case, all components of ZENworks Asset Management are installed, but can only be used up to 90 days. All components of the product are no longer functional (including Asset Inventory) after 90 days.
Enter a license code for ZENworks Asset Management You need to purchase the full ZENworks Asset Management package in order to receive this license code.
Enter a license code for Asset Inventory You receive this license code when you purchase ZENworks 7. In this case, only the Asset Inventory component is activated (unlimited usage). The Software Compliance and Usage components are not functional.
You can also leave the license code eld blank during installation, and then enter the license code before 90 days to license the Asset Inventory component. In this objective, you learn how to install a standalone deployment of ZENworks Asset Management using the evaluation copy. This is the version you install in Exercise 16-1.

To perform the installation, you need to know the following:

Standalone vs. Enterprise Deployment System Requirements for a Standalone Deployment Installation How to Install an Evaluation Standalone Deployment of ZENworks Asset Management System Requirements for a Client PC or Server How to Install Client Software on Your PCs or Servers How to Access ZENworks Desktop Management Applications
For details on installing ZENworks Asset Management, see the Novell ZENworks Asset Management 7 Installation Guide (asset_management_installation_guide.pdf). The guide is available in a Docs directory on the ZENworks Asset Management 7 CD or on your 3062 Course CD in the ZENworks7_Docs directory.
Standalone vs. Enterprise Deployment

Novell ZENworks Asset Management provides 2 types of deployments:

Standalone Deployment Enterprise Deployment
Standalone Deployment
The Standalone deployment is the simpler version of ZENworks Asset Management.

All ZENworks Asset Management applications are installed on the same machine and a database server is installed and congured for you. The installation also includes the following related software:

Microsoft Data Engine (MSDE) Microsofts free SQL Server edition Tomcat Java runtime environment (JRE)
You should not install the standalone deployment on a PC or server that already has Microsoft SQL Server installed.
Enterprise Deployment
The Enterprise deployment is the full power ZENworks Asset Management installation. Unlike the standalone version, the Enterprise deployment lets large, highly dispersed organizations distribute the architecture and establish local collection points to increase exibility and scalability. You can install ZENworks Asset Management applications on several different machines, and you can install more than one instance of some applications in order to distribute workload. In an Enterprise deployment, you must provide your own Microsoft SQL or Oracle database server.

For details on installing an enterprise deployment of ZENworks Asset Management, see the Novell ZENworks Asset Management 7 Installation Guide (asset_management_installation_guide.pdf). The guide is available in a Docs directory on the ZENworks Asset Management 7 CD or on your 3062 Course CD in the ZENworks7_Docs directory.
System Requirements for a Standalone Deployment Installation

The computer on which you install ZENworks Asset Management must meet the following system requirements minimum requirements for a Standalone deployment: Table 16-1
Category Hardware Requirements The following are hardware requirements:

Pentium 4 1.4 GHz processor 1 GB of memory 2 GB hard disk storage (plus 2 GB for database expansion) The 2 GB disk space is for a base installation. Additional space is required for expansion over time.
Display Setting
The following are display setting requirements:

A minimum display resolution of 1024 x 768 Small fonts
Operating System
The following are operating system requirements:
Windows 2000 Windows XP Windows Server 2003

16-12
Version 1
(continued)
Table 16-1
Category TCP/IP Connection
Requirements A TCP/IP connection to workstations is required to support automatic inventories. The following are known conicts and limits:
Conicts and Limits
If you are running ZENworks Handheld Management using the default MSDE installation, you cannot run ZENworks Asset Management on the same machine. A standalone deployment can support up to 1000 workstations. Novell does not support standalone deployment installation on a virtual machine.
How to Install an Evaluation Standalone Deployment of ZENworks Asset Management

In this course, you install the evaluation copy of ZENworks Asset Management as a Standalone deployment. To install a standalone version of the evaluation copy, do the following:
1.
Insert the ZENworks Asset Management 7 CD in to the CD-ROM drive. or Start the setup.exe program (top-level directory) from the CD or CD image.

The Welcome dialog for the ZENworks Asset Management Setup program appears: Figure 16-2
2.
Continue by selecting Next. The Software License Agreement dialog appears:
Figure 16-3

3.
Review the license agreement and accept its terms by selecting Yes; then select Next. The Access Product Documentation dialog appears:
Figure 16-4
4.
Access one of the ZENworks Asset Management documentation guides by selecting the appropriate button; then continue by selecting Next. The following documentation guides are available:
Evaluation Guide. Provides a quick, hands-on introduction to ZENworks Asset Management. Installation Guide. Provides comprehensive, step-by-step procedures for all types of installations: standalone deployment, enterprise deployment (including Microsoft SQL Server and Oracle database configuration steps) and upgrades. Users Guide. Provides a complete product reference and covers all aspects of product administration and use.

Version 1
16-15
These documents are also located in the Docs directory of ZENworks Asset Management evaluation CD or CD image.
or Continue by selecting Next. The Choose Installation Type dialog appears: Figure 16-5
5.
Select Install/Upgrade standalone deployment; then select Next.

The Choose Setup Type dialog appears: Figure 16-6
6.
Select Initial Installation; then select Next. The Choose a Method of Product Licensing dialog appears:
Figure 16-7

7.
Select Evaluate ZENworks Asset Management (Expires in 90 days); then select Next. The Choose Destination Location page appears:
Figure 16-8
8.
Accept the default installation folder by selecting Next. or Choose a different installation location by selecting Browse; then select Next.

The Select Program Folder page appears: Figure 16-9
9.
Accept the default program folder by selecting Next. or Enter a new folder name; then select Next.
The program icons appear in the specied folder in the Start menus Programs folder.

The ZENworks Asset Management Services Setup page appears: Figure 16-10
10. Select the ... button; then select a Domain and User Account (or
type in a DOMAIN\User) to be used by the ZENworks Asset Management services to gain access to network resources such as printers. This user account must have administrator rights to the machine on which you are installing ZENworks Asset Management.
x
16-20
If you have problems with the setup program accepting the user account and password information, try disabling simple le sharing (Windows Explorer > Tools > Folder Options > View > Use simple le sharing). For additional information, see TID 10097758 in Novells Knowledgebase.
If you cannot provide valid domain and user account information, you can use the following:
User Account: localsystem
Version 1
Password: (leave blank) Conrm Password: (leave blank)
11. When you finish, select Next.
A message appears asking if you want to congure the default TCP/IP ports that the ZENworks Asset Management modules use. Changing the ports is not recommended unless you have specic needs or port conicts.
Accept the default values (recommended) by selecting No. or Review and edit the port assignments by selecting Yes.
By default, the Collection Server uses 7460, the client applications use 7461, the ZENworks Asset Management Manager uses 7462 and the Task Server uses 7465.
Edit the ports only if you know that other applications are currently using the TCP/IP ports assigned to the ZENworks Asset Management application and you want to change them.

The Microsoft Data Engine Setup dialog appears: Figure 16-11
Accept the default folder for installing Microsoft Data Engine (C:\Program Files\Microsoft SQL Server) by selecting Next. or Browse to and select another folder; then continue by selecting Next.
The setup program begins checking for installed Java 2 SDK and TomCat components.
14. (Conditional) If Java 2 SDK is not found, a dialog appears;
accept the default installation folder by selecting Next.

15. (Conditional) If TomCat v5.0 is not found, a dialog appears;
accept the default installation folder by selecting Next. A Start Copying Files dialog appears with a summary of all the current settings for the installation.

16-22
Version 1
16. Review the settings in the Current Settings list; then begin
copying files by selecting Next. When the installation is complete, a Setup Complete dialog appears: Figure 16-12
17. The following are selected by default:

Yes, I want to launch my Web Console now. Yes, I want to launch my Manager now.
We recommend starting the Web Console to see the kinds of reporting and analysis available in the product. ZENworks Asset Management is congured by default to scan the evaluation machine automatically after the installation process is complete. This means that when you log in to the Web Console, you can see the inventory results from this machine immediately.

For details on launching and logging in to Web Console and Manager, see How to Access ZENworks Desktop Management Applications on 16-31.
18. Close the setup program by selecting Finish.
System Requirements for a Client PC or Server

The computers on which you install the client applications must meet the following minimum requirements: Table 16-2
Category Hardware Requirements The following are hardware requirements:

90 MHz processor 32 MB of RAM 13 MB hard disk storage (plus space for database expansion)
If you plan to run the ZENworks Asset Management Usage Monitor, client machines require the following:
An additional 1 MB of hard disk storage for the application Approximately 20 KB of hard disk storage for each daily log le. The contents of the log les are transferred to the database as part of an inventory cycle.
Display Setting
The following are display setting requirements:

A minimum display resolution of 1024 x 768 Small fonts

(continued)
Table 16-2
Category Operating System
Requirements The following are operating system requirements:

Windows 95/98 Windows NT Windows 2000 Windows XP Windows Server 2003 Windows XP Tablet PC Edition Windows XP Tablet Edition 2005 Windows XP Media Center Edition Mac OS 10.2.4 or newer UNIX/Linux (see Table 16-3) Virtual Machines (see Table 16-4)
TCP/IP Connection
The following are TCP/IP connection requirements:
TCP/IP with LAN
or
TCP/IP connection to the File Store
In order for the client applications to communicate with other ZENworks Asset Management applications, the name of the client machine must resolve to an IP address.
The ZENworks Asset Management Collection Client can be run on the following UNIX/Linux installations: Table 16-3
OS AIX HP-UX Version 4.3 - 5.3 IBM pSeries (RS6000) 10.20 - 11.23 HP PA-RISC (HP9000) 2.6 - 10 Sun SPARC (32- and 64-bit)
VIEW ONLY Solaris NO PRINTING ALLOWED

Version 1
16-25
(continued)
Table 16-3
OS Linux
Version 2.2, 2.4, 2.6 IA32 (x86) The following are supported distributions:

Novell Linux Desktop 8.0 - 9.2 SUSER LINUX 8.0 - 9.2 SUSE LINUX Enterprise 9 Red Hat Linux 6.0 - 9 Red Hat Enterprise Linux 2.1 - 4 Fedora Core 1 - 3 Other distributions with Linux kernel 2.2, 2.4, or 2.6, and glibc 2.1 and later
The following virtual machine applications are discovered by Network Discovery, and can run the ZENworks Asset Management Collection Client (they are not currently supported for running ZENworks Asset Management servers): Table 16-4
Company VMware Applications VMware Workstation VMware GSX Server Microsoft Microsoft Virtual PC Microsoft Virtual Server
The virtual machines for the applications listed are limited to Windows machines. No virtual machines are supported for other platforms.
x
16-26
If a client PC is running personal rewall software (including the rewall installed along with Windows XP SP2), see the system requirements in the Installation Guide for information about opening communication ports.
Version 1
How to Install Client Software on Your PCs or Servers

On a new installation, the most efcient way to install ZENworks Asset Management Collection Client software on the machines you want to scan is through the Remote Client Install Utility.
You can use the Remote Client Install Utility to install client software only on Windows NT/2000/XP machines.
To use the Remote Client Install Utility to install client software, do the following:
1.
From the Tools menu in Manager, select Remote Client Install. The Remote Client Install Utilitys main window appears:
Figure 16-13
2.
In the left frame, browse to and select a computer on which you want to install client software.

3.
Add the computer to the Workstation List by doing one of the following:
From the Edit menu, select Add to Workstation List. or Drag and drop the selected computer to the right frame.
The selected computers appear in the Workstation List: Figure 16-14
4.
Start the installation by doing one of the following:
From the Install menu, select Start Install, or Select the Start Install tool. or Press Ctrl+I.

The Install Settings dialog appears: Figure 16-15
5. 6.
Browse to and select a target collection server. Enter the username and password of a user account on the workstations with administrative rights.
If this user account does not exist for a workstation in the list, an authentication dialog appears before client software installation that lets you enter a username and password for an administrative account on that workstation.
x
7.
When you are ready to begin client software installation on the select workstations, select OK. The Remote Client Install utility installs the client software on each workstation in the order they appear in the list. The status changes to Authenticating, and then Copying Files.

Version 1
16-29
When the status changes to Install succeeded, the installation is complete for that workstation, and the utility starts the authentication and installation for the next workstation in the list until all installations are complete. The ZENworks Asset Management client may also be deployed through other methods, including ZENworks Desktop Management or by using login scripts. See the Managers online help topic Performing Automated Inventories, available from the Inventory Process book, or the ZENworks Desktop Management Administration Guide for more information.
You can use the Network Discovery Engine to perform a network scan and use the results to target PCs or servers for ZENworks Asset Management client software deployments. For more information on using the Network Discovery Engine, see Use the Network Discovery Engine to Discover Devices on Your Network on 16-54.
For the Macintosh platform, install as you would other Macintosh software. For more information on installing the Macintosh client, see the ZENworks Asset Management Installation Guide. After installing the ZENworks Asset Management Collection Client software on each computer, the computers are ready to scan. In fact, as soon as the client software is installed on a machine, it begins collecting data, then checks in with the Collection Server with an update. Within a few minutes of installing client software on a machine, inventory data for that machine is available.

How to Access ZENworks Desktop Management Applications

You use the following ZENworks Asset Management applications to view and manage PC and server information:

Web Console Manager
Web Console
The Web Console is where the majority of ZENworks Asset Management users access the reports and analyses they need to complete projects: Figure 16-16
The console is a web-browser-based interface that provides the following basic features:
Information is presented in an easy-to-use point-and-click format.

Reports allow users to drill down to various levels of detail to access the precise information they need. It contains custom reports and alerts features. It allows users to edit certain information about network devices. It contains all software-compliance functions and reports. It contains Network Discovery Engine reports. It lets users select product-administration functions.
x
Figure 16-17
Not all of these features are available with an Asset Inventory only installation of ZENworks Asset Management).
You can start the Web Console from the Windows Start menu on the computer where you installed ZENworks Desktop Management. A login page appears in the default web browser:
Enter a user name and password. The following are the default user name and password:

User name: entadmin Password: enterprise
You can access the Web Console remotely from another computer by doing the following:

16-32
1.
Start your web browser.
Version 1
2.
In the Location or Address box, enter the following URL (all on one line): http://ZAM_server:8080/rtrlet/rtr?act=network.login& rtyp=login where ZAM_server is the share name or IP address of the ZENworks Asset Management computer. A login dialog appears.
3.

The Web Console home page appears.

4.
Select any of tabs at the top of the right frame, or select Help for more information about the Web Console.
Pop-up blockers may block the Help system. To work around this, you might need to add the Web Console link to your browsers trusted links list or congure your pop-up blocker to allow you to view the Web Console help system.

Manager
The Manager, a Windows application, is the central console from which all product administration functions can be handled: Figure 16-18
You can use the Manager to access the following:
Remote Client Install Utility for deploying the ZENworks Asset Management client Inventory and network discovery configuration and scheduling options ZENworks Asset Management Live product updates Product Knowledgebase (Product Recognition Updates)

16-34
Version 1
Legacy reports and query tool Data input and editing screens Product licensing information
x
Figure 16-19
Not all of these features are available with an Asset Inventory only installation of ZENworks Asset Management).
You can start the Manager from the Windows Start menu on the computer where you installed ZENworks Desktop Management. A login dialog appears:


Exercise 16-1
Install and Congure a Standalone Deployment of ZENworks Asset Management

As the network administrator for the SLC ofce of Digital Airlines, you decide to test ZENworks Asset Management in the lab to evaluate the value of using its features to track hardware, software, and licensing information for all PC workstations (especially Asset Inventory). In this exercise, you use the following Host computers and VMware virtual machines:
Figure 16-20
(crossover cable) Host 1 VMware Virtual Machines Host 2 VMware Virtual Machines WS1 WinXP Pro XP2 10.200.200.11
WS2 WinXP Pro XP2 10.200.200.12
Before you start the exercise, we recommend that you shut down and power off the DA-ZEN virtual server to increase the processing speed when performing tasks on Host1.

To install and congure the evaluation copy of ZENworks Asset Management, do the following:
Part I: Install and Configure ZENworks Asset Management on Host1 Part II: Install the ZENworks Asset Management Client on WS1 and WS2
Part I: Install and Congure ZENworks Asset Management on Host1
Do the following:
1.
From the Host1 computer, insert the Novell ZENworks 7 Product DVD in the DVD drive. From the Host1 computer in Windows Explorer, right-click ZEN7_AssetMgmt.iso; then select Daemon-Tools > Mount to E:. From Windows Explorer, double-click E:\setup.exe. The Welcome page of the Novell ZENworks Asset Management Setup dialog appears.
2.
3.
4.
Continue by selecting Next. The Software License Agreement dialog appears.
5.
Select Yes, I accept all of the terms of this agreement; then select Next. The Access Product Documentation dialog appears.
6.
Continue by selecting Next. The Choose Installation Type dialog appears.
7.
Make sure that Install/Upgrade Standalone Deployment is selected; then select Next. The Choose Setup Type dialog appears.

Version 1
16-37
8.
Make sure that Initial Installation is selected; then select Next. The Choose a Method of Installation dialog appears.
9.
Make sure that Evaluate ZENworks Asset Management (Expires in 90 days) is selected; then select Next. The setup program begins launching the Standalone Deployment Installer. After a few moments, the Choose Destination Location dialog appears.
10. Accept the default location of C:\Program
Files\Novell\ZENworks\Asset Management by selecting Next. The Select Program Folder dialog appears.
11. Accept the default ZENworks Asset Management folder by
selecting Next. The ZENworks Asset Management Services Setup dialog appears. In this dialog, you can enter a user account that has administrator rights to the machine on which you are installing ZENworks Asset Management. You can also enter localsystem for the user account name.

User Account: localsystem Password: (leave blank) Conrm Password: (leave blank)
13. When you finish, continue by selecting Next.
A message appears asking if you want to congure the default TCP/IP ports that the ZENworks Asset Management modules use.

16-38
14. Accept the default ports by selecting No.
The Microsoft Data Engine Setup dialog appears.
Version 1
15. Accept the default folder for installing Microsoft Data Engine
(C:\Program Files\Microsoft SQL Server) by selecting Next. The setup program begins checking for installed components. A Java 2 SDK Setup dialog appears indicating that Java 2 SDK v1.4.2 will be installed.
16. Accept the default folder for installing Java 2 SDK (C:\j2sdk
1.4.2) by selecting Next. A TomCat Setup dialog appears indicating that TomCat v5.0 will be installed.
17. Accept the default folder for installing TomCat v5.0
(C:\Tomcat5) by selecting Next. A Start Copying Files dialog appears with a summary of all the current settings for the installation.
18. Start copying and installing the files by selecting Next.
Setup begins installing Microsoft Data Engine (MSDE), and then begins installing ZENworks Asset Management, Java 2 SDK, Tomcat 5, and other components listed in the summary (this can take several minutes). When installation is complete, a message appears indicating that ZENworks Asset Management has been installed with an evaluation license that expires in 90 days.
19. Continue by selecting OK.
The setup program begins launching components such as the collection server, task server, and collection client. After a few moments, the Setup Complete dialog appears.
20. Make sure that the following options are selected:

Yes, I want to launch my Web Console now. Yes, I want to launch my Manager now.

