Novell ZENworks 10 Configuration Management SP3 Installation Guide
Novell®
www.novell.com
AUTHORIZED DOCUMENTATION
Policy Management Reference
ZENworks® 10 Configuration Management SP3
10.3
July 06, 2011
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respec t to any sof tware, a nd sp ecific ally disc laims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export contr ols and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
Copyright © 2007 - 2011 Novell, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
4 ZENworks 10 Configuration Management Policy Management Reference
Contents
About This Guide 9
1Overview 11
1.1 What Is a Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2 What Is a Policy Group? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.3 Understanding the Policy Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.4 Understanding the Features of a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2 Creating Policies 15
2.1 Browser Bookmarks Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2 Dynamic Local User Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3 Local File Rights Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.4 Printer Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.5 Remote Management Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.6 Roaming Profile Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.7 SNMP Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.8 Windows Group Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.9 ZENworks Explorer Configuration Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.10 Creating Policies by Using the zman Command Lin e Utility . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.10.1 Creating a Policy without Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.10.2 Creating a Policy with Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.10.3 Understanding the zman Policy XML File Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3 Managing Policies 41
3.1 Policy Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.2 Editing Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.3 Deleting Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.4 Adding Policies to Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.5 Assigning a Policy to Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.6 Assigning a Policy to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.7 Assigning a Roaming Profile Policy that has the User Profile Stored on a Windows,
Linux or NetWare Share. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.7.1 Creating a Default Profile Folder in a Shared Location . . . . . . . . . . . . . . . . . . . . . . . 48
3.7.2 Copying the Default Profile from a Windows Vista, Windows 2008 or a
Windows 7 device to the Default Profile Folder in the Shared Location . . . . . . . . . . 48
3.7.3 Configuring the Permissions for the Default Profile Registry Hive. . . . . . . . . . . . . . . 48
3.7.4 Copying the Default Profile to User Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.8 Assigning a Roaming Profile Policy that has the User Profile Stored on a Home
Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.8.1 Configuring the Permissions for the Default Profile Registry Hive. . . . . . . . . . . . . . . 49
3.9 Assigning the Local File Rights Policy to Devices Running Different Languages . . . . . . . . . . 50
3.10 Unassigning a Policy from Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.11 Unassigning a Policy from Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.12 Adding System Requirements for a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.12.1 Filter Conditions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.12.2 Filter Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Contents 5
3.13 Disabling Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.14 Enabling the Disabled Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.15 Copying a Policy to a Content Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.16 Incrementing the Policy Version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.16.1 Using the Action Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.16.2 Editing the Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.17 Reviewing the Status of the Policies at the Managed Device . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.18 Policy Issues on a Windows 7, Windows Server 2008, or Win dows Server 2008 R2
device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.19 Viewing the Predefined Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
4 Managing Policy Groups 63
4.1 Creating Policy Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
4.2 Renaming or Moving Policy Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.3 Deleting a Policy Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.4 Assigning a Policy Group to Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.5 Assigning a Policy Group to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.6 Adding a Policy to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
5 Managing Folders 67
5.1 Creating Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
5.2 Renaming or Moving Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
5.3 Deleting a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
A Troubleshooting Policy Management 69
A.1 Browser Bookmarks Policy Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
A.2 Browser Bookmarks Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
A.3 Dynamic Local User Policy Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
A.4 Dynamic Local User Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
A.5 General Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
A.6 Local File Rights Policy Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
A.7 Local File Rights Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
A.8 Printer Policy Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
