Novell ZENWORKS 10 Remote Management Reference

Novell®
www.novell.com
AUTHORIZED DOCUMENTATION
Remote Management Reference
ZENworks® 10 Configuration Management SP3
novdocx (en) 16 April 2010
10.3
March 30, 2010

ZENworks 10 Configuration Management Remote Management Reference

Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
novdocx (en) 16 April 2010
Copyright © 2007 - 2010 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 16 April 2010
novdocx (en) 16 April 2010
4 ZENworks 10 Configuration Management Remote Management Reference
Contents
About This Guide 9

1Overview 11

1.1 Remote Management Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 Understanding Remote Management Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.2.1 Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.2 Remote View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.3 Remote Execute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.4 Remote Diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.5 File Transfer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.2.6 Remote Wake Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.3 Understanding Remote Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.3.1 Visible Signal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.3.2 Intruder Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.3.3 Session Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.4 Audible Beep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.5 Keyboard and Mouse Locking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.6 Screen Blanking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.7 Abnormal Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.8 Overriding Screen Saver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.9 Automatic Session Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.10 Agent Initiated Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.3.11 Session Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.3.12 Remote Management Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.4 Understanding Remote Management Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
novdocx (en) 16 April 2010

2 Setting Up Remote Management 19

2.1 Configuring the Remote Management Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.1.1 Configuring the Remote Management Settings at the Zone Level . . . . . . . . . . . . . . 19
2.1.2 Configuring the Remote Management Settings at the Folder Level . . . . . . . . . . . . . 22
2.1.3 Configuring the Remote Management Settings at the Device Level . . . . . . . . . . . . . 22
2.2 Enabling the Remote Management Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.3 Creating the Remote Management Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.4 Configuring the Remote Operator Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.5 Configuring the Remote Management Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.5.1 Setting Up the Remote Management Password Using ZENworks Control Center . . 31
2.5.2 Setting Up the Remote Management Password Using ZENworks Adaptive Agent . 32
2.5.3 Clearing the Remote Management Password Using ZENworks Control Center . . . . 32
2.5.4 Clearing the Remote Management Password Using ZENworks Adaptive Agent . . . 32
2.6 Installing the Remote Management Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.7 Upgrading the Remote Management Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.8 Starting Remote Management Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.8.1 Initiating a Session from the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.8.2 Initiating a Session from the Managed Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2.9 Options for Launching a Remote Management Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
2.9.1 Command Line Options for Launching a Remote Operation. . . . . . . . . . . . . . . . . . . 44
2.9.2 Internal Options for Launching a Remote Operation . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.10 Installing a Remote Management Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.11 Configuring a Remote Management Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Contents 5
2.11.1 Remote Management Proxy Settings on a Windows Device . . . . . . . . . . . . . . . . . . 49
2.11.2 Remote Management Proxy Settings on a Linux Primary Server or Satellite Server 49

3 Managing Remote Sessions 51

3.1 Managing a Remote Control Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.1.1 Using the Toolbar Options in the Remote Management Viewer . . . . . . . . . . . . . . . . 51
3.1.2 Session Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.2 Managing a Remote View Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.3 Managing a Remote Execute Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.4 Managing a Remote Diagnostics Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.5 Managing a File Transfer Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.6 Managing a Remote Management Proxy Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.7 Waking Up a Remote Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.7.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.7.2 Remotely Waking Up the Managed devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.8 Improving the Remote Management Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.8.1 On the Management Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.8.2 On the Managed Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
novdocx (en) 16 April 2010

4 Security 63

4.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
4.1.1 Rights-Based Remote Management Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 63
4.1.2 Password-Based Remote Management Authentication . . . . . . . . . . . . . . . . . . . . . . 64
4.2 Password Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.3 Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.4 Audit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.5 Ask Permission from the User on the Managed Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.6 Abnormal Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.7 Intruder Detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.7.1 Automatically Unblocking the Remote Management Service . . . . . . . . . . . . . . . . . . 66
4.7.2 Manually Unblocking the Remote Management Service . . . . . . . . . . . . . . . . . . . . . 67
4.8 Remote Operator Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.9 Browser Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.10 Session Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.10.1 SSL Handshake. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
4.10.2 Certificate Regeneration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

5 Troubleshooting 69

A Cryptographic Details 79

A.1 Managed Device Key Pair Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
A.2 Remote Operator Key Pair Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
A.3 Remote Management Ticket Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
A.4 Session Encryption Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