Version 1
Close the setup program and start Web Console and Manager by selecting Finish.
16-39
A Web Console Login page appears in Internet Explorer, and a Log Onto ZENworks Asset Management Database dialog appears. The Log Onto ZENworks Asset Management Database dialog is the login dialog for Manager. You log in to Manager later in the exercise. For now, lets log in to Web Console and view the information collected from Host1 during installation.
22. From the system tray on the Host1 computer, right-click the
Daemon Tools icon (the lightning bolt); then select Virtual CD/DVD ROM > Unmount all drives.
23. Remove the Novell ZENworks 7 Product DVD from the drive. 24. From the Internet Explorer window on the Web Console Login
page, enter the following:

25. When you finish, select Submit. 26. (Conditional) If an AutoComplete dialog appears asking if you
want Windows to remember the password, continue by selecting No. The ZENworks Asset Management Web Console home page appears.

Notice that there are several tabs (such as Home and Reports Inventory|Usage) to the right: Figure 16-21
27. Select the Reports Inventory|Usage tab.
The Reports Inventory|Usage page appears: Figure 16-22

Version 1
From the left pane, you can select and expand the following information categories: System List, Reports, and Custom Reports.
16-41
From the right pane, you can select different views of the data.
28. In the right pane, from the System Group drop-down list, select
Inventory Type; then select Submit.

29. In the left pane, expand System List > All Inventory Types;
then select Workstation. You expand a title in the left pane by selecting the plus sign (+), instead of selecting the title. A system list appears in the right pane with an entry for Host1: Figure 16-23
After installing all the ZENworks Asset Management components, the setup program automatically scans the local system for information and adds it to the database.
30. From the right pane, select the HOST1 machine name link.
A detail page for the Host1 workstation appears.

31. Scroll down through the information and note the various
categories (such as Hardware, Software, and Hot Fixes).

32. Try selecting one or more links in the details page to drill down
to additional information.
33. When you finish, log out of Web Console by selecting LOG
OUT (top of the page). A page appears indicating that you have successfully logged out of Web Console.
34. Close the Internet Explorer window.

Part II: Install the ZENworks Asset Management Client on WS1 and WS2
With ZENworks Asset Management installed on the Host1 computer, you are ready to install the client components on WS1 and WS2. Although you can install the client remotely on workstations by using tools such as ZENworks Desktop Management (or a login script), the most efcient way to install the client software on the machines you want to scan is by using the Remote Client Install utility from Manager. To install the client software on WS1 and WS2 using Remote Client Install, do the following:
1. 2.
Log out of WS1. From WS1 using the Novell client, select Workstation only; then log in as Student with a password of novell. Log out of WS2. From WS2, select Workstation only; then log in as Student with a password of novell. For a remote client installation to work properly, simple le sharing needs to be turned off on all workstations on which the client will be installed.
3. 4.
5.
Turn off simple file sharing on WS1 and WS2: a. b. c. From the WS1 workstation desktop, open Windows Explorer. From the menu bar, select Tools > Folder Options. A Folder Options dialog appears. Select the View tab; then in the Advanced settings list, scroll down and deselect Use simple le sharing (Recommended).

Version 1
d. Select OK; then close Windows Explorer.
16-43
e.
6.
Repeat Steps a through d on the WS2 workstation.
From the Host1 desktop in the The Log Onto ZENworks Asset Management Database dialog, enter the following:

7.
When you nish, select OK. After a few moments, the ZENworks Asset Management Manger dialog appears. At the bottom of the dialog, notice that the Collection Servers tab is selected, and that the default collection server status is started:
Figure 16-24
8.
(Conditional) If the collection server displays a status other than Started (such as Stopped), do the following before continuing: a. Select Start > Control Panel > Administrative Tools > Services. A Services dialog opens. b. Scroll down to the bottom of the local services list and check the status of the following services:

ZENworks Asset Management - Collection Client ZENworks Asset Management - Collection Server ZENworks Asset Management - Task Server
c.

16-44
(Conditional) If any of the services are stopped, right-click the service and select Start.
Version 1
d. When you nish, close the Services dialog and the Administrative Tools dialog.
9.
From the Manager menu bar, select Tools > Remote Client Install. A ZENworks Asset Management - Remote Client Install dialog appears. From the left pane, you select the workstations on which you want to install the client software. The right pane is a list of the workstations with status reporting to let you know when the installation is complete.
10. From the left pane, expand Entire Network > Microsoft
Windows Network > 3062workgroup. A list of computers in 3062workgroup appear, including WS1 and WS2.
11. Select Ws1; then select Edit > Add to Workstation List. 12. Select Ws2; then select Edit > Add to Workstation List.
Both workstations appear in the right pane (the workstation list) with a status of Not registered.
13. Select Install > Start Install.
An Install Settings dialog appears.

14. Select the collection server:
a.
To the right of the Target Selection Server eld, select the browse (...) button. A Select Collection Server dialog appears. From the Available Collection Servers list, expand Enterprise > Default Domain Name. Select Default Server Name; then select OK. You are returned to the Install Settings dialog.
b. c.

15. Under the Authentication heading (bottom of the dialog), enter
the following:

Username: Student Password: novell
The Remote Client Install utility begins installing the client software on WS1. Messages such as Authenticating and Copy Files appear in the Status column to keep you updated on the installation. When the installation is complete on the WS1 workstation, an Install succeeded message appears in the Status column, and the utility begins installing the client software on WS2.
17. When installation is complete for both workstations, close the
Remote Client Install dialog. You are returned to the Manager dialog. Lets start the Web Console from Manager and view the scanned inventory information for WS1 and WS2.
18. From the left pane, select the Report tab (a bar graph). 19. Expand Web Console; then select Start Web Console.
Notice that the Web Console home page appears immediately. You do not have to log in, as you are already logged in to Manager as an administrator.
20. From the right pane, select the Reports Inventory|Usage tab. 21. In the right pane, make sure that Inventory Type is selected. 22. In the left pane, expand System List > All Inventory Types;
then select Workstation.

Notice that the system list now includes information for WS1 and WS2: Figure 16-25
This information was gathered and stored in the database as part of the client software installation.
23. From the right pane, select the WS1 link.
A detail page for the WS1 workstation appears. Notice that there are links under the information at the top of the page that take you directly to an information category.
24. Select an information category link (such as Software) to view
the data collected for WS1.

25. Try selecting one or more links in the details page to drill down
to additional information.
26. When you finish, redisplay the system list by selecting the
Workstation link (left pane); then select the WS2 pane (right pane).
27. Explore the information gathered for the WS2 workstation. 28. When you finish, log out of Web Console by selecting LOG
OUT (top of the page). A page appears indicating that you have successfully logged out of Web Console. Close the Internet Explorer window.

Version 1
16-47
30. From the Host1 desktop, close the Manager dialog by selecting
File > Exit.

(End of Exercise)

Objective 3
Perform Basic Inventory Tasks With ZENworks Asset Management

After installing the evaluation copy of ZENworks Asset Management, you need to know how to do the following to perform the basic tasks necessary to evaluate the status of the PCs and servers on your network:

View Inventory Data From the Reports Tab in Web Console Perform Basic Administrative Tasks With the Manager Use the Network Discovery Engine to Discover Devices on Your Network Use Novell ZENworks Asset Management Software Compliance
View Inventory Data From the Reports Tab in Web Console

From the Reports tab in Web Console, you can do the following:

View Inventory Data Scan PCs on Demand
View Inventory Data
Novell ZENworks Asset Management (ZAM) automatically conducts an inventory of the ZAM server after installation. To view the inventory data:
1.
Start the Web Console (see How to Access ZENworks Desktop Management Applications on 16-31 for details). Select the Reports/InventoryUsage tab.

Version 1
2.
16-49
3.
In the right frame from the System Group drop-down list, select Inventory Type; then select Submit. In the left frame, expand System List > Inventory Type > Workstation folder. In the right frame, display a workstation detail report by selecting the workstation name. Basic workstation information is displayed with links below the information.
4.
5.
6.
Select one of the following links to display an additional detail report:

Hardware Software Hot Fixes Logical Drives Network Drivers History
Below the Systems List in the left frame is a Reports folder, which contains a set of folders containing standard Web Console inventory and usage reports
7.
Browse through any of these reports to get a sense of the power of ZENworks Asset Management. The following special software reports are available:
Antivirus details. Shows not only the installed antivirus software and version but also the virus engine and denition details. As part of our monthly Knowledgebase updates, Novell tracks this information for the top antivirus vendors.

16-50
By category. Shows the software on the selected workstation, organized by categories and subcategories assigned by Novell in our Knowledgebase.
Version 1
Microsoft products. Shows a summary of the Microsoft applications installed on the selected workstation, and organized into the groups Microsoft uses to conduct and report audit results.
After performing subsequent scans, you can see software application usage and history data in the reports. Reports can be displayed in PDF format for printing, saving and sharing. Graphs are displayed in PDF format. Report output can also be exported to Excel or as a comma-separated value (CSV) le. To review the capabilities of the ZENworks Asset Management Usage Monitor, check out the Application Usage folder in the Reports InventoryUsage tabs Reports folder.
Since the ZENworks Asset Management Usage Monitor is enabled as part of your evaluation software, you might notice that the Compliance Report includes several columns for software usage information. In order to collect accurate application usage information, you must re-scan the evaluation machine and other PCs and servers that you have previously scanned.
Scan PCs on Demand
You might want to scan a PC immediately rather than waiting for the next collection cycle. From the Reports tab, you can view a list of machines and select a set of machines you want to scan immediately by doing the following:
1.
From Web Console, select the Reports tab. In the left frame, do one of the following:

Version 1
2.
Expand the System List tree
16-51
or
Display one of the reports in the Systems category of the Reports tree.
3.
Continue expanding and selecting until you view a list of workstations with the workstation name in the left column. A Select for Scan link appears at the bottom of the right frame.
4.
For each workstation in the list, select Select for Scan. For each workstation in the list, a check box appears.
5.
Select the check box for each workstation you want to scan. You can also select the check box in the Select column heading to select or clear the check boxes for all workstations.
6.
Select Scan Selected Workstations. The selected workstations are moved to the head of the Collection Servers scan queue, and scanning begins within a few minutes.
Perform Basic Administrative Tasks With the Manager

You can use the Manager to update the ZENworks Asset Management software and Knowledgebase (Product Recognition Updates), control inventory schedules and options, deploy client software to target PCs, and conduct network discoveries. The following are some of the basic administrative tasks you can perform with the Manager:

Update ZENworks Asset Management Software View and Change Inventory Schedules View and Change Inventory Options Scan a Group of PCs

16-52
Version 1
Update ZENworks Asset Management Software
To update ZENworks Asset Management software, do the following:

1.
From the Administration menu, select ZENworks Asset Management Live Update. A ZENworks Asset Management Live Update dialog appears.
2.
Select Download/Update Now. A progress window appears, showing the status of the update. The updates may take a while; all inventory processes will be stopped as the updates are applied.
3.
After the updates have been applied, refresh your inventory data.
View and Change Inventory Schedules
To view and change inventory schedules, do the following:

1.
From the Managers left frame, select the Management tab; then expand Public Collection Schedules. View and change scheduling options by double-clicking Default Schedule. You can congure separate schedules for groups of PCs and servers across your enterprise.
2.
3.
For detailed help, press F1.
View and Change Inventory Options
To view and change inventory options, do the following:

1.

Version 1
From the Managers left frame, select the Management tab; then expand Public Collection Options Sets.
16-53
2.
View and change collection options by double-clicking Default Option Set. You can congure separate option sets for groups of PCs and servers across your enterprise.
3.
For detailed help, press F1.
Scan a Group of PCs
To scan PCs other than the current ZENworks Asset Management server, you must install ZENworks Asset Management client software on each machine you want to scan. The client software does the following:
1.
When the machine starts up, it checks in with its designated Collection Server. If the Collection Servers schedule for that PC or server calls for it, a scan is initiated. Once the scan is complete, the machine connects to the Collection Server and uploads its collected data.
2.
3.
Use the Network Discovery Engine to Discover Devices on Your Network

You can use the Network Discovery Engine (NDE) to scan your network, selected subnets, or an IP address range and collect information about active workstations, routers, printers, and other hardware devices connected to your network. To use the NDE to discover devices on your network, you need to know the following:

16-54
SNMP and WMI Configuration How to Start a Network Discovery
Version 1
How to Display Network Discovery Reports
SNMP and WMI Conguration
In order to collect certain information from network devices, PC, and servers through the Network Discovery Engine (NDE), make sure you meet the following requirements:
Rights and permissions for WMI For WMI to work properly, the ZENworks Asset Management server login must have Administrator permissions for the machine you are scanning, and Windows PCs must have WMI enabled in order to collect certain details. You are prompted to enter this account during the installation process.
Provide a Simple Network Management Protocol (SNMP) community name You might need to specify a Simple Network Management Protocol (SNMP) community name to grant read-only access to network devices. ZENworks Asset Management uses a default community name (public) and then tries other community names you provide. After the installation, you can access Network Discovery Engine options in the ZENworks Asset Management Manager under the Network Discovery > Options menu.
Enable SNMP and Windows Management Instrumentation (WMI) To get detailed information from PCs on your network through the NDE, SNMP and WMI must be enabled on target machines.

How to Start a Network Discovery
To start a network discovery, do the following:

1.
From the Managers left frame, select the Management tab; then expand Public Network Discovery Tasks. Double-click Default Network Discovery Task. From the Subnet tab, select one of the following to scan:

2. 3.
Local subnet A range of IP addresses A set of subnets
We recommend that you limit your initial Network Discovery to one or two subnets, as each subnet can take 20 to 40 minutes to scan.
4.
After selecting the network segment to be scanned, select the General tab; then set the schedule for the network to be scanned by selecting Schedule. From the drop-down list, select Immediately; then select OK. The network discovery process starts.
5.
6.
To view the status of the Network Discovery, select the Task tab at the bottom of the Manager window.
How to Display Network Discovery Reports
When the network discovery is complete, you can browse the collected data in the Web Console by doing the following:
1. 2. 3.
Start the Web Console. Select the Network Discovery tab. In the left frame, view a list of devices grouped by type by expanding Device List.

16-56
Version 1
4.
(Conditional) If you want to change the device grouping and subgrouping, do the following: a. b. In the left frame, select Device List. In the right frame, change the Group By and Sub-Group By values; then select Submit.
In addition to the Device List, you can review the reports available in the Reports and Custom Reports folders in the left frame. You can also select the ZENworks Asset Management Client Status report to see lists of Windows workstations that have the ZENworks Asset Management Collection Client installed and of those that do not.
Use Novell ZENworks Asset Management Software Compliance

ZENworks Asset Management Software Compliance lets you track license purchases and reconcile them to discovered products. It also lets you do the following:
Analyze application usage in conjunction with licenses and installations Allocate purchased licenses to departments, costs centers, sites. and individual PCs or servers Establish and enforce organization-wide software standards
The following are some basic administrative tasks you can perform with ZENworks Asset Management Software Compliance:

Display the Discovered Products List Import and Enter Purchase Records Reconcile Products Display Your Compliance Status

Version 1
16-57
Allocate Licenses Manage Software Standards Use the Admin Tab
Although you can test the Software Compliance component of ZENworks Asset Management using the evaluation copy, to implement this component in a production environment, you need to purchase the complete version of ZENworks Asset Management.
Display the Discovered Products List
The ZENworks Asset Management Knowledgebase not only provides you with accurate software inventory data, but also provides a license view of this information in ZENworks Asset Management Software Compliance. The license view is generated by using the software products in the ZENworks Asset Management inventory and then ltering the data through the license portion of Novells Knowledgebase. This process accomplishes the following:
Consolidates related versions, service releases, and language versions of a minor release level (such as 3.1) into a single product. Excludes products, such as browsers and viewers, that do not have license compliance implications. Distinguishes between software suites and related components so they are counted properly for license compliance purposes.

16-58
For example, if a PC has Ofce XP Professional installed, the underlying components are ignored for reporting purposes. On the other hand, if one or more of the components is discovered on a PC and the related suite is not, the components are reported.
Version 1
To display the license view of the software inventory, do the following:

1. 2. 3.
Launch Web Console from a web browser. Select the Software Compliance tab. From the Discovered Products menu, select Reconcile to License Record. This is your software inventorya list of all products discovered on the workstations youve set up to scan. This list is ltered through the License Knowledgebase, so that only the products recognized as requiring license tracking are shown.
4.
From the Installed Quantity column, continue making selections until you see a list of workstations that have a particular product installed. Select the workstation name to see the distinction between the full software inventory and the license view.
5.
Import and Enter Purchase Records
Novell ZENworks Asset Management Software Compliance lets you record software purchases and reconcile this information to discovered products. The basis for establishing license proof of ownership is the transaction itself where key information such as date, reseller, purchase order and invoice is tied directly to compliance status reports. There are two ways to enter purchasing data into Software Compliance:

Import. You can use a tab-delimited text file as a source to import purchase data. You can also use preconfigured reseller connectors to import purchase records available from select resellers. See Web Console help for details on reseller connectors and import le formats.
Input. You can also enter purchase transactions through the user interface by doing the following:
1. 2. 3.
From the Purchase Records menu, select Add Purchase. Enter the purchase records header information. From the lower left of the right frame, select Choose Product. From the lower left of the right frame, select Add New Product. Purchased products are stored as unique Catalog Products.
4.
5. 6.
Enter information about the product; then select Next. Enter purchase information for the product; then select Done.
Now that you have created a Purchase Record entry and a Catalog Product entry, you can associate a Discovered Product to this Purchased Product (such as Product Catalog) by creating a License Record and reconciling it to both the Discovered Product and the Purchased Product.
Reconcile Products
The best way to reconcile Discovered Products to Catalog Products is to use the Auto-reconcile feature.