A.9 Printer Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
A.10 Roaming Profile Policy Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
A.11 Roaming Profile Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
A.12 SNMP Policy Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
A.13 Windows Group Policy Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
A.14 Windows Group Policy Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
A.15 ZENworks Explorer Configuration Policy Errors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
B iPrint Policy Management Utility 97
B.1 Installing the IPPman Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
B.2 Using IPPman Commands to Configure iPrint Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
B.2.1 Creating an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
B.2.2 Cloning an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
B.2.3 Renaming an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
B.2.4 Modifying an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
B.2.5 Deleting an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
6 ZENworks 10 Configuration Management Policy Management Reference
B.2.6 Exporting iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
B.2.7 Importing an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
B.3 Understanding the Format of the iPrint Printer Configuration File . . . . . . . . . . . . . . . . . . . . . 105
B.3.1 Format of iPrint Printer Configuration File with Default Printing Preferences . . . . . 105
B.3.2 [Example] iPrint Printer Configuration File with Some Printing Preferences
Specified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
B.4 Printing Preferences for an iPrint Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
B.5 iPrint Printer List Import File Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
C Best Practices 107
C.1 Local File Rights Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
C.2 Dynamic Local User Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
C.3 Roaming Profile Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
C.4 SNMP Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
C.5 Windows Group Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
C.6 Printer Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
D Documentation Updates 109
D.1 July 06, 2011: SP3 (10.3.3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
D.2 January 17, 2011: SP3 (10.3.2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
D.3 March 30, 2010: SP3 (10.3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Contents 7
8 ZENworks 10 Configuration Management Policy Management Reference
About This Guide
This Novell ZENworks 10 Configuration Management Policy Management Reference includes
information about Policy Management features and procedures to help you confi gure and maintain
your Novell ZENworks 10 Configuration Management SP3 system. The information in this guide is
organized as follows:
Chapter 1, “Overview,” on page 11
Chapter 2, “Creating Policies,” on page 15
Chapter 3, “Managing Policies,” on page 41
Chapter 4, “Managing Policy Groups,” on page 63
Chapter 5, “Managing Folders,” on page 67
Appendix A, “Troubleshooting Policy Management,” on page 69
Appendix C, “Best Practices,” on page 107
Appendix B, “iPrint Policy Management Utility,” on page 97
Appendix D, “Documentation Updates,” on page 109
Audience
This guide is intended for Novell ZENworks administrators.
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to the Novell Documentation Feedback site (http: //www.novell.com/
documentation/feedback.html) and enter your comments there.
Additional Documentation
ZENworks Configuration Management is supported by othe r do cumentation (in both PDF and
HTML formats) that you can use to learn about and implement the product. For additional
documentation, see the ZENworks 10 Configuration Management SP3 documentation (http: //
www.novell.com/documentation/zcm10/).
About This Guide 9
10 ZENworks 10 Configuration Management Policy Management Reference
1
Overview
Novell ZENworks 10 Configuration Management provides policies to configure operating system
settings and select application settings. By applying a policy to multiple devices, you can ensure that
all of the devices have the same configuration.
The following sections contain additional information:
Section 1.1, “What Is a Policy?,” on page 11
Section 1.2, “What Is a Policy Group?,” on page 11
Section 1.3, “Understanding the Policy Types,” on page 12
Section 1.4, “Understanding the Features of a Policy,” on page 12
1.1 What Is a Policy?
A policy is a rule that controls a range of hardware and software configuration settings on the
managed devices. For example, an administrator can create polic ies to co ntro l browser book marks
available in the browser, printers to access, and security and system configuration settings on the
managed devices.
You can use the policies to create a set of configurations that can be assigned to any number of
managed devices. It helps you to provide the devices with a uniform configuration, and it eliminates
the need to configure each device separately.
1
You can assign a policy directly to a device or a user. You can also assign the policy to a folder or
group where the user or device is a member. Assigning a policy to device groups rather than device
folders is the preferred way, because a device can be a member of multip le dev ice groups, but it ca n
be a member of only one device folder.
On managed devices, each policy type is enforced by a Policy Handler or Enforcer , which makes all
the configuration changes necessary to enforce or unenforce the settings in a given policy.
1.2 What Is a Policy Group?
A policy group is a collection of one or more policies. Creating policy groups eases the
administration efforts in managing policies. You can create policy groups and assign them to
managed devices the same way you would assign individual policies.