B Best Practices 81

B.1 Closing the Remote Management Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
B.2 Closing Applications Launched During Remote Execute Operation . . . . . . . . . . . . . . . . . . . . 81
B.3 Identifying the Remote Operator on the Managed Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
6 ZENworks 10 Configuration Management Remote Management Reference
B.4 Performing a Remote Control Session on a Device That Is Already Connected through a Remote
Desktop Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
B.5 Determining the Management Console Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
B.6 Using the Aero Theme on Windows Vista, Windows 7, Windows Server 2008, and Windows
Server 2008 R2 devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
B.7 Enabling the Secure Attention Sequence (Ctrl+Alt+Del) Button when Remotely Controlling a
Windows Vista or Windows Server 2008 device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
B.8 Installing the Remote Management Service on a Windows XP Device through RDP . . . . . . . 83
B.9 Remote Management Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

C Documentation Updates 85

C.1 March 30, 2010: SP3 (10.3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
novdocx (en) 16 April 2010
Contents 7
novdocx (en) 16 April 2010
8 ZENworks 10 Configuration Management Remote Management Reference

About This Guide

This Novell ZENworks 10 Configuration Management Remote Management Reference includes information about Remote Management. The information in this guide is organized as follows:
Chapter 1, “Overview,” on page 11
Chapter 2, “Setting Up Remote Management,” on page 19
Chapter 3, “Managing Remote Sessions,” on page 51
Chapter 4, “Security,” on page 63
Chapter 5, “Troubleshooting,” on page 69
Appendix A, “Cryptographic Details,” on page 79
Appendix B, “Best Practices,” on page 81
Appendix C, “Documentation Updates,” on page 85
novdocx (en) 16 April 2010
Audience
This guide is intended for Novell
Feedback
We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to the Novell Documentation Feedback site (http://www.novell.com/
documentation/feedback.html) and enter your comments there.
Additional Documentation
ZENworks Configuration Management is supported by other documentation (in both PDF and HTML formats) that you can use to learn about and implement the product. For additional documentation, see the ZENworks 10 Configuration Management SP3 documentation (http://
www.novell.com/documentation/zcm10/).
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
®
A trademark symbol ( trademark.
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
®
ZENworks® administrators.
When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux*, should use forward slashes as required by your software.
About This Guide 9
novdocx (en) 16 April 2010
10 ZENworks 10 Configuration Management Remote Management Reference
1

Overview

Novell® ZENworks® Configuration Management lets you remotely manage devices from the management console. Remote Management allows you to:
Remotely control the managed device
Remotely run executables on the managed device
Transfer files between the management console and the managed device
Diagnose problems on the managed device
Remotely wake up a powered-off managed device
Review the following sections:
Section 1.1, “Remote Management Terminology,” on page 11
Section 1.2, “Understanding Remote Management Operations,” on page 12
Section 1.3, “Understanding Remote Management Features,” on page 14
novdocx (en) 16 April 2010
1
Section 1.4, “Understanding Remote Management Proxy,” on page 16

1.1 Remote Management Terminology

Terms Description
Managed device A device that you want to remotely manage. To remotely manage a
device, ensure that the Remote Management component is installed and the Remote Management service is running on the device.
Management server A device where the ZENworks Configuration Management server is
installed.
Management console The interface for managing and administering the devices. For
performing the remote operations, you must install the Remote Management viewer on the console.
Administrator A person who can configure Remote Management policies and
settings, and grant Remote Management rights to remote operators.
Remote Management Service A managed device component that enables remote operators to
perform remote operations on the device.
Remote Management Viewer A management console application that enables a remote operator
to perform remote operations on the managed device. It allows the remote operator to view the managed device desktop, transfer files, and execute applications on the managed device.
Remote Management Listener A management console application that enables a remote operator
accept remote assistance requests from managed device users.
Overview
11
Terms Description
ZENworks Remote Management
SSL
Management Console
Remote Control
Remote View
File Transfer
Remote Execute
Remote Diagnostics
Remote
Operator
Managed Device
HTTPS HTTPS
ZENworks Server
Remote
Management Service
Z
Remote Management Proxy A proxy server that forwards Remote Management operation
requests from the Remote Management Viewer to a managed device. The proxy is useful when the viewer cannot directly access a managed device that is in a private network or on the other side of a firewall or router that is using NAT (Network Address Translation). As a prerequisite, the proxy must be installed on a Windows managed device or a Linux device (Primary server, Satellite device).