16-60
Do the following: From the License Records menu, select Auto-reconcile.
Version 1
2.
From the bottom of the page, select Start Auto-reconcile.\ A list of proposed License Records is generated based directly on Discovered Products, and matching Catalog Products are suggested based on text matching. If no Catalog Products are listed with the License Records, no matches were found.
3.
To create one or more License Records and reconcile them to Discovered Products in one step, select the check box to the left of a product (or select Select All); then select Create Licenses.
You can also create License Records manually and then reconcile them to Discovered Products by doing the following:
1. 2. 3. 4.
From the License Records menu, select Add License Record. Enter information about the License. Select Reconcile to Catalog Product. Select the appropriate product from the catalog; then select Done. Select Reconcile to Discovered Product. From the Discovered Products list, select the appropriate product; then select Done.
5. 6.
The License Record is now complete. It has both a Catalog Product and a Discovered Product tied to it, and it can be used for tracking compliance for this license.
Display Your Compliance Status

Version 1
After you have scanned at least one PC, entered a purchase record, added a license record, and reconciled the Purchased Product to a Discovered Product, you can view the compliance status results by doing the following: From the Reports menu, select Compliance Report.
16-61
The license you created is displayed in the report along with the License Quantity and the Installed Quantity,
2.
Display supporting license transactions and related PC information by selecting License Quantity or Installed Quantity.
Because the ZENworks Asset Management Usage Monitor is enabled as part of the evaluation software, you might notice that the Compliance Report includes several columns for software usage information. In order to collect accurate application usage information, you must re-scan PCs and servers that you have previously scanned.
Allocate Licenses
Purchasing and installing software is not the end of the license-tracking story. You might need to move licenses between machines, departments, or sites. ZENworks Asset Management lets you allocate licenses to departments, cost centers, sites, or individual PCs. Allocations are designed to help you evaluate your licensing strategy by asking (and answering) questions such as

Who should have the software installed? Why am I allocating a license if its not used or installed?
To use ZENworks Asset Management to manage License Allocations, do the following:

1.
From the License Records menu item, select License Allocation > Allocation Workstation. Select a License Record by selecting the name of the License.

16-62
2.
Version 1
A message appears indicating that no demographic allocations have been selected.

3. 4.
Choose a demographic by selecting Options; then select OK. Allocate the license from the current License Record to one or more individually scanned PCs or servers by selecting Add Workstations (bottom of the License Allocation Worksheet). In the Find Workstations to Allocate Licenses page, enter the search criteria; then select Search. Select one or more PCs or servers; then select Done. You have now allocated licenses to the selected PCs or servers.
5.
6.
7.
View a License Allocation report from the Reports menu item, by selecting License Allocation > Current Allocations.
Manage Software Standards
To use ZENworks Asset Management to manage software standards do the following:

1.
From the Discovered Products menu item, select Manage Software Standards. A list of all Discovered Products is displayed. Unlike in the License View, all products are listed here, even those that have no license implications, so you might want to categorize these as well.
2.
Define one or more standards categories.
You can dene as many standards categories (such as Standard, Non-Standard and Policy Exception) as you need and assign one or more products to each.
VIEW ONLY your organization according to your standards policies. NO PRINTING ALLOWED
By dening categories, you can report the software discovered in
16-63
Use the Admin Tab
If you have Enterprise Administrator or Enterprise Assistant privileges, you can use the Admin tab to do the following:
Add, edit, and delete ZENworks Asset Management users and change their privileges. Edit and delete local products (such as user-defined or in-house applications).

Exercise 16-2
Perform Basic Asset Inventory Tasks with ZENworks Asset Management Web Console and Manager
After installing the evaluation copy of ZENworks Asset Management, you decide to test some of the Asset Inventory features using the following Host computers and VMware virtual machines:
Figure 16-26
WS2 WinXP Pro XP2 10.200.200.12
In this exercise, you do the following:

Part I: Create a User Account for CKent using Web Console Part II: Verify the CKent User Account Options Part III: Use Manager on Host1 to Scan the DA-ZEN Server Part IV: Use Manager to View the Results of the DA-ZEN Server Scan

Before starting the exercise, from Host1 make sure you are logged in to DA-ZEN as admin with a password of novell.
Part I: Create a User Account for CKent using Web Console
Do the following:
1.
From the Host2 computer desktop, open Internet Explorer; then enter the following URL: http://host1:8080/rtrlet/rtr A Web Console Login page appears.
2.
From the Web Console Login page, enter the following:

User Name: entadmin Password: enterprise
3.
When you finish, select Submit. The ZENworks Asset Management Web Console home page appears.
4.
Select the Admin tab. The Admin page appears:
5.
At the bottom of the right pane, select the New User link. An Add a User dialog appears.
6.
Enter the following information:

User Name: CKent Password: novell Password Again: novell Role: Enterprise Analyst

For complete information on ZENworks Asset Management User Roles, refer to ZENworks Asset Management User Roles on page 30 of the Novell ZENworks Asset Management 7 User Guide (asset_management_users_guide.pdf). You can access the guide from http://www.novell.com/documentation/zenworks7/pdfdoc/am7admin/a m7admin.pdf or from the ZENworks7_Docs directory on your 3062 Course CD.
7.
Select Submit. A User Details for CKent page appears.
8.
To the right of Network Discovery Tab heading (middle of the page), deselect Tab Access. At the bottom of the page, select the Update User Details link. OUT (top of the page). A page appears indicating that you have successfully logged out of Web Console.
9.
10. When you finish, log out of Web Console by selecting LOG
Part II: Verify the CKent User Account Options
Do the following:
1.
From the Internet Explorer menu bar, select View > Refresh. A message appears stating that the page cannot be refreshed without resending the information.
2.
Continue by selecting Retry. The Web Console Login page appears.
3.

Version 1
Enter a user name of CKent with a password of novell; then select Submit.
16-67
The ZENworks Asset Management Web Console home page appears. Notice that the CKent user does not have access to the Network Discovery and Admin tabs.
4.
From the top of the Web Console page, select OPTIONS. A Web Console Options dialog appears.
5.
From the Default Login Tab drop-down list, make sure Software Compliance is selected. Select Update. You are returned to the Web Console page.
6.
7.
From the Internet Explorer menu bar, select View > Refresh; then select Retry. The browser refreshes and you are returned to the Software Compliance page.
8.
Log out of Web Console by selecting LOG OUT (top of the page). A page appears indicating that you have successfully logged out of Web Console.
Part III: Use Manager on Host1 to Scan the DA-ZEN Server
ZENworks Asset Management lets you collect inventory data from Novell servers. However, they can only be scanned manually from ZENworks Asset Management Manager, and only a ZENworks Asset Management administrator can scan a Novell server manually. The amount and type of data that is collected from a Novell server is essentially the same as that collected from a Windows machine.

16-68
Version 1
To scan a Novell server, do the following:

1.
From the Host1 desktop, select Start > All Programs > ZENworks Asset Management > Manager. A Log Onto ZENworks Asset Management Database dialog appears.
2.

3.
When you nish, select OK. After a few moments, the ZENworks Asset Management Manger dialog appears.
4.
From the menu bar, select Tools > Scan Novell Server Now. A Scan Novell Server Wizard dialog appears.
5.
From the Welcome to the Scan Novell Server Wizard page, select Next. A Select Collection Server page appears.
6.
From the Available Collection Servers list, expand Enterprise > Default Domain Name. Select Default Server Name. Continue by selecting Next. A Select Novell Server page appears.
7. 8.
9.
From the Novell Server to Scan list, expand Network > NetWare Services > NetWare Servers.
10. Select DA-ZEN. 11. Below the Novell Server to Scan list, make sure Run the
Collection Editor is selected.

Version 1
12. Continue by selecting Next.
16-69
A Select Volumes page appears with all available volumes listed and selected for scanning.
13. Scan all volumes by selecting Next.
A Review Settings page appears.

14. Review the settings and begin scanning by selecting Next.
ZENworks Asset Management starts scanning the DA-ZEN server. As the scan is processing, a DA-ZEN - ZENworks Asset Management Collection Editor dialog appears.
15. From the bottom of the dialog, make sure the User tab is selected,
then enter the following information:

First Name: Clark Last Name: Kent Email: CKent@digitalairlines.com
16. Select the Workstation tab. 17. Enter the following information:

Site: SLC Building: Building A Floor: 4
18. Browse through the information on the Inventory and Process
tabs, then save the information and continue by selecting the Save and Exit button (top of the Property list). ZENworks Asset Management continues scanning the DA-ZEN server. When the scan is complete, you are returned to the Scan Novell Server Wizard dialog.
19. From the Completing the Scan Novell Server Wizard page, select

16-70
Finish.
Version 1
Part IV: Use Manager to View the Results of the DA-ZEN Server Scan
1.
From the left pane of the Manager window, select the Report tab. In the left pane, expand ZENworks Asset Management Reports > Workstation > Detail. Double-click Workstation Detail. A Congure Report - ZENworks Asset Management: Workstation Detail dialog appears.
2.
3.
4.
Select Submit. A Submit Report dialog appears.
5.
Make sure Screen is selected, then continue by selecting OK. After a few moments, a Workstation Detail window appears.
6. 7.
From the button bar, select the Toggle Group Tree button. From the left pane, select DA-ZEN. A Workstation Detail report for DA-ZEN appears in the right pane.
8. 9.
Expand the windows and review the report. When you finish, close the Workstation Detail window. You are returned to the Congure Report - ZENworks Asset Management: Workstation Detail dialog.
10. Close the dialog by selecting Close.
You are returned to the ZENworks Asset Management Manager window.

11. Close Manager by selecting File > Exit.

Version 1
(End of Exercise)
16-71
Objective 4
Evaluate the Software Compliance and Usage Components of ZENworks Asset Management (ZAM)
Although you can only activate the Asset Inventory component of Novell ZENworks Asset Management with the license code you receive with ZENworks 7, its important to understand the complete set of features available when you purchase a license code for the full version of ZENworks Asset Management. Besides Asset Inventory, ZENworks Asset Manager also includes the following components:

Software Compliance Usage
There are also product demo options available at the ZENworks Asset Management product web site (http://www.novell.com/products/zenworks/assetmanagement/index.html). The product demos offer everything from a quick view of product capabilities to an in-depth Q&A session with a Novell sales engineer.
Software Compliance
Novell ZENworks Asset Management provides a web-based view of your compliance status. Inventory data is combined with purchase and license records and presented in a single, comprehensive, integrated license view that shows software as licensed. Software compliance includes the following:
License Tracking

16-72
Purchase-data importing to reduce manual entry
Version 1
Automatic accounting for new purchases of reconciled products Reseller connectors (including SHI and SoftChoice) Automatic reconciliation between purchased and discovered products Software inventory linked to proof of purchase and installations Drilldown capability from compliance reports to underlying purchases and installations Softwarestandards management (standard, nonstandard and policy violation) Reports that integrate license, installation and usage data Licenses allocated to site, department, cost center or individual workstations
Reconciliation
Software Asset Management
Software Compliance Reports

Software Compliance reports bring together information about your software purchases and inventory in a way that lets you quickly access information, as in the following example: Figure 16-27
Usage
Novell ZENworks Asset Management provides visibility into desktop application usage trends and details. Reports indicate which products and types of software are used by whom or, more importantly, which are not used at all. You can maintain compliance while purchasing and supporting only the licenses you really need. Usage reports also help you set and maintain corporate standards and watch for use of rogue applications such as hacker tools, peer-to-peer software and more.

The following is an example of an application usage report sorted by product: Figure 16-28
The following are key usage features of ZENworks Asset Management:

Reports on locally installed and server-based applications Application run-time tracking (both foreground and background applications) Identification of unused, seldom-used and frequently used applications User and device information, even multi-user devices, associated with application usage Aggregated views of usage levels across departments and sites Reports on application use and nonuse over time Extensive drilldown query capability

Version 1
16-75
Summary
Objective
and Function of Asset Inventory
What You Learned To describe the role and function of Asset Inventory, you learned about the following:

Asset Inventory features ZENworks Asset Management server components (applications) ZENworks Asset Management client applications
2. Install a
Standalone Deployment of ZENworks Asset Management
When you install ZENworks Asset Management, you can do one of the following:
Install an evaluation copy of ZENworks Asset Management Enter a license code for ZENworks Asset Management Enter a license code for Asset Inventory
Although you receive a full version of ZENworks Asset Management with ZENworks 7, you are only given a license code for the Asset Inventory component. To install a Standalone deployment of ZENworks Asset Management (evaluation copy), you need to know the following:

Standalone vs. Enterprise deployment System requirements for a Standalone deployment Installation How to install an evaluation Standalone deployment of ZENworks Asset Management System requirements for a client PC or server

Objective
2. Install a
Standalone Deployment of ZENworks Asset Management (continued)
What You Learned
How to install client software on your PCs or servers How to access ZENworks Desktop Management applications
3. Perform Basic
Inventory Tasks With ZENworks Asset Management
After installing the evaluation copy of ZENworks Asset Management, you need to know how to do the following to perform the basic tasks necessary to evaluate the status of the PCs and servers on your network:
View inventory data from the reports tab in Web Console Perform basic administrative tasks with the Manager Use the Network Discovery engine to discover devices on your network Use Novell ZENworks Asset Management software compliance
4. Evaluate the
Software Compliance and Usage Components of ZENworks Asset Management (ZAM)
Although you can only activate the Asset Inventory component of Novell ZENworks Asset Management with the license code you receive with ZENworks 7, its important to understand the complete set of features available when you purchase a license code for the full version of ZENworks Asset Management. Besides Asset Inventory, ZENworks Asset Manager also includes the following components:

Software Compliance Usage


Novell ZENworks 7 Desktop Management NetWare Server Installation
APPENDIX A
Although the Novell ZENworks 7 Desktop Management Administration course focuses on installing Desktop Management components on a Novell Open Enterprise Server (OES) Linux server, your production environment might require use of a NetWare server. The following helps you understand how to install the Desktop Management back end and middle tier services on a NetWare server:
How to Install ZENworks Desktop Management Back End Services on a NetWare Server How to Install ZENworks Desktop Management Middle Tier Services on a NetWare Server

Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. A-1
How to Install ZENworks Desktop Management Back End Services on a NetWare Server
To use ZENworks, you must install back end services. Back end services are the core services in ZENworks Desktop Management that provide various management functions.
For details on hardware and software requirements, pre-installation tasks, and determining the back end services you want to install, see Install ZENworks 7 Desktop Management on 1-1.
To install the ZENworks 7 Desktop Management back end services, on a Netware server, do the following:

Install the ZENworks Desktop Management Server Perform Post-Installation Configuration Tasks Verify That the ZENworks Desktop Management Services Work Properly
Install the ZENworks Desktop Management Server

When you have met the hardware and software requirements and prerequisites for installation, do the following to install the Novell ZENworks 7 Desktop Management back end services (also called the Desktop Management Server) a NetWare server:
1.
Select a Windows 2000/XP workstation to run the Desktop Management Server installation program. At the Windows workstation, insert the Novell ZENworks 7 Desktop Management CD into the CD drive.
2.

A-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Version 1
The winsetup.exe program autoruns, as shown in the following: Figure A-1
If winsetup.exe does not autorun, launch the program from the root of the CD.
x
3.
If you remove the Novell ZENworks 7 Desktop Management CD from the CD drive during the installation, or if you lose your connection to the server you are installing to, the installation program will stop. To terminate the installation process, in the Windows Task Manager select Processes > Javaw.Exe > End Process.
Select Desktop Management.

The following appears: Figure A-2
4.
Select your language.

From this page, you can choose to extend the schema before you actually install the new Desktop Management product, or you can choose to extend the schema as part of the installation procedure. If the network environment where you want to install the Desktop Management Server is a large tree, you might want to extend the schema and let the eDirectory tree stabilize before you actually install the new Desktop Management product. In addition, if you extend the schema prior to installing, you will only be required to supply your ZENworks license once. If you extend the schema as a part of the component installation, you will need to supply your ZENworks license each time a subsequent component is installed.

Version 1
Start the Desktop Management Server installation wizard by selecting Desktop Management Services.
A-5
6. 7. 8.
Read the installation review; then select Next. Read the License Agreement; then select Accept > Next. On the Installation Requirements page, read the requirements for installing the Desktop Management Server software and make sure that the server youre installing to meets those requirements. When you finish, select Next. The following appears:
9.
Figure A-4
10. From the Tree Selection page, browse to and select the
eDirectory tree where you want to install the Desktop Management Server.
11. (Conditional) If you have not already extended the schema for

A-6
this installation, select Extend Schema to extend the schema on the tree where you will be installing Desktop Management Server software.
Version 1
You need to extend the schema on a tree only once. You can authenticate to a tree by selecting the Login button and entering a user ID and password for a user with the appropriate rights to extend the schema (such as Admin).
12. When you finish, select Next. 13. From the ZENworks Desktop Management Licensing page,
enter the license code that was emailed to you as part of the SmartCert product registration package. If you do not specify a license code on this page, the wizard considers this installation of ZENworks Desktop Management to be an evaluation version. If you install an evaluation copy, you will be reminded to license the product at periodic intervals. After 90 days, the product evaluation version no longer functions.

15. From the Server Selection page, select Add Servers; then
browse to and select the servers where you want to install Desktop Management Server software, as shown in the following: Figure A-6
You can only select servers from the tree you selected. You can install up to 7 servers at a time.
16. On the now-populated Server Selection page, specify the
services you want to install, then select Next. The list of settings includes the following:
Local Workstation. You have the option of installing Desktop Management Services snap-ins to your local workstation by selecting Desktop Management Service Snap-Ins under the Local Workstation option. ConsoleOne must be installed on the workstation before the snap-ins can be added.

Desktop Management Services. Desktop Management Services are commonly used les and programs that enable the conguration and distribution of workstation applications and policies, and are referred to as the Desktop Management server or back end services. These services provide automatic management of Windows applications, user and workstation congurations, processes, and behaviors.
Application Management. Select this option to install software that enables the automated distribution, healing, and tracking of applications, updates, and patches. Workstation Management Common Components. Select this option to install workstation-resident modules that are used to authenticate the user to the workstation and network, and are used to transfer conguration information to and from eDirectory. Remote Management. Select this option to install the ZENworks Wake-On-LAN service which is responsible for implementing scheduled wake-up on LAN. Additional Options. If you want to customize your deployment of Desktop Management Services, there are a number of services to choose from, each with a specialized purpose. These include the following:
Desktop Management Database. Select this option if you want to install a network database to be used by the Novell Application Launcher as a repository for data about application events (install, launch, cache, and so forth) that have occurred. Inventory Database. Select this option if you want to install a network database to be used by Workstation Inventory as a repository for hardware and software inventory information collected from inventoried workstations.

Version 1
A-9
Inventory Server. Select this option if you want to install files and programs to enable the gathering and viewing of hardware and software inventory information for managed workstations. If the selected servers have the Server Inventory component of ZENworks for Servers 3.0.2 or earlier installed, you must upgrade the component to ZENworks Server Management. Inventory Proxy Server. Select this option if you want to install a proxy service that enables the rollup of inventory scan data to a Workstation Inventory server located across a network firewall. Make sure that the selected servers do not have the ZENworks for Servers 3.0.2 or earlier Workstation Inventory component already installed. Imaging Server. Select this option if you want to install a Linux imaging environment to be used to create, store, send, or restore workstation image files to a workstation.
You should install the Imaging Server service and the PXE Server service on the same server. Do not install the PXE Server service separately.