Because the policy inherits the group’s assignments, managing a policy group is easier than
managing individual policies. For example, if multiple policies are included in a policy group and
the policy group is assigned to a device or a device group, then al l the poli cies inclu ded in the policy
group are automatically assigned to the device or device group at the same time. You need not
individually assign each policy to a device or a device group.
Overview
11
1.3 Understanding the Policy Types
ZENworks 10 Configuration Management lets you create the following policy types:
Browser Bookmarks Policy: Lets you configure Internet Explorer favorites for Windows
devices and users.
Dynamic Local User Policy: Lets you create new users and manage existing users created on
Windows 2000, Windows XP, and Windows Vista workstations; and W indows 2000, 2003, and
Windows 2008 Terminal Server sessions after the users have successfully authenticated to the
user source.
Local File Rights Policy: Lets you configure rights for files or folders that exist on the NTFS
file systems.
The policy can be used to configure basic and advanced permissions for both local and domain
users and groups. It provides the ability for an administrator to create custom groups on
managed devices.
Printer Policy: Lets you configure Local, SMB, HTTP, and iPrint printers on a Windows
machine.
Remote Management Policy: Lets you configure the behavior or execution of Remote
Management sessions on the managed device. The policy includes properties such as Remote
Management operations and security.
Roaming Profile Policy: Lets you to create a user profile that is stored in a network path.
A user profile contains information about a user’s desktop settings and personal preferences,
which are retained from session to session.
Any user profile that is stored in a network path is known as a roaming profile. Every time the
user logs on to a machine, his profile is loaded from the network path. This helps the user to
move from machine to machine and still retain consistent personal settings.
SNMP Policy: Lets you configure SNMP services on the managed devices.
Windows Group Policy: Lets you configure a group policy for Windows devices.
ZENworks Explorer Configuration Policy: Lets you to administer and centrally manage the
behavior and features of the ZENworks Explorer.
1.4 Understanding the Features of a Policy
A policy is applied to a device or a user only if the policy is directly or indirectly associated to
that device or user.
The Browser Bookmarks policy, Dynamic Local User policy, Printer policy, Remote
Management policy, Windows Group policy, and ZENworks Explorer Configuration policy
can be applied to a device or a user:
The Local File Rights and SNMP policies can be applied only to a device.
The Roaming Profile policy can be applied only to a user.
A policy can be associated to groups and containers.
12 ZENworks 10 Configuration Management Policy Management Reference
In ZENworks Control Center, devices and users can be organized by using containers and
groups. A device or user can be a member of multiple groups. The containers can be nested
within other containers. If a policy is associated to a group of users, it applies to all users in tha t
group. If a policy is associated to a user container, it applies to all users in the entire subtree
rooted at that container. The same behavior applies to device groups and containers.
A policy can be associated to query groups.
In ZENworks Control Center, the devices can also be me mbers of qu ery grou ps. Query groups
are similar to ordinary groups except that the membership is det ermin ed b y a qu ery d efin ed b y
the administrator. All devices that satisfy the query become members of that device group. The
query is evaluated periodically and the membership is updated with the results. An
administrator can configure the periodicity of the evaluation. An administrator can also force
an immediate refresh of a query group. Query groups act just like other groups where policies
are concerned.
Policies are chronologically ordered by default.
When multiple policies are associated to a device, user , group, or cont ainer , the associations are
chronologically ordered by default. The administrator can change the ordering.
If a device or user belongs to multiple groups, the groups are ordered. Consequently, the
policies associated to those groups are also ordered. The administrator can change the ordering
of groups for a device or user at any time.
In addition, the policies in a policy group are ordered.
Policies have a precedence configured to determine the policy that is effective for a device or a
user.
Many policies of the same type can be applied to a user or a device through direct association
and inheritance. For example, if a Browser Bookmark policy is associated to a user and another
Browser Bookmark policy is associated to a container containing that user, the policy directly
associated to that user overrides the policy associated to the container.
Policies support management by exception.