1.2 Understanding Remote Management Operations

Remote Management gives administrators control of a device without the requirement for an on-site visit. It can save you and your organization time and money. For example, you or your organization’s help desk can analyze and remotely fix the managed device’s problems without visiting the user’s workstation, thereby reducing problem resolution times and increasing productivity.
novdocx (en) 16 April 2010
Figure 1-1 Remote Management Operations
The following sections help you to understand the various Remote Management operations:
Section 1.2.1, “Remote Control,” on page 13
Section 1.2.2, “Remote View,” on page 13
Section 1.2.3, “Remote Execute,” on page 13
Section 1.2.4, “Remote Diagnostics,” on page 13
Section 1.2.5, “File Transfer,” on page 13
Section 1.2.6, “Remote Wake Up,” on page 14
12 ZENworks 10 Configuration Management Remote Management Reference

1.2.1 Remote Control

Remote Control lets you remotely control the managed device from the management console so that you can provide user assistance and help resolve the device’s problems.
Remote Control establishes a connection between the management console and the managed device. With remote control connections, you can perform all the operations that a user can perform on the device. For more information, see Section 3.1, “Managing a Remote Control Session,” on page 51.

1.2.2 Remote View

Remote View lets you remotely connect with a managed device so that you can view the managed device instead of controlling it. This helps you troubleshoot problems that the user encountered. For example, you can observe how the user at a managed device performs certain tasks to ensure that the user performs the task correctly. For more information, see Section 3.2, “Managing a Remote View
Session,” on page 55.

1.2.3 Remote Execute

novdocx (en) 16 April 2010
Remote Execute lets you run any executable with system privileges on the managed device from the management console. To remotely execute an application, specify the executable name in the Remote Execute window. For example, you can execute the Registry Editor on the managed device. For more information, see Section 3.3, “Managing a Remote
Execute Session,” on page 56.
regedit
command to open the

1.2.4 Remote Diagnostics

Remote Diagnostics lets you remotely diagnose and analyze the problems on the managed device. This increases user productivity by keeping desktops up and running. For more information, see
Section 3.4, “Managing a Remote Diagnostics Session,” on page 56.
Diagnostics provide real-time information that you can use to diagnose and fix the problems on the managed device. The default diagnostics applications on the managed device include:
System Information
Computer Management
Services
Registry Editor

1.2.5 File Transfer

File Transfer lets you perform various file operations on the management console and the managed device, such as:
Copy files between the management console and the managed device.
Rename files or folders
Delete files or folders
Create folders
Overview 13
View the properties of files and folders
Open files with the associated applications on the management console
For more information, see Section 3.5, “Managing a File Transfer Session,” on page 58
IMPORTANT: The File Transfer program allows you to access the network drives on the managed device.

1.2.6 Remote Wake Up

Remote Wake Up lets you remotely wake up a single node or a group of powered-down nodes in your network provided the network card on the node is enabled for Wake-on-LAN. For more information, see Section 3.7, “Waking Up a Remote Device,” on page 60

1.3 Understanding Remote Management Features

The following sections helps you to understand the various Remote Management features:
novdocx (en) 16 April 2010
Section 1.3.1, “Visible Signal,” on page 14
Section 1.3.2, “Intruder Detection,” on page 14
Section 1.3.3, “Session Encryption,” on page 15
Section 1.3.4, “Audible Beep,” on page 15
Section 1.3.5, “Keyboard and Mouse Locking,” on page 15
Section 1.3.6, “Screen Blanking,” on page 15
Section 1.3.7, “Abnormal Termination,” on page 15
Section 1.3.8, “Overriding Screen Saver,” on page 15
Section 1.3.9, “Automatic Session Termination,” on page 15
Section 1.3.10, “Agent Initiated Connection,” on page 15
Section 1.3.11, “Session Collaboration,” on page 16
Section 1.3.12, “Remote Management Auditing,” on page 16

1.3.1 Visible Signal

Lets you provide a visible indication on the managed device desktop to inform the user that the device is being remotely managed. The visible signal displays the identification of the remote operator and the session details such as type of the remote session and start time of the session. The user can terminate a particular remote session or close the signal dialog box to terminate all the remote sessions.