A-10
PXE Server. Select this option if you want to install Preboot Execution Environment (PXE) protocols and programs to be used by the server to communicate with a PXE-enabled workstation and to enable sending imaging tasks to that workstation. When you install Preboot Services, one of the components that is installed is the Proxy DHCP server. If the standard DHCP server is on the same server where you are installing the Proxy DHCP server, you must set option tag 60 in DHCP services.
Version 1
Workstation Import/Removal Server. Select this option if you want to install files and programs that add workstation objects into eDirectory where they can be managed to receive applications or computer settings. Desktop Management Services Snap-Ins. Select this option if you want to install additions to ConsoleOne to enable you to launch Desktop Management tools and utilities, to view Desktop Management object property pages in eDirectory, and to browse and configure those objects.
17. If you want the installation program to verify that the server or
servers meet the installation requirements for ZENworks Desktop Management Services, make sure the Prerequisite Check check box is selected. The installation program checks the version of the server's network operating system (including any required service or support packs), the presence and version of the Novell Client (4.9 SP1a) on Windows servers and on the installing workstation, and the presence and version of ConsoleOne (1.3.6x). If the server operating system and support/service packs are not the correct version, the installation displays a warning message and will not continue until the required software is installed and detected or until you deselect the check box.
18. When you finish, select Next. 19. From the Warning Screen, select OK.

20. (Conditional) If you selected Workstation Inventory or Remote
Management, the File Installation Location page appears: Figure A-7
Do the following: a. Select one or more target servers in the Selected Servers list; then browse to and select the volume or drive where you want the Workstation Inventory or Remote Management les installed. The default is SYS: for NetWare servers and C: for Windows servers. b. When you nish, select Next.

21. (Conditional) If you selected Inventory Database or Desktop
Management Database, the following appears: Figure A-8
Do the following: a. Select a previously designated server in the left pane; then in the Database Path eld, browse for or type in the name of the volume or drive where the database le will be installed.
While SYS: is the default volume, we recommend that you do not use SYS: on NetWare servers. The database le can become quite large.
x
b.

22. (Conditional) If you selected Inventory Server and Inventory
Database, the following appears: Figure A-9
Do the following: a. If you want the installation program to automatically create the Server Package and the Database Location policy within the Server Package and start the Inventory Service on the server, select Congure Standalone, Browse to and select the container where you want to create and congure the Server Package containing this policy; then select Next.
b.

23. From the Inventory Proxy Service Configuration page, select the
server and a port you want to designate to allow XMLRPC requests pass through to the Inventory Proxy service.
24. In the Proxy Port field, enter the port you want to use (the default
port is 65000).

26. On the Summary page, review the list of components will be
installed.
27. If the summary is correct, start the installation by selecting
Finish. Wait while the schema is extended.

28. When prompted that the schema has been extended, select OK.
Wait while the les are copied.

29. When prompted that the Desktop Management Services have
been started on your server, select OK. When the installation is complete, you can review following log les located in the \novell\zfdtemp directory on the workstation you are installing from:

A-16
Version 1
Installation log file (datestamp_timestamp_zdmserver_install.log) You can use this le to identify any components that might have failed to install. An example of an installation log lename would be 20040304_024034_zdmserver_install.log.
Installation summary log file (datestamp_timestamp_zdmserver_installsummary.log) You can use this le to review the selections you made during installation. An example of an installation summary log lename would be 20040304_024034_zdmserver_installsummary.log.
Perform Post-Installation Conguration Tasks

After installing ZENworks Desktop Management there are several conguration changes you should make to ensure optimal support in your environment. These include the following:
Create and configure a search policy to reduce tree walking during the policy search process. This task is discussed in detail in Section 2 Describe and Congure Search Policies on 2-8.
Configure the launcher configuration settings for the containers where users and workstations exist. This task is discussed in detail in Section 7 Congure Novell Application Launcher on 7-38.
Modify your DHCP configuration if necessary. ZENworks may require DHCP modification for two reasonsspecifying a Middle Tier server and specifying that the server is both a DHCP and Proxy DHCP server. To use the Middle Tier server, the Desktop Management Agents on your workstations must be congured with the IP address or DNS name of the Middle Tier server.

Version 1
A-17
One of the easiest ways to make this happen is to do the following to congure a DHCP option that delivers the Middle Tier servers IP address to your workstations:
1.
From your administrative workstation in a web browser, enter the following URL to access iManager: https://your_server_IP_address/nps/ iManager.html.
2. 3.
Log in as admin. Configure the DNS/DHCP scope for the current session: a. b. c. Expand the DHCP role and select DNS/DHCP Scope Settings. In the Context eld, enter the context where your DNS/DHCP Locator object resides in the tree. In the Administrative Scope eld, enter the context where your DHCP objects reside in the tree, as shown in the following:
Figure A-12
d. When you nish, select OK. e. When prompted that the settings have been congured, select OK.

4.
Create the Middle Tier server DHCP option: a. b. c. From the Roles and Tasks frame in iManager, select DHCP > Global DHCP Conguration. In the drop-down list, select View/Set Global Preferences; then select OK. From the Global DHCP Options page, select Next > Next > Next to display the following:
Figure A-13
d. Scroll to the bottom of the screen and select Add. e. f. From the DHCP Option Code drop-down list, select 100. From the Data Syntax drop-down list, select String.
g. In the Description eld, enter ZENworks. h. When you nish, select OK > Done > OK.
5.
Configure the Middle Tier DHCP option: a. From the Roles and Tasks frame in iManager, select Global DHCP Conguration.

Version 1
A-19
b. c.
From the drop-down list, select View/Set Global Preferences; then select OK. In the Global DHCP Options page, select Modify.
d. In the Available DHCP Options eld, scroll down to and select 00100 ZENworks; then select Add. e. f.
6. 7.
In the IP Address eld, enter the IP address or DNS name of your Middle Tier server. Select Done > Next > Next > Next > Done > OK.
Unload and then reload Dhcpsrvr.nlm on your server. Renew the DHCP leases on the users workstations.
Once your DHCP server is congured, the IP address of your Middle Tier server should be automatically delivered each time users boot their workstations.
Configure the ZENworks Inventory Service object and the policies that are required to create your inventory hierarchy. This task is discussed in detail in Section 15 Congure the Inventory Service Object on 15-34.
Configure the ZENworks Automatic Workstation Import policy and import server location method so that workstations can be imported. This task is discussed in detail in Section 4 Implement Automatic Workstation Import (AWI) on 4-8.

Verify That the ZENworks Desktop Management Services Work Properly

After you have completed your conguration, you should verify that all of the expected services were loaded on the server. To do this press Ctrl+Esc on your NetWare server and verify that the following screens are listed:

ZENworks Automatic Workstation Import ZENworks Automatic Workstation Removal Sybase Adaptive Server AnyWhere 8.0.2 ZENworks Imaging Server ZENworks Inventory ZENworks Wake-On-LAN Service
You should also enter the modules command at the server console prompt to verify that the following Preboot Services components are loaded:

PDHCP.NLM TFTP.NLM DTS.NLM

Exercise A-1
Install ZENworks Desktop Management Back End Services

In this exercise, you install the back-end services of ZENworks Desktop Management server. This server hosts all of the services necessary to manage the workstations. You use the following Host computers and VMware virtual machines:
Figure A-14
(crossover cable) Host 1 VMware Virtual Machines DA-ZEN NetWare 6.5 SP2 10.200.200.250 Host 2 VMware Virtual Machines
Before starting the exercise, make sure that the DA-ZEN_NetWare virtual machine is running on Host1 using VMware Workstation 5 or VMware Player. The DA-ZEN_NetWare virtual machine les are on the DA-ZEN VMware Server DVD included in your 3062 student kit. Do the following:

Part I: Install ZENworks Back End Services Part II: Verify That the Back End Services are Running

Part I: Install ZENworks Back End Services
To install ZENworks 7 Desktop Management, do the following:

1.
Unload JAVA on your DA-ZEN_NetWare virtual server by entering the following 2 commands from the server console prompt: JAVA -KILLALL JAVA -EXIT
2.
From your Host2 computer, login to your DA-ZEN_NetWare virtual server as admin.slc.da with a password of novell. Insert the Novell ZENworks 7 Product DVD in the Host2 DVD drive. From Windows Explorer, display the contents of the DVD. Right-click ZEN7_DesktopMgmt.iso; then select Daemon-Tools > Mount to E:. From Windows Explorer, display the contents of (E:); then double-click winsetup.exe. From the ZENworks 7 Install dialog, select Desktop Management. Select your language. Launch the Desktop Management Server installation wizard by selecting Desktop Management Services. A ZENworks Desktop Management Server Installation dialog appears
3.
4. 5.
6.
7.
8. 9.
10. From the ZENworks Desktop Management Server Installation
page, select Next.

11. Read the License Agreement, then select Accept > Next. 12. From the Installation Requirements page, select Next.

Version 1
A Tree Selection page appears.
A-23
13. In the Tree field, enter DA-TREE. 14. Make sure that Extend eDirectory Schema is selected; then
select Next. A message appears indicating that the selected tree already contains the schema extension for this product.
15. Re-extend the schema by selecting Yes. 16. From the Server Selection page, select Add Servers.
An Add Server dialog appears.

17. From the left pane, browse to and select DA-ZEN.slc.da; then
select >>.
18. Select OK. 19. Select the Additional Options check box. 20. Verify that Prerequisite Check is selected; then select Next. 21. (Conditional) If a message appears warning you about upgrading
ZENworks 3.x systems, continue by selecting OK.

22. To the right of the Installation Volume/Drive field, select the
Browse button. A Select Server Volume dialog appears.

23. Select DATA; then select OK.
You are returned to the File Installation Location page.

24. Select Next. 25. To the right of the Database Path field, select the Browse button.
A Select Server Volume dialog appears.

26. Select DATA; then select OK.
You are returned to the Database Installation Location page.

A-24
27. Select Next.
From the Inventory Standalone Configuration page, select Next.
Version 1
29. From the Inventory Proxy service Configuration page, select
Next.
30. From the Installation Summary screen, select Finish.
A message appears indicating that the schema extension was successful.

Wait while les are copied. This could take as long as 15 minutes.
32. When prompted that the Desktop Management Services have
been started on your server, select OK.

33. When prompted to view the log file, select No. 34. Close the WINSETUP.EXE window.
Part II: Verify That the Back End Services are Running
The nal step is to ensure that the installed Back End services are running on the DA-ZEN_NetWare server. Do the following:
1.
From your DA-ZEN_NetWare virtual server, press Ctrl+Esc; then verify that the following screens are listed:

ZENworks Wake on Lan Service ASA 8.0.2 (4339) - 10.200.200.250 ZENworks Workstation Import ZENworks Imaging Server ZENworks Workstation Removal

2.
Display the server console; then enter the following commands to verify that the Preboot Services are loaded:

m pdhcp m tftp m dts m zenpxe
You are nished installing and verifying the ZENworks 7 Desktop Management back end services.
(End of Exercise)

How to Install ZENworks Desktop Management Middle Tier Services on a NetWare Server
To congure ZENworks 7 Desktop Management to support workstations that do not have the Novell Client for Windows or that are outside the rewall you need to install the ZENworks Middle Tier server.
For details on the Middle Tier hardware and software requirements, see Install ZENworks 7 Desktop Management on 1-1.
To install the Middle Tier server on a NetWare server, do the following:

Gather the Information Necessary for the Installation Install the ZENworks Middle Tier Server Configure Security (Optional) Verify That the Middle Tier Server Works Properly
Gather the Information Necessary for the Installation

Before you can install the Middle Tier server, you need to gather the following information:
IP address and/or DNS name of the Back End authentication server. During the installation of the Middle Tier server you are prompted for the DNS name or IP Address of a server that will be used to authenticate the users that are logging in through the Middle Tier. This server must be a NetWare, Windows, or Linux server running Novell eDirectory.

Version 1
Context where users to be managed exist. When users authenticate through the Middle Tier server they typically use only a username with no context required.
A-27
To allow contextless logins, the Middle Tier server performs an LDAP search at a container you specify to determine the location of the user in the tree. You need to know the parent container where the users that you want to access ZENworks services reside.
Middle tier proxy user account information. The Middle Tier proxy user is used to perform the LDAP lookup. This user must have read rights to the CN attribute and write rights to the zendmWSNetworkAddress attribute for the context you specify as the user context. In addition, these rights should be congured as inheritable.
Type of servers you expect ZENworks application and policy files to be stored on. The platforms that you are planning to store your application and policy files on will determine the platform(s) you can use for your Middle Tier server. If you have only NetWare servers that are being used as a le storage location, then your Middle Tier server can be either Windows or NetWare. If you plan to access les on Windows servers or Linux Samba servers then you must use a Windows Middle Tier server.
Install the ZENworks Middle Tier Server

After you have met the pre-installation requirements and have gathered the necessary information, you can install the Middle Tier server by doing the following:
1.
Select a Windows 2000 or XP workstation to run the Middle Tier server installation program. This system must have the Novell Client 4.9 SP1a or later installed, and it must not reside on the other side of a NAT router from the Middle Tier server.

A-28
Version 1
2.
Start the winsetup.exe program. Insert the Novell ZENworks 7 Desktop Management CD in the workstations CD drive. The Winsetup.exe program will normally autorun. If the program does not autorun, launch it from the root of the CD.
3. 4.
Select Desktop Management. Select your language. The following appears:
Figure A-15
5.
Start the Middle Tier server installation program by selecting Middle Tier Server.

6.
Review the details regarding the Middle Tier installation; then select Next.

7.
Accept the License Agreement by selecting Accept; then select Next.

8.
From the Installation Requirements page, review the requirements for installing the Middle Tier server software; then select Next.

9.
From the eDirectory Location and Credentials page, enter the following:
DNS/IP Address. This is the DNS name or IP address of the server where eDirectory is installed. Username (full DN). This is the fully-qualied distinguished username of the Middle Tier proxy user account. The Middle Tier server uses the proxy user account to access the tree. The rights assigned to this object are the rights the Middle Tier Server has to the tree.

Version 1
While you can use an existing user account, such as your admin user, Novell recommends that you create a new user with specic administrative rights.
A-33
Password. This is the eDirectory password for the Middle Tier proxy user.
11. From the ZENworks User Context page, enter the eDirectory
context where the Middle Tier server locates user objects for Desktop Management. This value is passed to the ZENworks Middle Tier server, which uses it as a starting point when searching for a user. For this reason, you should use the context of the highest-level container in your tree below which user objects reside.

A-34
For example, if users exist in many subcontainers, specify the context of the container that holds all of those subcontainers.
Version 1
When a user logs in through the ZENworks Middle Tier server, the server begins searching for a user in the designated eDirectory container. The server then searches subcontainers in that container until the correct user is found.
13. From the ZENworks Files Location page, select the type of
servers that hold files; then select Next. If you indicate that some les are stored on Windows servers, you must enter domain administrator credentials for the domain.
14. From the Server Selection page, select Add Servers.

15. Browse to and select the server you want to use as the Middle
Tier server.
16. To make sure that the prerequisites have been met, select the
Prerequisite Check check box. This option veries that the server or servers meet the installation requirements for ZENworks Middle Tier servers by checking the following:
The version of any previously installed Middle Tier server software The server's network operating system (including any required service or support packs) The presence of an appropriate Web server The presence of NetStorage (2.6.0) on target servers

If the server operating system or support packs are not the correct version, the installation displays a warning message, but can continue the installation. If other requirements are not met, the installation displays a warning and does not continue until the required software is installed.
18. From the Summary page, begin the installation process by
selecting Finish.
19. When prompted, reboot the server.

20. (Optional) When the installation is complete, you can check the
following log files located in the c:\novell\zfdtemp directory on the workstation you are installing from:
Installation log le (datestamp_timestamp_zdmmidtier_install.log) This log le indicates whether any component failed to install.
Installation summary log (datestamp_timestamp_zdmmidtier_installsummary.log) This log le contains a list of the selections you made during installation.
Congure Security (Optional)

If you will be placing the Middle Tier in the DMZ and using it to support users on the Internet, we recommended that you congure the Middle Tier to support HTTPS connections. To congure HTTPS connection support, do the following:
1.
Create a certificate signing request and then send the request to a Certificate Authority. This could be either a trusted CA or your own organizational CA. Use NSADMIN to ensure that the certificate used by the Middle Tier is the one issued for this purpose. If the certificate was not issued by a trusted CA make sure that you distribute the trusted root certificate to the Computer Store on each workstation that needs to communicate with the Middle Tier in a secure fashion.
2.
3.

Verify That the Middle Tier Server Works Properly

To make sure that the Middle Tier server is running and functioning properly, try accessing the following URLs in a web browser:
http://Middle_Tier_Server_DNS_or_IP/oneNet/xtier-stats If the Middle Tier is running. then the URL displays a web page with server statistics similar to the following:
Figure A-24
http://Middle_Tier_Server_DNS_or_IP/oneNet/xtier-login If the Middle Tier is functioning properly, entering this URL should prompt you for credentials. Enter your eDirectory username and password. When you select OK, you should see an XML document with an error code of 0 and the fully distinguished name of the user.
http://Middle_Tier_Server_DNS_or_IP/oneNet/zen If the ZENworks components of the Middle Tier are functional, entering this URL should display a web page indicating that ZENworks is running on the Middle Tier.
http://Middle_Tier_Server_DNS_or_IP/oneNet/wsimport

If the ZENworks components of the Middle Tier are fu.ncitonal, entering this URL should display a web page indicating that XWSIMPORT is running on the Middle Tier.

Exercise A-2
Install the ZENworks Middle Tier Services

Most of the workstations at the Digital Airlines ofce in Salt Lake City run Windows XP with the Novell Client for Windows. However, some Windows XP workstations do not have the Novell Client installed. To support ZENworks 7 services on workstations without the Novell Client installed, you need to install and congure a ZENworks Middle Tier server. In this exercise, you use the following Host computers and VMware virtual machines:
Figure A-25
(crossover cable) Host 1 VMware Virtual Machines DA-ZEN NetWare 6.5 SP2 10.200.200.250 Host 2 VMware Virtual Machines
Do the following:

Part I: Prepare for the Middle Tier Installation Part II: Install the Middle Tier Server Part III: Verify That the Middle Tier Server Works
VIEW ONLY Tier server that can be used to provide ZENworks services to NO PRINTING workstations without a Novell Client. ALLOWED
At the end of this exercise, you should have a ZENworks Middle
A-41
Part I: Prepare for the Middle Tier Installation
Prior to installing the Middle Tier you must do the following:
Determine the platform that ZENworks files will be located on. In the Digital Airlines network environment this is exclusively NetWare servers.
Determine the context of the users in the tree that should be able to access resources through the Middle Tier. In the Digital Airlines environment this is all of the users in the tree.
Create an account that can be used by the Middle Tier when performing LDAP contextless login searches and when updating the network address information on the user object at login time. In this part of the exercise, you create a user that can be used by the Middle Tier installation, and you grant rights to BWayne to administer the Middle Tier.
Do the following:
1.
On your Host2 computer, make sure you are logged in to DA-ZEN as admin.slc.da with a password of novell. Start ConsoleOne by selecting the ConsoleOne icon. Right-click the ZEN.da container; then select New > User. Enter the following:

2. 3. 4.
Username: ZDMMidTierUser Surname: ZENworks
5. 6.
When you finish, select OK. Enter a password of n0v3ll twice; then select Set Password. Right-click the DA container; then select Trustees of this Object.