You can define a global policy for your enterprise and associate it to the top-level container
containing all your user objects. Y ou can then override configuration items in the global policy
by defining a new policy and associating it to specific users or user groups. These users receive
their configuration from the new policy. All other users receive their configuration from the
global policy.
Policies support system requirements.
You can specify the system requirements of a device or user in a policy. The policy is applied to
a device or user only if the device or user meets the system requirements.
For example, the SNMP policy is applied by default on all devices having the SNMP service
installed.
ZENworks Configuration Management supports singular and pl ural policies.
Singular Policy: If multiple policies of the same policy type are assigned to a device or a user
and the policy type is a Singular policy, then only the nearest associated policy meeting the
system requirements is applied. If the policy type is associated to both user and device, then
two different policies can be assigned to user and device.
The SNMP policy, Dynamic Local User policy, Remote Management policy, Roaming Profile
policy, and ZENworks Explorer Configuration policy are singular policies.
Overview 13
Plural Policy: If multiple policies of the same policy type are assigned to a device or a user
and the policy type is a Plural type, then all policies meeting the associated system requirement
are applied.
The Browser Bookmarks policy, Local File Rights policy, Windows Group policy, and Printer
policy are plural policies. However, the security settings in the Windows Group policy are not
plural.
Policies can be disabled.
When you create a policy in ZENworks Configuration Management, the policy is enabled by
default. You can disable it if you do not want to apply it on a user or a device.
ZENworks Configuration Management allows you to resolve policy conflicts.
The set of effective policies is a subset of the set of assigned policies. The set of effective
policies for a device or user is calculated by applying precedence rules, multiplicity rules, and
system requirements filters on the set of assigned policies. Effective policies are calculated
separately for devices and users. The Policy Conflict Resolution setting determines how user
and device policies interact for a specific user and device combination.
Effective policies are calculated separately for devices and users. When a user log s in to a
device, policies associated to both the user and the device must be applied. Policy Conflict
Resolution settings are used only when policies of the same type are associated to both the
device and the user . This setting d etermines the precede nce order among the policies associated
to the user and those associated to the device. The Policy Conflict Resolution settings are
applied after the effective policies are calculated.
Policy Conflict Resolution settings are defined when associating a policy to a device. The
settings cannot be defined for associations to users. For each policy type, the Policy Conflict
Resolution setting defined in the closest effective policy of that type is applied for all policies
of that type.
A Policy Resolution Conflict setting can have one of the following values:
User Last: Applies the policies associated to the device first, then the policies associated
to the user. This is the default value.
Device Last: Applies the policies associated to the user first, then the policies associated
to the device.
User Only: Applies only the policies associated to the user and ignores the policies
associated to the device.
Device Only: Applies only the policies associated to the device and ignore the policies
associated to the user.
NOTE: The Policy Conflict Resolution setting is tak en fro m the d evice-asso ciated p olicy with
the highest precedence.
14 ZENworks 10 Configuration Management Policy Management Reference
2
Creating Policies
Novell ZENworks 10 Configuration Management lets you create policies by using ZENworks
Control Center or by using the zman command line utility.
The following sections contain step-by-step instructions about creating po licies by using ZENworks
Control Center:
Section 2.1, “Browser Bookmarks Policy,” on page 15
Section 2.2, “Dynamic Local User Policy,” on page 16
Section 2.3, “Local File Rights Policy,” on page 20
Section 2.4, “Printer Policy,” on page 23
Section 2.5, “Remote Management Policy,” on page 27
Section 2.6, “Roaming Profile Policy,” on page 28
Section 2.7, “SNMP Policy,” on page 29
Section 2.8, “Windows Group Policy,” on page 30
Section 2.9, “ZENworks Explorer Configuration Policy,” on page 33
The following section explains how to create policies by using the zman command line utility:
2
Section 2.10, “Creating Policies by Using the zman Command Line Utility,” on page 34
2.1 Browser Bookmarks Policy
The Browser Bookmarks policy lets you co nfig ure Internet Explorer favorites for W i nd ow s d ev ice s
and users.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Browser Bookmarks Policy, click Next to displa y the Define Details pag e, then fill in th e
fields:
Policy Name: Provide a name for the policy. The policy name must be different than the name
of any other item (group, folder, and so forth) that resides in the same folder. The name you
provide displays in ZENworks Control Center.