1.3.2 Intruder Detection

The Intruder Detection feature significantly lowers the risk of the managed device being hacked. If the remote operator fails to log in to the managed device within the specified number of attempts (the default is 5), the Remote Management service is blocked and does not accept any remote session request until it is unblocked.
14 ZENworks 10 Configuration Management Remote Management Reference

1.3.3 Session Encryption

The remote sessions are secured using Secured Socket Layer (TLSv1 protocol).

1.3.4 Audible Beep

When a remote session is active on the managed device you can generate an audible beep at regular time intervals on the managed device as configured in the Remote Management policy.

1.3.5 Keyboard and Mouse Locking

Lets you lock the keyboard and mouse controls of the managed device during a remote session to prevent the managed device user from interrupting the session.
NOTE: On Windows Vista managed devices, mouse and keyboard locks do not function if the Aero theme is enabled.

1.3.6 Screen Blanking

novdocx (en) 16 April 2010
Lets you blank the screen on the managed device during a remote session to prevent the user from viewing the actions performed by the remote operator during the session. The keyboard and mouse controls of the managed device are also locked.
NOTE: Blanking the screen of a tablet PC managed device during a remote session degrades the session performance.

1.3.7 Abnormal Termination

Lets you lock the managed device or log out the user on the managed device if a remote session is abruptly disconnected.

1.3.8 Overriding Screen Saver

Lets you override any password-protected screen saver on the managed device during a remote session.
This feature is not available on a Windows Vista*, Windows Server 2008, and Windows 7 managed devices.

1.3.9 Automatic Session Termination

Automatically terminates a remote session if it has been inactive for a specified duration.

1.3.10 Agent Initiated Connection

Lets you enable the user on the managed device to request assistance from a remote operator. You can preconfigure the list of remote operators to be available to the user. For more information, see
Section 2.8.2, “Initiating a Session from the Managed Device,” on page 43.
Overview 15
NOTE: This feature is currently supported only on Windows.
Management
Console
Public Network Private Network
Firewall
Demilitarized
Zone
Firewall
Remote
Management
Proxy
Managed
Device

1.3.11 Session Collaboration

Lets a group of remote operators collaborate to jointly perform a remote session. The master remote operator can invite other remote operators to the session, delegate the remote control rights to another remote operator to solve a problem, regain control from the remote operator, and terminate a remote session. For more information, see Section 3.1.2, “Session Collaboration,” on page 53.

1.3.12 Remote Management Auditing

Lets you generate audit records for every remote session performed on the managed device. The audit log is maintained on the managed device and is viewable by the user.

1.4 Understanding Remote Management Proxy

You cannot perform any remote management operation on a managed device that is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation). This is because the NAT firewall hides the device IP address from the external network and thereby blocks any connection request made to the device. To remotely manage such a device, the remote operation must be routed through a Remote Management Proxy.
novdocx (en) 16 April 2010
For more information on routing the remote operation through proxy when initiating a remote session from the Management Console, see Route Through Proxy in “Initiating a Remote
Management Session from the Device Context” on page 35.
For more information on routing the remote operation through proxy when initiating a remote session from the device context, see Route Through Proxy in “Initiating a Remote Management
Session from the User Context” on page 38
Figure 1-2 Remote Management Proxy
You must install the proxy on a device that is placed in a demilitarized zone (DMZ). The device where you install the proxy should be accessible from the public network that has the management console and should be able to access devices that are in a private network. For information on installing the remote management proxy, see Section 2.10, “Installing a Remote Management
Proxy,” on page 47.
16 ZENworks 10 Configuration Management Remote Management Reference
The remote management proxy listens on port 5750 by default for the incoming remote management requests from the Remote Management Viewer, and forwards the requests to the device.
novdocx (en) 16 April 2010
Overview 17
novdocx (en) 16 April 2010
18 ZENworks 10 Configuration Management Remote Management Reference
2

Setting Up Remote Management

The following sections provide information on deploying the Remote Management component of
®
Novell
ZENworks® 10 Configuration Management in a production environment:
Section 2.1, “Configuring the Remote Management Settings,” on page 19
Section 2.2, “Enabling the Remote Management Listener,” on page 23
Section 2.3, “Creating the Remote Management Policy,” on page 23
Section 2.4, “Configuring the Remote Operator Rights,” on page 30
Section 2.5, “Configuring the Remote Management Password,” on page 31
Section 2.6, “Installing the Remote Management Viewer,” on page 33
Section 2.7, “Upgrading the Remote Management Viewer,” on page 34
Section 2.8, “Starting Remote Management Operations,” on page 34
Section 2.9, “Options for Launching a Remote Management Operation,” on page 44
Section 2.10, “Installing a Remote Management Proxy,” on page 47
novdocx (en) 16 April 2010
2
Section 2.11, “Configuring a Remote Management Proxy,” on page 49