A-42
7.
Version 1
8. 9.
Select Add Trustee. Browse to and select the ZDMMidTierUser.ZEN.da user object; then select OK. button.
10. Select [All Attribute Rights]; then select the Delete Property 11. Select Yes. 12. Select Add Property; then select the Show all properties check
box.
13. Scroll down to and select the CN attribute; then select OK. 14. Select the Inheritable check box (leave default properties
checked); then select Add Property.

15. Select the Show all properties check box. 16. Scroll down to and select the zendmWSNetworkAddress
attribute; then select OK.

17. Select the following attributes (leaving default properties
checked):

Write Inheritable
18. Select OK twice. 19. Right-click ZDMMidTierUser.ZEN.da; then select Trustees
of this Object.
20. Select Add Trustee. 21. Browse to and select BWayne.Users.slc.da; then select OK. 22. Select Add Property. 23. Scroll down to and select Equivalent to Me; then select OK. 24. Select the Write check box (leave defaults checked); then select

Version 1
OK twice.
A-43
BWayne now has rights to administer the Middle Tier because he is security equivalent to the user that the Middle Tier is authenticating as.
You now have everything you need to successfully install the ZENworks Middle Tier server.
Part II: Install the Middle Tier Server
With the information gathered and the pre-requisites met you are now ready to install the ZENworks Middle Tier server. For this course, you use the DA-ZEN virtual server as both the Middle Tier and Back End server. To install the ZENworks Middle Tier server, do the following:
1.
Insert the Novell ZENworks 7 Product DVD in the Host2 DVD drive. From Windows Explorer, display the contents of the DVD. Right-click ZEN7_DesktopMgmt.iso; then select Daemon-Tools > Mount to E:. From Windows Explorer, display the contents of (E:); then double-click winsetup.exe. From the ZENworks 7 Install dialog, select Desktop Management. Select your language. Select Middle Tier Server. A ZENworks Middle Tier Server Installation dialog appears.
2. 3.
4.
5.
6. 7.
8.
From the Welcome page, select Next. From the License Agreement page, select Accept; then select Next.

A-44
Version 1
10. From the Installation Prerequisites page, select Next.
An eDirectory Location and Credentials page appears.


DNS / IP Address: da-zen.digitalairlines.com. Username (full DN): ZDMMidTierUser.ZEN.da Password: n0v3ll
A ZENworks User Context page appears.

13. In the User Context field, enter DA; then select Next. 14. From the ZENworks Files Location page select Next.
A Server Selection page appears.

15. Select Add Servers.
An Add Servers dialog appears.

16. From the left pane, select DA-ZEN.slc.da; then select >>. 17. Select OK.
You are returned to the Server Selection page.

18. Make sure Prerequisite check is selected, then select Next. 19. From the Installation Summary page, select Finish.
The Middle Tier software is installed.

20. When the completion message appears, select OK. 21. Skip viewing the log file by selecting No. 22. Close the WINSETUP dialog. 23. Reboot the DA-ZEN server
a.
From the DA-ZEN virtual server, press Ctrl-Esc. Switch to the System console prompt and enter RESTART SERVER.

Version 1
b.
A-45
c.
Wait while the server reboots
You have completed installing the ZENworks Middle Tier services on DA-ZEN.
Part III: Verify That the Middle Tier Server Works
After installing the Middle Tier server, it is important that you verify that the Middle Tier server is functioning properly. Do the following:
1. 2.
From your Host2 computer, start Internet Explorer. Enter the following URL: http://midtier.digitalairlines.com/oneNet/xtier-stats A table with statistical information about the Middle Tier appears.
3.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/xtier-login A login dialog appears.
4.
Log in by entering the following and selecting OK:

User Name: BWayne Password: novell
An XML document with the fully distinguished name for BWayne appears.
5.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/nsadmin The NetStorage Administration page appears.

A-46
6.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/zen
Version 1
A page appears indicating that XZEN is running in the middle tier.

7.
Enter the following URL: http://midtier.digitalairlines.com/oneNet/wsimport A page appears indicating that XWSImport is running.
8.
Close Internet Explorer.
If the appropriate pages appears, you have a functional Middle Tier server.
(End of Exercise)


Linux Fundamentals
APPENDIX B
Linux Fundamentals
In this appendix, you are introduced to some fundamental Linux concepts you might need to know to help you understand what you are doing when completing some of the exercises in the Novell ZENworks 7 Desktop Management Administration course that involve the DA-ZEN server. These fundamentals include the following topics:

Linux KDE Desktop Linux File System Bash Shell Linux File System Permissions
If you are already familiar with Linux, you can use these topics as a reference when completing the exercises. If you are new to Linux, we suggest you take the time to read through the topics and try using some of the commands and tools introduced in the following pages with your DA-ZEN Novell Open Enterprise Server (OES) Linux server before starting the rst exercise in the course.

Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. B-1
These topics are from the SUSE Linux Fundamentals course (Course 3036) and the SUSE Linux Administration course (Course 3037), which include a self-study VMware SUSE Linux Enterprise Server 9 server and a workbook in the student kit for completing the 3036 and 3037 exercises on your own. If you feel you need additional training in SUSE Linux fundamentals, you might want to attend a 3036 or 3037 course or purchase the student kit. For details on the self-study kit, see http://www.novell.com/training/selfstudy.html. For information on available classes, see http://www.novell.com/training/train_product/.
Linux KDE Desktop

One of the most used graphical desktop environments in Linux is KDE. This desktop environment is installed by default during the installation of Novell Open Enterprise Server (OES) Linux. In order to use the KDE desktop effectively in this course (and in a production environment) to manage a Novell OES Linux server with ZENworks 7 Desktop Management services installed, you need to know the following:

How to Log In How to Log Out How to Shut Down and Reboot the Linux System How to Identify KDE Desktop Components How to Use the Konqueror File Manager

B-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Version 1
Linux Fundamentals
How to Log In
Linux is a multi-user operating system that requires that you log in after booting the system. When your Novell Open Enterprise Server Linux system is booted and ready for work, the following login dialog appears: Figure B-1
If you installed eDirectory, the login dialog includes an Admin user created during the installation. This is not the Linux system administration user (the name of that user is root). This is the eDirectory Admin user. The root user has all rights to the entire Linux system, and is similar to the Admin user in NetWare, or the Administrator in Windows. The root user has too much power to be used casually when logging in, so the default behavior with Novell Open Enterprise Server Linux is to log in as the eDirectory Admin user.

Version 1
B-3
Of course, you have the option to create additional users that can be used during system boot, but the default user at this point is Admin. After entering a user name (such as admin) and a password, select Login. If the login is successful, the following KDE desktop environment appears with a Welcome dialog: Figure B-2
You can read the information or just close the dialog by selecting the X button in the top right corner of the window: Figure B-3

Linux Fundamentals
How to Log Out

When you are ready to log out of the system, open the KDE menu by selecting the rst (left) icon in the bottom panel: Figure B-4
At the bottom of the KDE menu, select the Logout entry. You can also right-click on the desktop background and select the same option from the popup menu.

Version 1
After selecting Logout, a conrmation dialog appears. If you select Logout again, you are logged out and the login screen re-appears, allowing you or another person to log in.
B-5
How to Shut Down and Reboot the Linux System

If you are at the login screen, you can shut down or reboot your computer by opening the Menu menu and selecting one of the following options:
Session Type. You can choose a window manager other than KDE. In this course, we cover only KDE (the default window manager). Restart X Server. You can restart the program that's responsible for the graphical user interface. Remember, you can perform many administrative tasks without a graphical user interface. Shutdown. If you select this option, you are asked if you want to shut down or restart your computer:
Figure B-5
For security reasons, you have to enter the root password because only root is allowed to restart or shut down the computer. If you select Turn off computer and select OK, Linux closes all the (system) programs currently running.

Linux Fundamentals
Older computers that do not have power management and cannot switch themselves off can be switched off when the following message appears:
Master Resource Control: runlevel 0 has been reached
If you switch the machine off too soon, you could possibly lose data.
You should always shut down your computer before you turn it off.
How to Identify KDE Desktop Components

The KDE desktop environment includes the following components:

The Desktop The KDE Control Panel (Kicker) The KDE Menu Virtual Desktops
The Desktop
On the desktop you see only a few icons. You can start the applications associated with these icons by selecting them once with your left mouse button. You can move the icons by dragging them with the mouse.

The KDE Control Panel (Kicker)
The KDE desktop is operated by using the mouse on the KDE control panel (also called the Kicker) located at the bottom of the desktop: Figure B-6
The following are the most commonly used icons and their functions (from left to right):
Green button with red N: Menu of all congured programs and functions (not of all programs and functions installed on the machine). This menu is called the KDE menu. Blue house: A Konqueror file browser with the home folder of the logged in user. Shell in front of monitor: A terminal window in which to type commands directly. Lifesaver with a chameleon head: The SUSE Help Center. Globe with gear wheel teeth: The Konqueror web and file browser. E with letter: The KMail e-mail program. The white and gray box: Virtual desktops. The empty area right of the virtual desktops: Task Manager area. Clipboard with k: Clipboard. Loudspeaker: A sound mixer. Sheet with i: SuSEwatcher for automatic updates. Computer card: SuSEplugger for plug and play. Clock: Current time.

B-8
Version 1
Linux Fundamentals
The KDE Menu
Programs are normally started from the KDE menu. You can select the KDE menu button to open the KDE menu: Figure B-7
This menu consists of the following 3 sections:
Most used applications. As indicated by the name, this section lists the five most frequently used applications. Accordingly, the listed entries can change from time to time. All applications. This section features an overview of various applications sorted by subjects (such as System).

Version 1
B-9
Actions. This section provides a command line interface, an overview of the bookmarks, an option for locking the screen, and the option for logging out.
A submenu in the KDE menu is marked by a small black arrow in the right-hand corner. To open a submenu, move the mouse cursor over the menu entry. To start a program, select the corresponding entry once with the left mouse button.
Virtual Desktops
If you are working with several programs concurrently, the screen can quickly become cluttered with open windows. In Linux, you can bring order to this chaos by changing to another (virtual) desktop. You can switch between the various desktops via the control panel. By default, 2 virtual desktops are congured. In the KDE control center, you can increase the number of usable virtual desktops up to sixteen. Every virtual desktop can host a virtually unlimited number of applications. Using these virtual desktops, you can easily organize your work.

Linux Fundamentals
How to Use the Konqueror File Manager

You can perform many le system tasks by using the KDE Konqueror program. To start Konqueror, select the blue house icon in Kicker. The following appears: Figure B-8
To navigate quickly through the le system, activate the navigation panel (select Window > Show Navigator Panel), which splits the main window and displays the directory tree. The icon with the blue house on the navigation panel displays the directory tree starting from the user's home directory. The icon with the folder displays the directory tree starting from the root directory.

The Konqueror window is divided into 3 sections with the following features: Figure B-9
The top section contains a menu bar, a toolbar, and an address panel. The bar to the left is the preset navigation panel, which serves primarily for navigation and orientation. The navigation area is split into a right and left window (after selecting the blue house or folder icon). You can use the left window for quicker navigation through the le system tree. Once you select a directory in the left window, the directory contents (le view) are displayed in the right window. You can use several methods to navigate in the le system. The 3 arrows on the left side of the toolbar represent the simplest way. The current position can be seen in the text window of the URL panel (in the above example, /home/tux/).

Linux Fundamentals
If you select the arrow pointing upwards, you will move from the current directory to the next highest directory (from /home/tux/ to /home/). The arrow pointing to the left returns you to the previously visited location. You can move forward again with the right arrow. You can open a directory and view its contents by selecting the directory in the le view. If you select a normal le, KDE tries to open it or starts a program to open it. Selecting the house icon in the toolbar takes you directly to your own home directory (such /home/tux/). The second method of navigating is provided by the navigation area. If you select a directory in the navigation area, its contents are displayed in the le view. You can double-click the directory in the navigation area to open it and view all subdirectories in it. Double-click the directory again to close it.
If you prefer a detailed list that displays information about each le in the tree, activate the tree view by selecting the second icon from the right in the toolbar.

Linux File System

The Linux le system (and, in general, any UNIX system) is considerably different from that of other operating systems. To understand the Linux le system, you need to know the following:

File Systems The Hierarchical Structure of the File System FHS (Filesystem Hierarchy Standard) Root Directory (/) User Directories (/home/) Storage Devices (/dev/) Mount Points for Removable Media (/media/*) Mount Point for Temporarily Mounted File Systems (/mnt/) Directories for Mounting Other File Systems Filename Restrictions
File Systems
Novell Open Enterprise Server Linux supports a number of native Linux le systems. You choose a le system based on the criteria and features that are most important to your enterprise. No one le system will meet your needs perfectly, but you can determine which will do the best job overall based on criteria such as proven reliability, performance, disk space utilitzation, and application compatibility.

B-14
Before installing Novell Open Enterprise Server Linux, you should have a basic understanding of the relative strengths of 3 commonly used Linux le systems:
Version 1
Linux Fundamentals
Ext2 Ext3 ReiserFS
Ext2
Ext2 is the longest lived and most heavily tested of the 3 most commonly used le systems. Before journaling le systems, ext2 was popular due to its successfully handling system outages to prevent data loss. Ext2 is not a journaling le system. It uses the e2fsck (le system check) utility to analyze le system data, bring metadata into a consistent state, and write pending les and data blocks to the lost+found directory. In contrast to journaling le systems, e2fsck analyzes the entire le system and not just the recently modied bits of metadata. This takes signicantly longer than checking the log data of a journaling le system. Depending on le system size, the le system check can take half an hour or more. So it is not desirable to choose ext2 for any server that needs high availability. On the other hand, due to ext2 not maintaining a journal, it uses signicantly less memory and can perform faster than journaling le systems.
Ext3

Version 1
Ext3 is based on ext2. An ext3 le system can be easily built on top of an ext2 le system. The most important difference is that ext3 supports journaling.
B-15
Ext3 offers the following major advantages:
Upgrades easily from ext2. Ext3 is based on the ext2 code and shares its on-disk and metadata formats, so upgrades from ext2 to ext3 are very simple. Upgrading from ext2 to ext3 takes only a matter of minutes. It is also very safe, since it does not require recreating an entire le system from scratch.
Customizable Reliability vs Performance. Other journaling file systems follow the metadata-only journaling approach. This means your metadata is always kept in a consistent state but the same cannot be automatically guaranteed for the file system data itself. Ext3 is designed to take care of both metadata and data. The degree of care can be customized. In data=journal mode, ext3 offers maximum reliability (i.e., data integrity) but slows performance because both metadata and data are journaled. In data=ordered mode, ext3 ensures both data and metadata integrity, but uses journaling only for metadata. This is less secure than data-journal mode, but offers a degree of consistency for metadata and data without sacricing performance. In data=writeback mode, ext3 writes the main le system after its metadata has been committed to the journal. This option optimizes performance but can allow old data to reappear in les after crash and recovery while internal le system integrity is maintained. Unless otherwise specied, ext3 is congured in data=ordered mode by default.

Linux Fundamentals
ReiserFS
ReiserFS, a journaling le system, was introduced as an alternative to the ext2. Its key assets, in comparison with ext2, are better disk space utilization, better disk access performance, and faster crash recovery. The drawback to ReiserFS is that (like ext3 in data-writeback mode) it optimizes performance by focusing on metadata but can allow the data itself to become unreliable. Novell Open Enterprise Server Linux formats volumes with the ReiserFS le system by default.
The Hierarchical Structure of the File System

The Linux le system is based on a hierarchical le system that can be depicted in the form of a tree. This tree is not limited to a local partition. It can stretch over several partitions, which can be located on different computers in a network. It begins at the root (where the name for the system administrator comes from) and branches out like the branches of a tree.

The following illustrates a typical Linux le system tree: Figure B-10

/ /bin/ /boot/ /dev/ /etc/ /home/ /lib/ /media/ /mnt/ /opt/ /proc/ /root/ /sbin/ /srv/ /sys/ /tmp/ /usr/ /var/
/home/tux/ /home/geeko/ /media/floppy/ /media/cdrom/ /media/dvd/
A le in this tree is uniquely dened by its path. A path refers to the directory names that lead to this le. The separation character between individual directory names is the slash (/). The path can be specied in 2 ways:

As a relative path starting from the current directory As an absolute path starting from the root of the entire file system tree

Linux Fundamentals
The absolute path always begins with a slash (/), the symbol for the root directory, as in the following: Figure B-11
etc / .. absolute:cd /etc relative:cd ../../etc
etc
home
..
tux Current Working Directory
Sometimes it is necessary to specify the absolute path because certain les can only be uniquely addressed in this way. The length of the path cannot exceed 4096 characters, including the slashes.
FHS (Filesystem Hierarchy Standard)

The structure of the Linux le system is described in the Filesystem Hierarchy Standard (FHS). The FHS species which directories must be located on the rst level after the root directory and what they contain. The FHS does not specify all details. In some areas it allows leeway for your own denitions. The FHS denes a two-layered hierarchy:
The directories in the top layer (immediately below the root directory /). As a second layer, the directories under /usr/ and /var/.
VIEW ONLY Some of the important default FHS Linux directories include the following: NO PRINTING ALLOWED
/etc. This directory contains configuration files. /dev. This directory contains special link files that reference hardware in the system. For example, /dev/fd0 references floppy disk A. The first IDE hard disk is referenced by /dev/hda. It also contains special links for removable devices. For example, the CD-ROM drive is referenced by /dev/cdrom; /dev/fd0 (oppy drive) is linked to dev/oppy.
/usr. This directory contains program files. /var. This directory contains data such as spool directories, log files, man pages, and other temporary files. /tmp. This directory stores temporary files created by running applications. /home. This directory contains user home directories. /root. This is the root users home directory. /bin. This directory contains essential command-line utilities such as vi, rpm, ls, mkdir, more, mv, grep, and tar. /sbin. This directory contains essential system executables such as fsck, grub, mkfs, arp, fdisk, and ifconfig. /mnt. This directory is used to mount devices or remote file systems using Samba or NFS. On some Linux distributions (such as Red Hat) it is also used to mount removable devices. /media. This directory is used to mount removable devices on some Linux distributions (such as SUSE Linux).
b
B-20
You can nd information about FHS at http://www.pathname.com/fhs/.
Version 1
Linux Fundamentals
Root Directory (/)

The root directory refers to the highest layer of the le system tree. Normally only directories (not les) are located here. When the system is booted, the partition on which this directory is located is the rst one mounted. Because the kernel cannot fulll all the tasks of the operating system, all programs that are run at the system start must be available on this partition (they cannot be located on another partition). The following directories always have to be on the same partition as the root directory: /bin/, /dev/, /etc/, /lib/, and /sbin/.
User Directories (/home/)

Every user on a Linux system has his own area in which to create les and remove them. This area is called the home directory of the user. When a user logs in, he is in his own home directory. Individual conguration les can be found in the user's home directory. These conguration les are hidden les, because they are normally not displayed by the command ls. All these les have names that begin with a dot. The following are the most important les in a user's home directory: Table B-1
File .prole .bash_history .bashrc Description Private login script of the user Conguration le for Bash List of commands previously run in Bash

If there are no special settings, the home directories of all users are located beneath the directory /home/. The home directory of a user can also be addressed via the short cut ~, so ~/.bashrc refers to the le .bashrc in the user's home directory. In many cases, the directory /home/ is located on a different partition or can even be located on a different computer (with central administration of home directories).
Storage Devices (/dev/)

The physical storage devices installed in your computer are managed through device nodes that are stored in the device directory (/dev). Device nodes are named according to the following convention:

/dev/fd0. First floppy disk drive. /dev/hda. First IDE hard drive. /dev/hdb. Second IDE hard drive. /dev/sda. First SCSI hard drive. /dev/sdb. Second SCSI hard drive.
The device directory contains a device node not only for every storage device but for every network interface and SCSI controller attached to your system.
Mount Points for Removable Media (/media/*)

SUSE Linux creates directories such as the following in the directory /media/ (depending on your hardware) for mounting removable media:

B-22
/media/cdrom/. Created for mounting CD-ROMs.
Version 1
Linux Fundamentals
/media/cdrecorder/. Created for mounting CDs in a CD burner. /media/dvd/. Created for mounting DVDs. /media/floppy/. Created for mounting floppy disks.
Mount Point for Temporarily Mounted File Systems (/mnt/)

The standard directory for integrating le systems is /mnt/. It should only be used for temporary purposes. For permanent mounts, you should create an appropriately named directory. In the following example, the hard drive partition /dev/hda7 is mounted at the position /mnt/ in the directory tree using the command mount:
da10:~ # mount /dev/hda7 /mnt
All les on this partition can now be reached via the directory /mnt/. To remove this partition again, you use the command umount:
da10:~ # umount /mnt
If you do not include any options with the command mount, the program tries out several le system formats. If you want to specify a specic le system, use the option -t. If the le system format is not supported by the kernel, the command is aborted, and you receive an error message. In this case, you must compile a new kernel that supports the le system format.