Folder: T ype the name or browse to and select th e ZENworks Control Center folder where you
want the policy to reside. The default is
organize your policies.
Description: Provide a short description of the policy’s content. This description displays in
ZENworks Control Center.
4 Click Next to display the Bookmarks Tree Data Source page.
5 Create a browser bookmarks tree by importing a previously exported file or manually enteri ng
the data. Before you import a book marks file ensure that it is in UTF-8 format. To manually
convert the bookmark file into UTF-8 format, use a text editor
/policies
, but you can create additional folders to
Creating Policies
15
The following list contains browser-specific information to create the exported file:
Internet Explorer 6.x/8.x: In the browser window, click File > Import and Export.
Follow the instructions given in the Import/Export Wizard to create
the bookmark.htm
file.
Internet Explorer 7: In the browser window, click Add to Favorites > Import and
Export. Follow the instructions given in the Import/Export Wizard to create the
bookmark.htm
Mozilla Firefox 2.x: In the browser window, click Bookmarks > Organize Bookmarks,
then click File > Export to create the
Mozilla Firefox 3.x: In the browser window, click Bookmarks > Organize Bookmarks,
then click Import and Backup > Export HTML to create
file.
bookmarks.html
file.
the bookmarks.html
file.
6 Click Next to display the Bookmarks Tree Configuration page, then use the options to
configure the bookmarks tree.
The following table lists the tasks you can perform with the New, Edit, and Delete options.
Field Details
New Click New > Folder to display the Add Folder to Bookmarks dialog box, through
which you can add a new folder to the bookmarks tree.
Click New > Bookmark to display the Add Bookmark to Bookmarks dialog box,
through which you can add a new bookmark to the bookmarks tree by specifying
the bookmark name and a URL. Click the button next to the URL field to verify
that the URL entered by you is correct and functional.
Edit Select the bookmark name you want to change, click Edit > Rename, then specify
a new name.
Click Edit > Sort to organize the bookmarks in ascending or descending order.
Click Edit > Move Up, Move Down, or Move To to relocate a bookmark.
Click Edit > Select All Children to select all the subdirectories and bookmarks of
the selected parent directory.
Click Edit > Deselect All Children > to deselect all the subdirectories and
bookmarks of the selected parent directory.
Click Edit > Clear Selection > to clear the selections.
Delete
Click Delete to delete the selected bookmarks and the bookmarks folder from the
bookmarks tree. However, you cannot delete the default bookmarks folder named
Bookmarks
.
7 Click Next to display the Summary page.
8 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment, system requirements, enforcement, status,
and which group the policy is a member of.
2.2 Dynamic Local User Policy
The Dynamic Local User policy lets you create new users and manage existing users on the
managed device after they have successfully authenticated to user source.
16 ZENworks 10 Configuration Management Policy Management Reference
NOTE: Ensure that the latest version of the Novell client is installed on the managed device before
the Dynamic Local User policy is enforced. To obtain the latest version of Novell Client, see the
Novell Download Web site (http://download.novell.com/index.jsp).
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Dynamic Loc al User Policy , click Next to display the Define Det ails page, then fi ll in the
fields:
Policy Name: Provide a name for the policy. The policy name must be different than the name
of any other item (group, folder, and so forth) that resides in the same folder. The name you
provide displays in ZENworks Control Center.
Folder: Type the name or browse to the ZENworks Control Center folder where you want the
policy to reside. The default is
/policies
, but you can create additional folders to organize
your policies.
Description: Provide a short description of the policy’s content. This description displays in
ZENworks Control Center.
4 Click Next to display the User Configurations page, then use the options on the page to
configure the user account.