2.1 Configuring the Remote Management Settings

The Remote Management settings are rules that determine the behavior or the execution of the Remote Management service on the managed device. The settings include configuration for the ports, session settings, and performance settings during the remote session. These settings can be applied at zone, folder, and device levels.
The following sections provide information on configuring the Remote Management settings at the different levels:
Section 2.1.1, “Configuring the Remote Management Settings at the Zone Level,” on page 19
Section 2.1.2, “Configuring the Remote Management Settings at the Folder Level,” on page 22
Section 2.1.3, “Configuring the Remote Management Settings at the Device Level,” on page 22

2.1.1 Configuring the Remote Management Settings at the Zone Level

By default, the Remote Management settings configured at the zone level apply to all the managed devices.
1 In ZENworks Control Center, click Configuration.
2 In the Management Zone Settings panel, click Device Management, then click Remote
Management.
3 Select Run Remote Management Service on Port and specify the port to enable the Remote
Management service to run on that port.
Setting Up Remote Management
19
By default, the Remote Management service listens on port number 5950.
4 Select the Session Settings options:
Field Details
novdocx (en) 16 April 2010
Look Up Viewer DNS Name at the Start of the Remote Session
Allow Remote Session when no user is logged on to the managed device
Enables the Remote Management service to look up for the DNS name of the management console at the start of the remote session.
The name is saved in the audit logs and is displayed as a part of the session information during the remote sessions. If this option is not selected or the Remote Management service is unable to find the console name, then the console name is displayed as unknown.
If your network does not have reverse DNS lookup enabled, then we recommend that you disable this setting to prevent a significant delay in starting the remote session.
Enables a remote operator to remotely manage a device when the policy allows the remote operation but no user has logged in to the device. This option is selected by default.
5 Select from the following options for improving the performance of a remote session:
Field Details
Suppress Wallpaper Suppresses the wallpaper on the managed device during a remote
session. This prevents the bitmap data of wallpaper from being repeatedly sent to the Remote Management console and thereby enhances the performance of the remote session.
Enable Optimization Driver
Enables the optimization driver, which is installed by default on every managed device. If you select this option, only the changed portion of the screen on the managed device is captured and updated on the Remote Management console during the remote session, thereby enhancing the performance of the remote session.
6 (Optional) Configure a remote management proxy to perform remote operations on the
managed device.
If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. You must install the proxy separately. For information on installing the remote management proxy, see Section 2.10, “Installing a Remote
Management Proxy,” on page 47.
20 ZENworks 10 Configuration Management Remote Management Reference
Task Details
novdocx (en) 16 April 2010
Add a remote management proxy
1. Click Add to display the Add Proxy Settings dialog box.
2. Fill in the following fields:
Proxy: Specify the IP address or DNS name of the remote management proxy.
IP Address Range: Specify the IP addresses of the devices you want to remotely manage through the remote management proxy. You can specify the IP address range in one of the following ways:
Specify the range of IP addresses using CIDR (Classless
Inter-Domain Routing) notation. With CIDR, the dotted decimal portion of the IP address is interpreted as a 32-bit binary number that has been broken into four 8-bit bytes. The number following the slash (/n) is the prefix length, which is the number of shared initial bits, counting from the left side of the address. The /n number can range from 0 to 32, with 8, 16, 24, and 32 being commonly used numbers. Examples:
123.45.678.12/16: Specifies all IP addresses that start with
123.45.
123.45.678.12/24: Specifies all IP addresses that start with
123.45.678.
Specify the range of IP addresses in the From IP address -
To IP address
123.45.678.12 - 123.45.678.15: Specifies all IP addresses in the range 123.45.678.12 to 123.45.678.15.
format. For example:
Delete a remote management proxy
1. Select the proxy you want to delete.
2. Click Delete, then click OK.
7 (Optional) Configure an application to be launched on the managed device during the Remote
Diagnostics session by adding it to the Diagnostics Applications list. By default, the list includes the following applications:
System Information
Computer Management
Services
Registry Editor
The following table lists the tasks that you can perform to customize the Diagnostics Applications list:
Setting Up Remote Management 21
Task Details
Add an application 1. Click Add.
2. Specify the application name and the application path on the managed device.
3. Click OK.
Delete an application 1. Select the application you want to delete.
2. Click Delete, then click OK.
novdocx (en) 16 April 2010
Revert to default applications
1. Click Revert, then click OK.
8 Click Apply, then click OK.
These changes are effective on the device, when the device is refreshed.