Directories for Mounting Other File Systems

Other le systems such as other hard drive partitions, directories from other computers via the network, or removable media (oppy disk, CD-ROM, removable hard drive) can be mounted to the le system at any point. A directory must exist at the point where you intend to mount the le system. This directory is referred to as the mount point. The complete directory structure of the mounted le system can be found beneath this directory. In most cases, only the user root can mount and unmount directories. Removable media, such as oppy disks and CDs, can be changed by a normal user. To mount a le system, enter the command mount, specifying the device le and the directory to which the le system should be mounted. A le system can be removed again with the command umount. The le /etc/mtab, which is updated by the command mount, shows which le systems are currently mounted. You can mount le systems in directories that are occupied. The existing contents of these directories, however, will no longer be accessible. After the le system is removed, this data becomes available again. This feature lets you share certain directories with many computers. This approach is often used for the home directories of users, which are located centrally on one machine and exported to other computers in the network.

Linux Fundamentals
Filename Restrictions
A lename in Linux can be up to 255 characters long. It can contain any number of special characters (_ or %, for example). Certain special characters (the dollar sign $, the semicolon ;, or the space, for example) have a specic meaning. If you want to use one of these characters without the associated special meaning, the character must be preceded by a \ (backslash) so its special meaning is masked (switched off). Umlauts, letters with diacritical marks, or other country-specic characters can be used. Using them, however, can lead to problems when exchanging data with people in other countries using other settings if these characters are not present on their keyboards. Linux differentiates between uppercase and lowercase letters. For example, Invoice, invoice, and INVOICE identify three different les.

Bash Shell
In this objective, you discover how to use the Bash shell to manage You OES Linux server by learning about the following:

Virtual Consoles on OES Linux Bash Shell on Novell Open Enterprise Server Linux Servers Common Bash File System Commands Bash Command Web References
Virtual Consoles on OES Linux

Because more than one person often uses the same PC, virtual consoles (also called virtual terminals) were created in Linux. With virtual consoles, you can work in Linux as if you had several terminal screens available at the same time. You can have up to 6 virtual consoles (F1F6) running on your computer. By pressing Ctrl+Alt+Fx, you can switch between individual consoles. By pressing Ctrl+Alt+F7, you can switch back to your graphical user interface (such as the KDE desktop).
Some virtual consoles can provide additional information, such as F3 (the installation log) and F4 (system messages).
You can determine the terminal currently being used from the tty number (tty1tty6). tty is an abbreviation for teletype, which is another word for terminal.

Linux Fundamentals
When you switch to a virtual console, a login prompt appears:

Welcome to SUSE Linux Enterprise Server 9 (i586) - Kernel 2.6.4-27-default (tty1).
da5 login:
From here you can enter your login name and password. A default shell is started (see Bash Shell on Novell Open Enterprise Server Linux Servers on B-28) with a command line prompt (called a shell prompt in Linux). To exit the shell and return to the login, enter exit. Besides using the virtual consoles, you can start a terminal window (called Konsole) from your KDE desktop Kicker by selecting the following icon: Figure B-12

The terminal opens inside a window with a default shell and shell prompt: Figure B-13
You can select options from the menus to congure the terminal (such as font and background colors). When you nish using the terminal window, you can close the window (select the X button or select Session > Quit).
Bash Shell on Novell Open Enterprise Server Linux Servers

To communicate directly with the operating system, you need to use a program that serves as an interface between you and the operating system.
VIEW ONLY program is called the shell. NO PRINTING ALLOWED

B-28
In the UNIX family operating systems (including Linux), this
Version 1
Linux Fundamentals
The shell accepts your entries, interprets them, converts them to system calls, and delivers system messages back to you, making it a command interpreter. UNIX has a whole series of shells, most of which are provided by Linux in freely usable versions. The following are examples of some popular shells:

The Bourne shell (/bin/sh) The Bourne again shell (/bin/bash) The Korn-Shell (/bin/ksh) The C Shell (/bin/tcsh) The TC Shell (/bin/tcsh)
The default shell provided in SUSE Linux is Bash (Bourne again shell). In order to use the Bash shell in Novell Open Enterprise Server Linux, you need to know the following:

How to Start and Exit a Bash Shell Completion of Commands and Filenames History Function Switch to User root Pipe Commands Man Pages

How to Start and Exit a Bash Shell
In Novell Open Enterprise Server Linux, the Bash shell is started by default each time you switch to a virtual console (similar to a system console in NetWare) or open a terminal window (similar to a Command Prompt window in Windows) from the Linux desktop. From a virtual console or terminal window, you can switch to another shell by entering the appropriate command. For example, you can switch to the C shell by entering csh or tcsh; you can switch to the Bash shell by entering sh or bash. Unlike most other programs, the shell does not close on its own. You need to enter the command exit to return to the previous shell or console.
Completion of Commands and Filenames
The Bash shell supports a function of completion commands and lenames. Just enter the rst characters of a command (or a lename) and press the Tab key. The Bash shell completes the name of the command. If there is more than one possibility, the Bash shell shows all possibilities when you press the Tab key a second time. This feature makes entering long lenames very easy.
History Function
Bash stores the commands you enter in a le so you have easy access to them. You can display the content of the le by entering the command history.

Linux Fundamentals
You can display the commands stored in the history cache (one at a time) by using the arrow keys. The Up-arrow shows the previous command; the Down-arrow shows the next command. After nding the desired command, edit it as needed then execute it by pressing Enter. When browsing the entries of the history in Linux, you can also select specic commands. Typing one or several letters, or pressing PageUp or PageDown, displays the preceding or next command in the history cache beginning with this letter. If you enter part of the command (not necessarily the beginning of the command), pressing Ctrl+R searches the history list for matching commands and displays them. Searching starts with the last command executed.
Switch to User root
If you are working with a shell in Linux, you can switch to root by entering the su - command and the root password. If you want to start a graphical application from the shell, you have to use the sux - command instead. You can check to make sure you are root by entering id or whoami. To leave the root administrator shell, you enter the command exit.
Pipe Commands
The output of one command can be used as the input for another command by using the pipe symbol ( | ): command1 | command2

For example, you can use the following cat command to output the contents of a le to the screen: cat hosts In this example, the content of the hosts le is displayed, and you are returned to the console prompt. However, the content of some les is extensive and cannot be displayed all at once on the screen. In this case, you can use a pipe to redirect the output through another command that lets you control the displayed text. For example, the more command and the less command let you page and scroll through text as it is displayed on the screen: cat httpd.conf | more When using the more command or less command, you can continue scrolling (using the Spacebar) until you reach the end of the le and are returned to the shell prompt. You can also quit the display at any time and return to the shell prompt by typing q.
Man Pages
The most important command for getting online help from the Bash shell is man (an abbreviation of manual or man page).

Linux Fundamentals
The following is the rst page of the manual pages for the command man (displayed by entering man man):
man(1) Manual pager utils man(1)
NAME man an interface to the on-line reference manuals
SYNOPSIS man [-c|-w|-tZT device] [-adhu7V] [-m system[,...]] [-L locale] [-p string] [-M path] [-P pager] [-r prompt] [-S list] [-e extension] [[section] page ...] ... man -l [-7] [-tZT device] [-p string] [-P pager] [-r prompt] file ... man -k [apropos options] regexp ... man -f [whatis options] page ... DESCRIPTION man is the system's manual pager. Each page argument given to man is normally the name of a program, utility or function. The manual page associated with each of these arguments is then found and displayed. A section, if provided, will direct man to look only in that section of the manual. The default action is to search in all of the available sections, following a pre-defined order and to show only the first page found, even if page exists in several sections.
The manual pages are organized in the following sections: Table B-2
Section 1 Contents Executable programs and shell commands (user commands) System calls

Version 1
B-33
(continued)
Table B-2
Section 3 4 5 6 7 8
Contents Functions and library routines Device les Conguration les and le formats Games Macro packages and le formats System administration commands
For example, entering the following displays general information about the command more: man 1 more Entering the following displays information about the conguration le for the command crontab (which also has the name crontab): man 5 crontab If you enter the man command without a section number (such as man more), the section 1 manual pages are displayed by default. You can scroll through the man pages using the Spacebar (one screen forward at a time) or the Up-arrow and Down-arrow keys. You can quit the man page at any time and return to the command prompt by typing q.
x
B-34
All manual pages are available in English and many have been translated into other languages. Because these translations are often incomplete or not maintained, we recommend using the English versions. If the English man pages are not shown automatically with the command man, you can display the English version of the man page by using the parameter LANG=en_EN.
Version 1
Linux Fundamentals
Common Bash File System Commands

Common commands for managing the Linux le system include the following:

cp. This command copies files. mv. This command can be used to move a file or rename a file. rm. This command deletes a file. cd. This command changes the current directory in the file system. ls. This command lists the files and subdirectories within the current directory. To see ownership and permissions assigned to files and directories, use ls with the -l switch. dir. This command also lists the files and subdirectories within the current directory. To see ownership and permissions assigned to files and directories, use dir with the -o switch. pwd. This command prints the current directory. mkdir. This command makes a directory. rmdir. This command deletes a directory. more. This command can be used to pause screen display 1 screen at a time. less. This command is similar to more; however, it allows you to move either forward or backward through the display. grep. This command can be used to search for a specific string of text within a file. To do this, enter grep pattern lename. The grep utility provides many options as well as some derivatives (such as fgrep or egrep). The most useful command line option is -i which forces grep to ignore uppercase and lowercase letters in the pattern you specify.

Version 1
find. This command can be used to search for a file in the file system.
B-35
locate. This command also searches for files in the file system, but uses a database and is much faster than find. To build or rebuild the database for locate, updatedb is added to cron.daily to be executed daily in the background.
cat. This command prints the content of a file to the screen. tail. This command prints the last 10 lines of a file to the screen. With the -f option, tail works in a forward mode scanning for additions to the specified file. For example, a useful tool for monitoring log les (such as syslog) while troubleshooting a server problem is to use the tail -f /var/log/messages command.
Bash Command Web References

Besides using the man pages for information about each Bash command, the following are recommended references on the Internet for Bash command information:
http://www.onlamp.com/linux/cmd/ Provided as part of the OReilly Network, this page provides an alphabetized list of hundreds of Linux commands. Select a command to view information about the command.
http://www.ss64.com/bash/ An A-Z index of the Linux Bash command line, each command includes a brief description before selecting a command for additional information.
Linux File System Permissions
VIEW ONLY network le storage and le system access, the conguration of NO PRINTING local permissions often comes into play. ALLOWED
When using Novell Open Enterprise Server Linux servers for
Linux Fundamentals
To set permissions for les and directories, you need to know the following:

Permissions and Permission Values How to Set Permissions From the Command Line How to Set Permissions From a GUI Interface
Permissions and Permission Values

You can assign the following 3 permissions to a le or directory:
Read (r). This permission allows the file to be read or the contents of a directory to be listed. Write (w). This permission allows a file to be modified. It allows files to be created or deleted within a directory. Execute (x). This permission allows a file to be executed. It allows access to a directory.
You can use the command ls -l to display the contents of the current directory with the assigned permissions for each le or subdirectory. For example, entering ls -l displays the following permissions for myle.txt: Figure B-14

You can also view permissions from a le manager or browser tool. For example, you can use the Detailed List View in Konqueror to view permissions, owner, and group for each directory or le: Figure B-15
How to Set Permissions From the Command Line

You can modify a le or directorys permissions and ownership from the command line by using the following:

chmod chown and chgrp
chmod
You can use this command to add, remove, or assign permissions assigned to a le or directory. Both the owner of a le and root can use this command. The following are examples of using the command chmod: Table B-3
chmod command chmod u+x Description The owner is given permission to execute the le. The permissions r and w stay as they are.

Linux Fundamentals
(continued)
Table B-3
chmod command chmod g=rw
Description All group members can read and write. If the members had the execute permission before, it is removed. The owner receives all permissions. The owner has all permissions, the group has read and write permissions, and all others have read permission. All users (owner, group, and others) receive executable permission, depending on umask.
chmod u=rwx chmod u=rwx,g=rw,o=r
chmod +x
For example, entering the following chmod command lets all users in the group users write to the le hello.txt:
geeko@earth:~ > ls -la hello.txt -rw-r--r-- 1 geeko users 0 2004-04-06 12:40 hello.txt geeko@earth:~ > chmod g+w hello.txt geeko@earth:~ > ls -la hello.txt -rw-rw-r-- 1 geeko users 0 2004-04-06 12:40 hello.txt
With the option -R (recursive) and a specied directory, you can change the access permissions of all les and subdirectories under the directory. Besides using the letters rwx to indicate permissions, you can also use groups of numbers. Every le and directory in a Linux system has a numerical permission value assigned to it. This value has 3 digits. The rst digit represents the permissions assigned to the le or directory owner. The second digit represents the permissions assigned to the group associated with the le or directory. The third digit represents the permissions assigned to others.

Version 1
B-39
Each digit is the sum of the following 3 values assigned to it:

Read: 4 Write: 2 Execute: 1
For example, suppose a le named myle.txt has 754 permissions assigned to it. This means the owner of the le has read, write, and execute permissions (4+2+1), the group associated with the le has read and execute permissions (4+1), and others have read permissions (4). This is illustrated in the following: Figure B-16
myfile.txtl
754
Owner
4 2 1 r w e r a i d t e e x e c
Group
Others

Linux Fundamentals
The following are examples of using numerical values with chmod: Table B-4
chmod command chmod 754 hello.txt Description The owner has all permissions, the group has read and execute permissions, and all others have the read permission. All users (user, group, and others) receive all permissions.
chmod 777 hello.txt
chown and chgrp
These commands change the owner or group assigned to a le or directory. As user root, you can use the command chown to change the user and group afliation of a le using the following syntax: chown new_user.new_group le For example, in the following, root changes ownership of the le hello.txt from geeko to the user newbie:
earth:/tmp -rw-r--r-earth:/tmp earth:/tmp -rw-r--r-earth:/tmp # 1 # # 1 # ls -la hello.txt geeko users 0 2004-04-06 12:43 hello.txt chown newbie.users hello.txt ls -la hello.txt newbie users 0 2004-04-06 12:43 hello.txt
To change only the owner (and not the group), use the following: chown new_user le To change only the group (and not the user), use the following:
VIEW ONLY chown .new_group le NO PRINTING ALLOWED

For example, the following command is used to limit access to the le list.txt to members of the group advanced:
earth:/tmp -rw-r----earth:/tmp earth:/tmp -rw-r----earth:/tmp # 1 # # 1 # ls -la list.txt geeko users 0 2004-04-06 12:43 list.txt chown .advanced list.txt ls -la list.txt geeko advanced 0 2004-04-06 12:43 list.txt
Although the group has changed, the owner permissions remain the same (the owner and root can still access the le). As user root, you can also change the group afliation of a le with the command chgrp using the following syntax: chgrp .new_group le A normal user can only use the command chown to change his or her le to a new group, as in the following: chown .new_group le Of course, the user can also do the same with chgrp, as in the following: chgrp new_group le Users can change the group afliation of their les only if they are a member of the new group.
How to Set Permissions From a GUI Interface

Besides using commands (such as chmod or chown), you can modify a le or directorys permissions from a GUI interface (normally a le browser).

Linux Fundamentals
For example, you can use Konqueror in KDE to change permissions by doing the following:
1.
Start Konqueror; then browse to the le or directory (do not open it). Right-click the le or directory you want to modify; then select Properties. Select the Permissions tab. A dialog similar to the following appears:
2.
3.
Figure B-17

Version 1
From this dialog, you can change the Read (r) and Write (w) permissions for Owner, Group, and Others by selecting the appropriate option (Can Read or Can Read & Write) from the drop-down lists.
B-43
You can deny all permissions (equivalent to 0) by selecting Forbidden. You can also modify the user and group ownership of the le or directory by entering a user or group in the appropriate eld.
4. 5.
Modify the permissions and ownership as desired. (Optional) Modify individual permissions by doing the following: a. Select Advanced Permissions. The following appears:
Figure B-18
b.
6.
Select the permissions you want to set, and then nish by selecting OK.
When you finish configuring permissions for the file or directory, save the configuration by selecting OK.