2.1.2 Configuring the Remote Management Settings at the Folder Level

By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the devices within a folder:
1 In ZENworks Control Center, click Devices.
2 Click the folder (details) for which you want to configure the Remote Management settings.
3 Click Settings, then click Device Management > Remote Management.
4 Click Override.
5 Edit the Remote Management settings as required.
6 To apply the changes, click Apply.
or
To revert to the system settings configured at the zone level, click Revert.
7 Click OK.
These changes are effective on the device, when the device is refreshed.

2.1.3 Configuring the Remote Management Settings at the Device Level

By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the managed device:
1 In ZENworks Control Center, click Devices.
2 Click Servers or Workstations to display the list of managed devices.
3 Click the device for which you want to configure the Remote Management settings.
4 Click Settings, then click Device Management > Remote Management.
5 Click Override.
22 ZENworks 10 Configuration Management Remote Management Reference
6 Edit the Remote Management settings as required.
7 To apply the changes, click Apply.
or
To revert to the previously configured system settings on the device, click Revert.
If the Remote Management settings on the device were configured at the folder level, the settings revert to the configured folder level settings; otherwise, they revert to the default zone level settings.
8 Click Ok.
These changes are effective on the device, when the device is refreshed.

2.2 Enabling the Remote Management Listener

To enable a Remote Management Listener to listen for connections from a managed device:
1 In ZENworks Control Center, click Devices.
2 In Device Tasks in the left pane, click Remote Management Listener.
novdocx (en) 16 April 2010
3 In the Remote Management Listener dialog box, specify the port to listen for the remote
connections. By default, the port number is 5550.
4 Click OK.
The ZENworks Remote Management Listener icon appears in the notification area.

2.3 Creating the Remote Management Policy

The Remote Management policy lets you configure the behavior or execution of a Remote Management session on the managed device. The policy includes settings for Remote Management operations such as Remote Control, Remote View, Remote Execute, Remote Diagnostics, and File Transfer, and also allows you to control settings for security.
By default, a secure Remote Management policy is created on the managed device when the ZENworks Adaptive Agent is deployed with the Remote Management component on the device. You can use the default policy to remotely manage a device. To override the default policy, you can explicitly create a Remote Management policy for the device.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Remote Management Policy, click Next to display the Define Details page, then fill in
the fields:
Policy Name: Provide a unique name for the policy. The policy name must be different than the name of any other item (group, folder, and so forth) that resides in the same folder.
Folder: Type the name or browse to the ZENworks Control Center folder where you want the policy to reside. The default is your policies.
Description: Provide a short description of the policy’s content. This description displays in the summary page of the policy in ZENworks Control Center.
/policies
, but you can create additional folders to organize
Setting Up Remote Management 23
4 Click Next to display the Remote Management General Settings page. To accept the default
settings, proceed to the next step, or use the information specified in the following table to change the default settings.
Field Details
novdocx (en) 16 April 2010
Allow User to Request a Remote Session
Terminate the Remote Session When Permission Is Required from a New User Logging In to the Managed Device
Display Remote Session Audit Information to the User on the Managed Device
Display Remote Management Properties in the ZENworks Icon
Edit To edit the message displayed to the user on the managed device
Restore default To restore the default message:
Enables the user on the managed device to request a remote operator to perform a remote session. The remote operator must ensure that the Remote Management Listener is running.
Terminates an ongoing remote session when permission is required from a new user who has logged into a remotely managed device.
Allows the user on the managed device to view the audit information for remote sessions from the ZENworks icon.
Allows the user on the managed device to view the properties associated with the Remote Management policy in the ZENworks icon.
before starting a remote session:
1. Click Edit to display the Edit Message dialog box.
2. Edit the message.
3. Click OK.
1. Click Restore default to revert to the default message.
Add a Remote Listener To add a Remote Listener:
1. Click Add.
2. In the Add Remote Listener dialog box, specify the DNS name or IP address of the management console and the port number on which the Remote Management Listener will listen for remote session requests.
3. Click OK.
Delete a Remote Listener To delete a Remote Listener:
1. Select the Remote Listener you want to delete.
2. Click Delete.
5 Click Next to display the Remote Control Settings page. To accept the default settings, proceed
to the next step, or use the information specified in the following table to change the default settings.
24 ZENworks 10 Configuration Management Remote Management Reference
Field Details
novdocx (en) 16 April 2010
Allow Managed Device to be Controlled Remotely
Ask Permission from User on Managed Device Before Starting Remote Control
Give Visible Signal to User on Managed Device During Remote Control
Give Audible Beep to User on Managed Device Every [ ] Seconds During Remote Control
Allow Managed Device Screen to be Blanked During Remote Control
Allow Managed Device Mouse and Keyboard to be Locked During Remote Control
Allow Screen Saver to be Automatically Unlocked During Remote Control
Allows Remote Control sessions on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote Control operation on the device.
Allows you to request permission from the user on the managed device before starting a Remote Control session.
Displays a visible signal in the top right corner of the managed device desktop during the Remote Control session. The visible signal lets the user on the managed device know that a Remote Control session is in progress.
Generates a beep on the managed device during a Remote Control session. The beep is generated periodically after the specified number of seconds.
Enables blanking of the screen of the managed device during a Remote Control session. Selecting this option also locks the keyboard and the mouse controls of the managed device.
Enables locking of the managed device mouse and keyboard during a Remote Control session.
Enables the unlocking of a password-protected screen saver from the Remote Control Viewer before the start of a Remote Control session on the managed device.
Automatically Terminate Remote Control Session After Inactivity of [ ] Minutes
Terminates a Remote Control session on the managed device if it has been inactive for the specified duration.
6 Click Next to display the Remote View Settings page. To accept the default settings, proceed to
the next step, or use the information specified in the following table to change the default settings.
Field Details
Allow Managed Device to be Viewed Remotely
Ask Permission from User on Managed Device Before starting Remote View
Give Visible Signal to User on Managed Device During Remote View
Allows Remote View sessions on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote View operation on the device.
Allows you to request permission from the user on the managed device before starting a Remote View session.
Displays a visible signal in the top right corner of the managed device desktop during the Remote View session.The visible signal lets the user on the managed device know that a Remote View session is in progress.
Setting Up Remote Management 25
Field Details
novdocx (en) 16 April 2010
Give Audible Beep to User on Managed Device Every [ ] Seconds During Remote View
Generates a beep on the managed device during the Remote View session. The beep is generated periodically after the specified number of seconds.
7 Click Next to display the Remote Diagnostics Settings page. To accept the default settings,
proceed to the next step, or use the information specified in the following table to change the default settings.
Field Details
Allow Managed Device to be Diagnosed Remotely
Ask Permission from User on Managed Device Before starting Remote Diagnostics
Give Visible Signal to User on Managed Device During Remote Diagnostics
Give Audible Beep to User on Managed Device Every [ ] Seconds During Remote Diagnostics
Allows Remote Diagnostics sessions on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote Diagnostics operation on the device.
Ensures that the remote operator requests permission from the user on the managed device before starting a Remote Diagnostics session.
Displays a visible signal in the top right corner of the managed device desktop during the Remote Diagnostics session.The visible signal lets the user on the managed device know that a Remote Diagnostics session is in progress.
Generate a beep on the managed device during the Remote Diagnostics session. The beep is generated periodically after the specified number of seconds.
Allow Managed Device Screen to be Blanked During Remote Diagnostics
Display Warning Message Before Reboot for [ ] Seconds
Automatically Terminate Remote Diagnostics Session After Inactivity of [ ] Minutes
Enables blanking of the screen of the managed device during a Remote Diagnostics session. The managed device keyboard and mouse are always locked during a Remote Diagnostics session. Selecting this option also disables the visible signal on the managed device.
Displays a warning message on the managed device at the start of the Remote Diagnostics session, reminding the user to save all existing applications. This warning message is displayed for the specified duration to prevent the user from losing any unsaved data, because the remote operator might initiate a system reboot during the Remote Diagnostics session.
Terminates the Remote Diagnostics session if it is inactive for the specified duration.
8 Click Next to display the Remote Execute Settings page. To accept the default settings, proceed
to the next step, or use the information specified in the following table to change the default settings.
26 ZENworks 10 Configuration Management Remote Management Reference
Loading...
+ 60 hidden pages