Index
A
agent 1-113, 13-3, 13-1313-14, 14-4 Apache 1-56, 1-82, 1-116, 1-126 authentication 1-23 autodiscovery 16-5
B
back-end Intro-3, 1-57, 13-26, A-22 background 5-355-36, 5-50, 5-52, 6-296-30, 7-35, 7-52, 14-8, 16-75, B-5, B-28, B-36 bandwidth 1-5, 1-191-20, 14-32 binary 8-10, 9-18 block 1-68 bootable 13-20, 13-41, 13-53 bound 1-271-29
1-52, 1-54, 1-56, 1-61, 1-69, 1-74, 1-96, 1-1051-106, 1-111, 1-121, 1-127, 1-1401-142, 2-7, 2-23, 2-46, 4-18, 4-45, 5-505-52, 6-12, 6-14, 7-1, 7-9, 7-15, 7-227-23, 7-29, 7-40, 7-67, 8-258-29, 8-34, 8-49, 8-528-53, 8-658-66, 9-79, 9-103, 9-123, 12-6, 12-912-10, 13-3, 13-613-7, 13-1013-11, 13-24, 13-2713-28, 13-30, 13-42, 13-8813-89, 14-114-4, 14-10, 14-52, 15-115-3, 15-3415-35, 15-7215-75, 15-84, 16-116-2, 16-516-6, 16-9, 16-22, 16-39, 16-4216-43, 16-58, 16-72, 16-7616-77, A-1, A-5, A-9A-10, A-16A-17, A-21, A-38A-40, B-7
C
cache 7-55, 9-88, B-31 class 1-7, 1-14, 7-15, 7-66, 8-26, 13-11, 13-38, 13-79, 13-81, 15-54 client 1-73, 1-111, 6-25, 9-121, 11-29, 13-30, 16-26, A-11 CLP Intro-5 commands B-33, B-42 compatibility 7-417-42, B-14 component Intro-1Intro-2, Intro-4, Intro 17Intro-18 VIEW -ONLY , 1-1, 1-3, 1-61-7, 1-10, 1-121-17, 1-28, 1-321-36,
NO PRINTING ALLOWED
compressed 8-28, 9-48, 13-61 compression 1-5, 9-779-78, 13-61, 13-67 concurrent 1-26, 1-82 configuration 1-4, 1-10, 1-36, 1-431-44, 1-471-51, 1-551-56, 1-601-61, 1-631-64, 1-76, 1-80, 1-83, 1-90, 1-120, 1-130, 1-140, 1-1431-144, 2-24, 3-10, 4-3, 4-20, 5-11, 5-135-14, 5-18, 5-20, 5-29, 5-315-33, 5-35, 5-37, 5-39, 5-41, 5-435-44, 5-51, 5-53, 6-7, 6-14, 6-20, 6-23, 6-32, 7-8, 7-107-11, 7-15, 7-34, 7-46, 7-567-62, 7-64, 7-667-67, 8-4, 8-9, 8-12, 8-18, 8-52, 8-62, 8-648-66, 8-68, 9-3, 9-59-6, 9-11, 9-62, 9-83, 9-94, 9-102, 9-109, 9-1119-112, 9-122, 10-4, 11-5, 11-9, 11-22, 11-30, 11-3411-35, 13-6, 13-12, 13-2813-29, 13-31, 13-3313-34, 13-3813-39,
Version 1
Index-1
13-4313-44, 13-4613-47, 13-6013-61, 13-6713-68, 13-7313-74, 13-76, 13-7813-80, 13-8313-84, 13-87, 14-46, 14-48, 15-8, 15-1015-11, 15-13, 15-2115-22, 15-34, 15-5815-59, 15-61, 15-7515-76, 15-85, 16-15, 16-34, 16-55, A-9, A-15, A-17, A-19, A-21, A-24A-25, B-20B-21, B-34, B-36, B-44
15-78, 15-85, 16-1, 16-816-9, 16-21, 16-33, 16-3616-38, 16-5316-54, 16-71, A-11, A-14, A-17A-20, A-27, A-38, A-41, B-28
configure Intro-3, Intro-7, Intro-17, 1-10, 1-17, 1-33, 1-37, 1-421-43, 1-48, 1-511-52, 1-61, 1-63, 1-81, 1-83, 1-94, 1-971-98, 1-110, 1-112, 1-115, 1-124, 1-130, 1-136, 1-144, 2-4, 2-82-10, 2-18, 2-25, 2-452-46, 3-2, 3-4, 3-63-7, 3-9, 3-11, 3-15, 3-17, 3-19, 4-44-5, 4-104-11, 4-184-19, 4-214-25, 4-28, 4-31, 4-334-34, 4-36, 4-454-46, 5-55-10, 5-155-17, 5-235-24, 5-285-32, 5-345-37, 5-395-40, 5-44, 5-465-49, 5-53, 5-555-57, 6-2, 6-56-13, 6-17, 6-19, 6-23, 6-26, 6-32, 7-12, 7-15, 7-24, 7-27, 7-36, 7-38, 7-44, 7-48, 7-50, 7-56, 7-60, 7-627-63, 7-667-67, 8-19, 8-45, 8-48, 8-54, 9-3, 9-14, 9-31, 9-41, 9-43, 9-49, 9-54, 9-699-70, 9-94, 9-969-97, 9-1059-108, 9-110, 9-115, 9-117, 9-1229-123, 10-1, 10-310-6, 10-8, 10-1010-16, 10-18, 10-27, 11-511-9, 11-1111-12, 11-17, 11-19, 11-2311-25, 11-27, 11-30, 11-3311-35, 12-35, 13-6, 13-11, 13-3713-38, 13-4213-44, 13-49, 13-56, 13-61, 13-63, 13-67, 13-7013-71, 13-78, 13-82, 13-85, 13-8914-1, 14-814-9, 14-1114-14, 14-21, 14-2314-25, 14-27, 14-31, 14-3814-39, 14-4314-44, 14-49, 14-53, 15-1, 15-715-8, 15-1015-11, 15-14, 15-21, 15-2515-26, 15-3415-36, 15-3815-39, 15-4115-43, VIEW ONLY15-45, 15-4715-49, 15-5115-53, 15-55, 15-59, 15-66,
NO PRINTING ALLOWED
connection 8-8 ConsoleOne 1-84, A-11 context 1-91 create 1-8, 1-16, 1-18, 1-201-22, 1-29, 1-331-35, 1-43, 1-48, 1-51, 1-80, 1-84, 1-94, 1-98, 1-100, 1-109, 1-119, 1-131, 1-134, 2-3, 2-9, 2-18, 2-20, 2-24, 3-3, 3-5, 3-13, 3-15, 3-17, 3-19, 4-8, 4-124-13, 4-184-20, 4-224-23, 4-25, 4-27, 4-344-35, 4-374-39, 4-45, 5-3, 5-85-9, 5-13, 5-28, 5-475-50, 5-565-57, 6-3, 6-176-19, 6-256-26, 6-32, 7-2, 7-7, 7-127-13, 7-157-16, 7-187-19, 7-21, 7-24, 7-267-30, 7-47, 8-58-6, 8-108-11, 8-158-18, 8-208-21, 8-25, 8-29, 8-338-35, 8-38, 8-478-50, 8-528-53, 8-558-56, 8-61, 8-658-66, 9-2, 9-109-11, 9-15, 9-17, 9-19, 9-23, 9-42, 9-53, 9-569-59, 9-62, 9-71, 9-769-78, 9-90, 9-94, 9-1069-107, 9-110, 9-112, 9-117, 9-1199-120, 9-1239-124, 10-6, 10-8, 10-11, 10-1610-21, 10-23, 11-4, 11-16, 11-19, 11-24, 11-31, 11-34, 12-512-7, 12-1112-16, 12-2412-25, 12-31, 12-35, 12-3812-39, 12-41, 12-44, 12-4612-47, 13-2, 13-813-9, 13-1713-23, 13-4113-42, 13-4513-46, 13-48, 13-5113-53, 13-55, 13-5813-60, 13-6213-64, 13-6613-69, 13-71, 13-75, 13-79, 13-81, 13-89, 14-7, 14-14, 15-33, 15-38, 15-56, 15-6415-65, 15-70, 15-73, 15-7515-76, 15-8015-81, 15-91, 16-61, 16-66, A-10, A-14, A-17, A-19A-20, A-33, A-38, A-42, B-4, B-21, B-23 cursor Intro-11Intro-12, 1-65, 4-39, 5-32,
Index-2
Version 1
Index
5-35, B-10
D
database 9-110, 10-3, 10-11, 15-2915-32, 15-8615-89 debug 7-8, 12-8 device 13-48 DHCP 1-481-51, 1-63, 4-19, 13-7, 13-1113-12, 13-1513-16, 13-2713-32, 13-3713-39, 13-42, 13-44, 13-4913-50, 13-7813-79, 13-89, A-10, A-17A-20 diagnose 1-35, 14-214-3, 14-6, 14-16 directory Intro-11, 1-2, 1-81-10, 1-12, 1-14, 1-22, 1-241-25, 1-28, 1-30, 1-321-33, 1-381-39, 1-47, 1-51, 1-531-54, 1-591-60, 1-62, 1-64, 1-67, 1-70, 1-75, 1-79, 1-81, 1-84, 1-861-87, 1-91, 1-1031-106, 1-1131-115, 1-120, 1-122, 1-127, 1-1301-131, 1-136, 1-143, 2-2, 2-5, 2-24, 2-26, 2-402-41, 2-43, 2-47, 4-9, 5-2, 5-25, 5-32, 5-34, 5-37, 5-39, 5-42, 6-2, 6-15, 6-26, 7-6, 7-8, 7-10, 7-277-30, 7-357-36, 7-387-43, 7-45, 7-49, 7-55, 8-11, 8-148-17, 8-36, 8-44, 9-21, 9-23, 9-33, 9-40, 9-48, 9-549-55, 9-729-74, 9-77, 9-82, 9-106, 9-108, 9-120, 9-124, 10-5, 11-25, 12-412-5, 12-10, 12-1212-14, 12-1612-17, 12-29, 12-31, 12-3612-37, 13-2, 13-9, 13-2413-25, 13-27, 13-29, 13-4513-46, 13-5113-52, 13-5813-59, 13-70, 13-79, 14-1014-13, 14-18, 14-25, 14-2714-28, 14-30, 14-4014-41, 14-47, 14-50, 15-34, 15-46, 15-70, 15-76, 15-7815-79, 15-82, 16-2, 16-7, 16-10, 16-1216-13, 16-16, 16-67, A-16, A-38, B-11B-13, B-15, B-18 ONLY VIEW B-24, B-35, B-37B-39, B-41B-44
DirXML 1-23 distinguished name 1-42, 15-39 DNS 1-361-37, 1-48, 1-50, 1-84, 1-90, 1-941-96, 1-116, 1-1211-122, 1-1251-126, 4-64-7, 4-15, 4-184-22, 4-24, 4-35, 6-14, 7-31, 10-9, 11-1711-18, 12-4, 13-8, 13-15, 13-5013-51, 13-74, 14-30, 15-40, 15-49, A-17A-18, A-20, A-27, A-33, A-39, A-45 download 1-29
E
eDirectory 7-35 enable 4-39, 7-47 encrypted 14-17, 14-33, 14-36 enterprise 16-45, 16-69 entry 16-72 export 7-13, 9-18, 10-11, 15-61, 15-64, 15-7015-76, 15-79, 15-8115-82, 15-85 exporting 15-7415-75 external 1-21, 12-5, 12-38
F
FAT 13-41 fault tolerance 11-5, 11-711-8, 11-12, 11-19, 11-22, 11-26, 11-28 file system 1-38, 1-53, 1-671-68, 1-86, 1-143, 5-15, 5-32, 5-37, 7-357-36, 7-39, 9-74, 9-101, B-11B-12, B-14B-19, B-21, B-23B-24, B-35B-36 File Transfer Protocol 13-12, 13-29 format 7-12
NO PRINTING ALLOWED
Version 1
Index-3
G
generate 1-5, 1-9, 1-11, 1-20, 7-30, 9-90, 9-92, 10-1, 10-3, 10-5, 10-14, 10-2610-27, 13-16, 15-1, 15-56, 15-6115-62, 15-75, 15-77, 15-85 global 1-49, 7-48, 9-30, 9-90, 13-38, 13-79, A-19A-20 graphical user interface B-26 group B-41 GUI 1-1061-107, B-42 GUID 8-66, 9-30, 9-909-93, 9-122, 11-33
J
Java 1-30, 4-8, 4-30, A-23
K
Knowledgebase 16-34, 16-52
L
LAN 1-351-36, 2-9, 2-27, 3-11, 3-19, 7-9, 8-78-8, 11-30, 13-31, 14-4, 14-714-8, 14-34, 14-3714-40, 15-11, 16-7, 16-25, A-9, A-21, A-25 Linux 1-58, 1-62, 1-106, 13-10, 13-18, 16-25 list 1-66, 4-39, 5-53, 7-63, 8-21, 8-40, 10-18, 16-42, 16-46, 16-50 LOAD 7-7, 11-211-9, 11-31, 11-3311-34, 13-38, 13-47, 13-61, 14-39, 15-23 load balancing 11-6 location 9-82, 12-16 log 14-6, A-38 log file 10-5, A-17, A-38 log in 2-36 logical 15-5, 16-50 login script 1-120
H
hardware Intro-18, 1-41-6, 1-111-12, 1-14, 1-16, 1-26, 1-36, 1-38, 1-112, 1-124, 1-142, 2-4, 3-123-13, 3-20, 4-16, 5-20, 5-54, 5-58, 6-22, 6-24, 6-33, 8-53, 12-2, 12-5, 12-31, 13-20, 13-24, 13-33, 13-40, 13-45, 13-73, 13-76, 14-2, 15-215-5, 15-4215-43, 15-53, 15-55, 15-61, 15-73, 15-79, 15-8415-85, 16-216-4, 16-8, 16-12, 16-24, 16-36, 16-42, 16-50, 16-54, A-2, A-9A-10, A-27, B-20, B-22 header 6-15, 8-28, 16-4, 16-60 high availability B-15
I
iFolder Intro-17, 1-7, 1-15, 1-142 iManager 1-14, 1-831-84, 1-142, 4-19, A-18A-19 installation 1-121, 8-44 interval 9-69, 14-19 IP 13-16
M
management Intro-1Intro-7, Intro-15Intro-18, 1-11-16, 1-211-25, 1-27, 1-291-38, 1-421-43, 1-461-48, 1-511-54, 1-561-63, 1-661-69, 1-71, 1-73, 1-751-81, 1-831-84, 1-86, 1-901-91, 1-97, 1-99, 1-1031-106, 1-1091-113, 1-1151-116, 1-1181-122, 1-1241-128, 1-1301-132,

Index-4
Version 1
Index
1-1341-138, 1-1401-145, 2-12-9, 2-22, 2-24, 2-262-28, 2-36, 2-40, 2-43, 2-452-47, 2-49, 3-2, 3-12, 4-24-4, 4-7, 4-10, 4-194-20, 4-28, 4-35, 4-42, 4-444-45, 5-2, 5-6, 5-12, 5-16, 5-20, 5-23, 5-32, 5-37, 5-395-40, 5-54, 6-2, 6-9, 6-126-14, 6-19, 6-21, 6-30, 6-32, 7-17-3, 7-5, 7-77-9, 7-117-15, 7-19, 7-22, 7-27, 7-29, 7-34, 7-367-45, 7-47, 7-54, 7-62, 7-657-67, 8-2, 8-4, 8-10, 8-13, 8-25, 8-34, 8-45, 8-59, 8-65, 8-67, 9-19-2, 9-16, 9-43, 9-49, 9-90, 9-95, 9-1029-103, 9-113, 9-1229-123, 10-210-6, 10-810-9, 10-11, 10-16, 10-18, 10-2010-23, 10-25, 10-2711-1, 11-30, 11-3211-33, 11-36, 12-3, 12-5, 12-1012-11, 12-15, 12-17, 12-25, 12-4612-47, 13-213-4, 13-10, 13-1913-30, 13-4013-42, 13-4413-46, 13-5213-56, 13-5813-59, 13-61, 13-6513-66, 13-68, 13-70, 13-73, 13-76, 13-78, 13-8813-89, 14-114-18, 14-2014-25, 14-2714-31, 14-3314-40, 14-4314-48, 14-5014-53, 15-115-5, 15-7, 15-2215-24, 15-34, 15-37, 15-43, 15-52, 15-61, 15-63, 15-67, 15-74, 15-84, 16-116-16, 16-18, 16-2016-21, 16-2316-27, 16-3016-40, 16-4216-45, 16-4916-59, 16-6216-77, A-1A-3, A-5A-13, A-16A-17, A-21A-23, A-25A-27, A-29, A-34, A-44, B-1B-2, B-7
modify 9-87 monitor 1-5, 1-59, 1-103, 4-36, 6-28, 8-26, 9-38, 13-25, 15-52, 16-24, 16-51, 16-62, B-8 mount point B-23B-24
N
navigation 7-28, 7-33, B-11B-13 Navigator B-11 NDS 1-54, 8-15, 13-10 NetStorage A-36 NetWare 1-27, 13-10, 13-18 network 1-68, 14-7, 14-42, 16-45, 16-69 file system 5-37 NFS B-20 NLM 1-30, 13-10, A-20A-21 node 14-7, 14-3714-38, B-22 Notes 9-14 Novell Novell Portal Services 7-25 NSS 13-9, 13-8013-82
O
object 2-16, 9-64, 11-4, 11-14, 11-1911-20, 11-34, 12-33, 12-39, 13-64, 14-39, 15-4, 15-7, 15-42, 15-56 operating system 4-15, 8-26, 14-4114-42, 14-50, A-11, A-36 options 4-24, 4-39, 8-4, 8-22, 8-56, 9-9, 9-43, 9-91, 9-97, 9-101, 10-2210-23, 12-36, 12-4212-43, 13-8513-86, 15-5715-58, 16-316-4, 16-20
master 1-20, 1-98, 13-66, B-7 media B-22, B-24 memory Intro-11, 1-82, 1-110, 8-26, 9-52, 9-60, 9-111, 11-3, 13-33, 13-35, 14-6, 14-41, 14-50, 16-12, B-15 migrate 1-8, 1-12, 5-42, 8-25, 12-212-4, 12-24, 12-26, 12-28, 12-4612-47 VIEW ONLY migrating Intro-17, 12-5, 12-30 migration 12-11, 12-15, 12-25, 12-41, 12-44 NO PRINTING
ALLOWED
Version 1
Index-5
P
parameters 1-42, 1-90 partition B-21, B-23 path 1-44 physical 1-22, 4-5, 4-28, 5-15, 13-68, 14-40, B-22 plug-in 7-29 policies 2-22-3, 2-27, 2-47, 5-10, 5-165-17, 5-24, 5-30, 5-32, 5-40, 5-51, 6-8, 6-13, 6-186-20, 6-27, 13-82, 14-39, 14-44, 15-39, 15-47, 15-53 port 1-44, 1-61, 1-70, 1-116, 1-121, 1-126, 5-22, 7-4, 9-37, 9-729-73, 9-108, 11-25, 13-11, 13-3113-32, 14-1114-13, 14-53, 15-40, 15-49, 16-21, A-15 port 443 5-22 post-installation 1-47, 1-51, 1-143, A-17 print provider 5-16 printer 2-3, 2-5, 2-45, 5-15, 5-17, 5-205-23, 5-47, 6-9, 6-226-23, 6-25, 6-28, 6-306-31, 12-4, 12-46, 14-42 processes A-3 processor 4-15, 7-36, 9-61, 9-73, 15-72, 15-79, 16-12, 16-24 project 8-43, 8-48 property 1-52, 1-1011-102, 1-1201-121, 1-131, 1-133, 2-102-11, 2-192-20, 2-25, 3-4, 3-63-8, 3-11, 3-18, 4-4, 4-10, 4-18, 4-304-31, 4-364-39, 4-46, 5-4, 5-7, 5-10, 5-15, 5-175-18, 5-235-25, 5-305-33, 5-36, 5-405-41, 5-45, 5-495-51, 5-53, 6-46-6, 6-8, 6-126-13, 6-16, 6-186-20, 6-27, 7-8, 7-16, 7-20, 7-46, 7-49, 7-56, 7-587-59, 7-617-62, 8-4, 8-6, 8-22, 8-62, 9-3, 9-5, 9-9, 9-13, 9-30, 9-43, 9-71, 9-80, VIEW ,ONLY , 9-97, 9-105, 9-115, 9-84 9-869-87 9-117, 9-120, 9-122, 10-710-10,
10-1210-14, 10-21, 11-5, 11-711-9, 11-1111-12, 11-19, 11-22, 11-26, 11-28, 11-30, 12-36, 12-42, 12-45, 13-64, 13-6613-69, 13-7113-72, 13-7413-75, 13-77, 13-8013-83, 13-85, 14-7, 14-1414-15, 14-23, 14-39, 14-44, 15-7, 15-34, 15-3615-37, 15-39, 15-4115-42, 15-44, 15-47, 15-5215-53, 15-55, 15-57, 15-59, A-43, B-43
protocol 1-671-68, 1-72, 9-107, 13-12, 14-6, 14-42, 16-55, A-10 purge 13-62
Q
query 16-4
R
RAM 9-60 read B-37, B-43 reliability B-16 reports 16-71 requirements 15-2915-32, 15-8715-90 resource 1-19, 1-27, 4-194-21, 8-52, 9-37, 11-24, B-7 revision 5-38 root 1-64, B-17
S
scheduler 2-24 schema A-7 SCSI 13-46, B-22 security 1-7, 1-68, 1-78, 1-94, 1-102, 1-144, 2-9, 2-28, 2-37, 2-49, 4-2, 5-85-9, 5-11, 5-385-40, 5-425-44, 5-46, 6-20, 6-22, 6-33, 7-27, 7-36, 9-369-37, 9-101, 13-713-8, 13-15,
NO PRINTING ALLOWED
Index-6
Version 1
Index
13-80, 14-10, 14-14, 14-33, 14-41, A-38, A-44, B-6
server Intro-1Intro-6, Intro-15, Intro-17Intro-18, 1-2, 1-41-5, 1-91-13, 1-161-17, 1-19, 1-21, 1-23, 1-251-34, 1-361-38, 1-421-44, 1-471-48, 1-501-52, 1-54, 1-561-58, 1-601-61, 1-631-74, 1-761-85, 1-901-91, 1-941-99, 1-1021-110, 1-116, 1-1201-122, 1-1251-126, 1-1281-130, 1-1321-134, 1-136, 1-138, 1-140, 1-1421-144, 2-3, 2-6, 2-9, 2-12, 2-15, 2-42, 2-46, 3-13-13, 3-153-20, 4-44-10, 4-12, 4-15, 4-174-30, 4-334-38, 4-444-46, 5-2, 5-65-7, 5-115-12, 5-165-18, 5-21, 5-235-24, 5-32, 5-34, 5-37, 5-39, 5-45, 6-10, 6-12, 6-146-15, 6-19, 6-25, 6-286-30, 7-37-4, 7-67-7, 7-15, 7-277-31, 7-34, 7-417-43, 7-50, 7-637-64, 8-6, 8-14, 8-258-26, 9-15, 9-37, 9-54, 9-629-63, 9-72, 9-80, 9-82, 9-1069-108, 9-110, 9-1189-121, 9-124, 10-4, 10-9, 11-111-4, 11-611-7, 11-1011-11, 11-14, 11-1611-18, 11-2211-25, 11-27, 11-2911-30, 11-3211-35, 12-1112-14, 12-1612-17, 12-31, 12-34, 12-36, 12-4612-47, 13-4, 13-813-13, 13-1813-24, 13-2613-32, 13-3513-38, 13-4013-42, 13-4513-47, 13-51, 13-5513-56, 13-6413-67, 13-7013-75, 13-7713-82, 13-8813-90, 14-4, 14-814-10, 14-28, 14-3914-40, 14-5214-53, 15-415-20, 15-2215-26, 15-2815-32, 15-34, 15-36, 15-3815-42, 15-4515-52, 15-63, 15-67, 15-7415-76, 15-84, 15-8615-91, 16-516-8, 16-1116-12, 16-15, 16-2116-22, 16-2416-26, VIEW ONLY16-2916-31, 16-33, 16-36, 16-39, 16-4416-45, 16-49,
16-52, 16-5416-55, 16-6816-71, 16-7516-76, A-1A-3, A-5A-6, A-8A-11, A-13A-29, A-32A-37, A-39, A-41, A-44A-47, B-1B-3, B-6, B-14B-15, B-17, B-26B-30, B-36
NO PRINTING ALLOWED
management 1-4, 1-140, 2-9, 10-4, 11-1, 11-3211-33, 15-63, 15-67, 15-74, A-10 service 4-35, 7-35, 7-40, 13-12 session B-28 settings 6-11, 6-20, 6-22, 9-77, 9-96, 12-41, 13-8 setup 8-47 shutting down 15-59 size 1-20, 14-49 SLES 1-58 SNMP 1-5, 10-4, 10-910-10, 10-17, 16-55 software Intro-14, Intro-17, 1-41-6, 1-81-12, 1-141-15, 1-27, 1-301-31, 1-361-38, 1-56, 1-75, 1-83, 1-99, 1-110, 1-112, 1-121, 1-124, 1-1401-141, 2-2, 2-4, 3-9, 3-123-13, 3-20, 4-16, 4-22, 4-244-25, 4-394-42, 5-54, 5-58, 6-12, 6-22, 6-24, 6-29, 6-33, 7-5, 7-9, 7-12, 7-22, 7-287-29, 7-39, 7-45, 7-667-67, 8-2, 8-98-10, 8-15, 8-25, 8-288-30, 8-40, 8-46, 8-49, 8-62, 8-648-66, 9-2, 9-349-35, 9-84, 9-94, 9-123, 10-16, 10-18, 10-22, 12-4212-43, 13-10, 13-12, 13-19, 13-36, 13-4413-45, 13-5113-52, 13-85, 15-215-6, 15-35, 15-4515-46, 15-50, 15-54, 15-61, 15-6815-69, 15-7315-75, 15-81, 15-8415-85, 16-216-5, 16-716-9, 16-11, 16-14, 16-2616-27, 16-2916-30, 16-32, 16-3616-37, 16-4216-43, 16-4516-47, 16-5016-54, 16-5716-59, 16-6216-63, 16-68, 16-7216-74, 16-77, A-2, A-6, A-8A-11, A-27, A-32, A-36A-37, A-45
Version 1
Index-7
SSL 1-44, 1-61 standalone 1-43, 1-601-61, 7-13, 7-23, 15-5, 15-25, 15-91, 16-4, 16-916-13, 16-1516-16, 16-3616-38, 16-76, A-14, A-24 start Intro-10Intro-14, Intro-16, 1-31, 1-43, 1-53, 1-581-59, 1-631-66, 1-101, 1-104, 1-107, 1-117, 1-122, 1-129, 1-131, 2-18, 2-36, 2-482-49, 3-3, 3-17, 4-8, 4-354-36, 4-414-42, 5-3, 5-29, 5-37, 5-47, 5-49, 5-525-53, 6-3, 6-146-15, 6-21, 6-286-30, 7-13, 7-157-16, 7-19, 7-24, 7-34, 7-397-43, 7-45, 7-49, 7-56, 7-62, 7-667-67, 8-4, 8-16, 8-21, 8-238-24, 8-32, 8-34, 8-41, 8-468-47, 8-578-59, 9-12, 9-38, 9-47, 9-659-66, 9-979-100, 9-1149-116, 9-1189-119, 9-121, 10-6, 10-21, 11-2711-29, 12-13, 12-25, 12-4112-42, 12-4412-45, 13-25, 13-28, 13-39, 13-44, 13-54, 13-80, 14-25, 14-27, 14-29, 14-31, 14-33, 14-3514-36, 14-44, 14-4614-47, 14-49, 14-53, 15-24, 15-3515-36, 15-5215-53, 15-57, 15-59, 15-61, 15-64, 15-91, 16-13, 16-19, 16-22, 16-28, 16-32, 16-3516-36, 16-39, 16-4416-46, 16-49, 16-56, 16-61, 16-69, A-5, A-14, A-16, A-29, A-42, A-46, B-7, B-10B-11, B-21, B-27, B-30B-31, B-43 storage 1-7, 1-341-35, 1-85, 5-34, 10-12, 12-1212-13, 12-24, 13-10, 13-59, 16-12, 16-24, A-28, B-22, B-36 subnet 13-7, 13-15, 13-17, 13-50, 14-38, 16-56 Support Pack 1-13, 1-25, 1-27, 1-811-82, 1-141, 7-27, 9-34 SUSE Intro-4Intro-5, 1-6, 1-13, 1-251-26, 1-29, 1-58, 1-811-82, 16-26, B-2, B-8, B-20, B-22, B-27, B-29 SYS 1-28, 1-ONLY, 1-1301-133, 1-136, 120 VIEW ,30-,81-5-18, 5-51, 6-19, 2-41 4 ,
6-266-27, 7-417-43, 8-10, 8-14, 9-24, 12-12, 13-4, 13-9, 13-12, 13-18, 13-30, 13-3213-33, 13-35, A-12A-13
system 1-5, 1-8, 1-151-16, 1-31, 1-34, 1-371-38, 1-53, 1-65, 1-671-68, 1-78, 1-82, 1-86, 1-98, 1-131, 1-135, 1-143, 2-24, 2-34, 3-123-13, 4-8, 4-144-15, 4-21, 4-23, 5-5, 5-95-10, 5-155-17, 5-20, 5-24, 5-26, 5-28, 5-30, 5-32, 5-37, 5-395-40, 6-8, 6-13, 6-26, 7-5, 7-8, 7-13, 7-15, 7-24, 7-357-36, 7-397-40, 7-44, 7-53, 7-58, 7-66, 8-4, 8-98-10, 8-14, 8-18, 8-22, 8-24, 8-26, 8-28, 8-348-36, 8-388-39, 8-65, 9-25, 9-369-37, 9-39, 9-489-54, 9-609-61, 9-64, 9-68, 9-74, 9-819-82, 9-101, 9-1169-119, 11-2, 12-212-5, 12-712-8, 12-11, 12-2612-27, 12-3012-31, 12-38, 12-4012-41, 12-43, 13-3, 13-5, 13-11, 13-13, 13-2913-30, 13-41, 13-4313-44, 13-4713-48, 13-55, 13-62, 13-81, 13-83, 14-214-3, 14-7, 14-10, 14-14, 14-30, 14-33, 14-3514-37, 14-4114-42, 14-46, 14-48, 14-5014-51, 15-2, 15-415-5, 15-2915-32, 15-54, 15-61, 15-63, 15-66, 15-69, 15-72, 15-8015-81, 15-8515-89, 16-2, 16-416-5, 16-7, 16-12, 16-2416-26, 16-33, 16-4016-42, 16-4616-47, 16-5016-51, 16-76, A-11, A-28, A-36A-37, A-45, B-3B-6, B-9, B-11B-12, B-14B-24, B-26, B-28B-30, B-33B-36, B-39 tray 1-78
T
TID 1-56, 5-15, 16-20 time Intro-4, 1-41-5, 1-21, 1-35, 1-51, 1-60, 1-65, 1-69, 1-100, 1-104, 1-112, 1-116, 2-4, 2-25, 2-27, 3-15, 4-44-5,
NO PRINTING ALLOWED
Index-8
Version 1
Index
4-7, 4-9, 4-23, 4-284-29, 4-33, 4-45, 5-21, 5-26, 5-38, 5-46, 6-14, 6-16, 7-2, 7-7, 7-97-10, 7-13, 7-297-30, 7-32, 7-37, 8-10, 8-12, 8-28, 9-169-17, 9-19, 9-229-23, 9-26, 9-299-31, 9-34, 9-57, 9-659-67, 9-74, 9-779-78, 9-94, 9-96, 9-989-100, 9-104, 9-123, 10-4, 10-1810-19, 10-25, 11-211-3, 11-33, 12-2, 12-412-5, 12-24, 12-26, 12-47, 13-2, 13-14, 13-22, 13-26, 13-43, 13-54, 13-61, 13-65, 13-6713-68, 13-73, 13-83, 14-2, 14-6, 14-9, 14-1914-20, 15-2, 15-7, 15-3415-35, 15-4015-41, 15-45, 15-49, 15-70, 15-72, 15-75, 16-4, 16-12, 16-75, A-5, A-8, A-20, A-42, B-1, B-8B-9, B-26, B-30B-32, B-34B-35
interface 7-8, 9-8, B-26 name 5-14, B-4 utilities 1-54, 1-114, 1-136, 2-40, 2-432-44, 9-91, 13-9, 13-45
V
value 7-55, 15-72, 16-51 VERIFY 7-6, 9-87, 9-109, 9-124 version 1-15, 8-40, 9-22, 9-59 view 1-117, 7-33, 7-35, 16-20, 16-6716-68
W
web server 1-82, 1-116, 1-126, 7-287-29, A-36 services Intro-19, 1-691-71, 1-74, 1-80, 1-144 Windows Explorer 7-44, 16-20 NT 14-14 write B-37, B-43
tolerance 11-5, 11-711-8, 11-12, 11-19, 11-22, 11-26, 11-28 transaction 13-12, 13-2713-28, 13-30, 16-59 transmission 15-5 tree 1-42, 1-132, 2-31, 4-5, 7-33 tune 8-29, 8-33, 8-35 type 5-36, 9-62, 16-50
U
unattended 8-3, 8-64, 13-19, 13-24, 13-41, 13-52, 13-55, 13-57, 13-72, 13-75 update 1-29 upgrade 1-26, 1-29, 1-82, 5-19, 12-2, 12-40, 13-21, 13-45, 15-2915-32, 15-8615-90, 16-16, 16-37, A-10 upload 13-80 user 1-80, 1-90, 1-109, 1-138, 5-14, 5-44, 5-525-53, 9-101, 9-112, 12-3, 12-46, B-3 account 1-841-85, 1-90, 5-9, 5-125-14, 5-44, 5-53, 7-40, 12-26, 16-20, VIEW 16-29, 16-38, 16-6616-67, A-28, ONLY A-33
Y
YaST 1-29, 1-48, 1-51, 1-641-66, 4-204-21, 13-38, 13-7813-79
Z
ZENworks 1-69, 2-24, 7-56, 7-587-59, 7-617-62, 8-59, 8-67, 12-25, 12-41 zone 4-20, 4-22, 9-67, 9-100
NO PRINTING ALLOWED
Version 1
Index-9

Index-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES. Version 1

3062 SM

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

3062 SM

Încărcat de

Drepturi de autor:

Formate disponibile

Novell ZENworks 7 Desktop Management Administration

Novell Training Services

Part # 100-005038-001 Version 1

VIEW ONLY NO PRINTING ALLOWED

Novell, Inc. Trademarks

VIEW ONLY NO PRINTING ALLOWED

Introduction Student Kit Deliverables . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2 Course Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3

Exercise Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-9

VIEW ONLY NO PRINTING ALLOWED

Novell ZENworks 7 Desktop Management Administration

Describe the ZENworks 7 Suite Features . . . . . . . . . . . . . . . . 1-3

Describe the New Features of ZENworks 7 Desktop Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

Implement eDirectory Design Guidelines for ZENworks . . . 1-18

Install ZENworks 7 Desktop Management Back End Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25

VIEW ONLY NO PRINTING ALLOWED

Evaluate ZENworks Desktop Management Access Methods 1-67

Install ZENworks 7 Desktop Management Middle Tier Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-81

Install the ZENworks Desktop Management Agent . . . . . . 1-109

VIEW ONLY Objective 2 Describe Policy Packages NO PRINTING ALLOWED

Novell ZENworks 7 Desktop Management Administration

Describe and Configure Search Policies . . . . . . . . . . . . . . . . . 2-8

Describe How Policies Work. . . . . . . . . . . . . . . . . . . . . . . . . 2-22

Describe Effective Policies . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

Describe Policy Package Copy and Policy Reporting . . . . . . 2-40

VIEW ONLY NO PRINTING ALLOWED

Describe the Purpose of Each Server Package Policy . . . . . . . 3-9

Plan Server Package Deployment . . . . . . . . . . . . . . . . . . . . . 3-12

Implement Automatic Workstation Import (AWI) . . . . . . . . . 4-8

Describe Automatic Workstation Removal (AWR) . . . . . . . 4-28

Novell ZENworks 7 Desktop Management Administration

Exercise 4-1 Import Workstation Objects into the Tree. . . . . . 4-34

Enable and Configure User Package Policies . . . . . . . . . . . . . 5-8

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-57 SECTION 6 Implement Workstation Package Policies Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

VIEW ONLY Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO PRINTING ALLOWED

Create and Associate a Workstation Policy Package. . . . . . . . 6-3

Enable and Configure Workstation Package Policies . . . . . . . 6-7

VIEW ONLY NO PRINTING ALLOWED

Novell ZENworks 7 Desktop Management Administration

Describe Novell Application Launcher Components . . . . . . 7-22

Configure Novell Application Launcher . . . . . . . . . . . . . . . . 7-38

VIEW ONLY NO PRINTING ALLOWED

Package Software with ZENworks Software Packaging . . . . 8-25

Repackage Applications with the AdminStudio Repackaging Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34

Application Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

VIEW ONLY NO PRINTING ALLOWED

Novell ZENworks 7 Desktop Management Administration

Identify Application Object Configuration Options . . . . . . . . 9-3

Automate the Distribution of Applications . . . . . . . . . . . . . . 9-94

Repair and Uninstall Applications . . . . . . . . . . . . . . . . . . . . 9-102

Describe Terminal Server and Web Applications . . . . . . . . 9-106

Distribute Applications to Disconnected Workstations . . . . 9-109

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-122 SECTION 10 Application Auditing and Reporting Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

VIEW ONLY Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NO PRINTING ALLOWED

Configure Reporting for Application Events . . . . . . . . . . . . . 10-3

Implement Rogue Process Management . . . . . . . . . . . . . . . 10-16

Use Predefined Reports to View Application Events . . . . . 10-25 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-27

Distributed Application Management Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

Implement Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . 11-3

Implement Fault Tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9

Implement Application Site List . . . . . . . . . . . . . . . . . . . . . 11-14

VIEW ONLY NO PRINTING ALLOWED

Novell ZENworks 7 Desktop Management Administration

Implement Remote Alternate Applications . . . . . . . . . . . . . 11-22