The following table contains information about configuring dynamic local user accounts and
managing them on managed devices:
Field Details
Use User Source
Credentials
Use the Credentials
Specified Below
(Always volatile)
Enables logging in through the user's authoritative source credentials
instead of Windows 2000, Windows XP, or Windows Vista credentials.
Allows you to specify the following user credentials for a volatile user:
User Name: Specify the user’s name.
Full Name: Specify the user’s complete name.
Description: Provide any additional information that helps the
administrator to further identify this user account.
If a user logs in to a device that has the Dynamic Local User policy
applied and then logs out of the device when the device is disconnected
from the network, the user is unable to log in to the disconnected device
again. For information on this issue, see “Dynamic Local User Policy
Troubleshooting” on page 72.
Manage Existing User
Account (if any)
Volatile User Specifies the use of a volatile user account for login. The user account
Helps you to manage a user object that already exists.
If you select both the Volatile User and Manage Existing User Account (I f
Any) check boxes, and the user has a permanent local account that uses
the same username specified in the user source, the permanent account
is changed to a volatile (temporary) account and is removed when the
user logs out.
that NWGINA creates on the local workstation can be either a volatile or a
nonvolatile account.
Enable Volatile User
Cache
Enables the caching of the volatile user account on the device for a
specified period of time.
Creating Policies 17
Field Details
Cache Volatile User for
Time Period (Days)
Not a Member Of Displays the available group to which a user can be assigned as a
Member Of Displays groups a user is member of.
Custom Click Custom to display the Custom Group Properties dialog box, through
Edit Click Edit to view and edit the details of a custom group. You cannot edit
Delete Click Delete to delete a custom group. You cannot delete the default
Allows you to specify the number of days to cache the volatile user
account on the device. The default value is 5. You can specify a value
from 1 to 999 days.
This volatile user account is deleted after the expiry of the specified cache
period when another DLU user logs out from the device.
member.
which you can add a new custom group and configure its rights.
the default Windows groups with this option.
Windows groups with this option.
5 Click Next to display the Login Restrictions page, then use the options on the page to configure
user access.
The Dynamic Local User policy can be associated to either a user or device. If the policy is
associated to a user object, workstations can be included or exclu ded from th e list . In this ca se,
Included / Excluded Users list will be ignored.
If the policy is associated to a device object, users can be included or excluded from the list. In
this case, Included / Excluded Workstations list will be ignored.
The Excluded Workstations List displays the workstations and containers that you want to
exclude DLU access to. Workstations listed or workstations that are part of containers listed in
this box cannot use DLU access. You can make exceptions for individual workstations by
listing them in the Included Workstations List. This allows DLU access to those workstations
only , and excludes DLU access to the remaining workstations in the container.
Rules for Workstations are:
By default, all workstations are included.
For an indirect association, if an object is in both the lists, the clo seness of the association
is considered. A direct association is closer than a group association, which in turn is
closer than a folder.
If the closeness is the same, a workstation is directly added to Group A and Group B, and
the Included List takes precedence.
Excluded List Included List Result
Workstation-A Workstation-B The policy is applied on all
workstations except
Workstation-A.
18 ZENworks 10 Configuration Management Policy Management Reference
Excluded List Included List Result
Workstation Group-1 Workstation-A The policy is not applied on
any workstations in
Workstation Group-1, except
for Workstation -A.
The policy is applied on
workstations that are not
contained in Workstation
Group-1.
Container-1 Workstation Group-1 or
Workstation-A
The policy is not applied on
any workstations in Container1, except for Workstation
Group-1 or Workstation-A.
The policy is also applied on
workstations that are not
contained in the Container-1.
The Excluded Users List displays the users and containers that you want to exclude DLU
access to. Users listed or users that are part of containers listed in this box cannot use DLU
access. You can make exceptions for individual users by listing them in the Included Users list.
This allows DLU access to those users only , and excludes DLU access to the remaining users in
the container.
Rules for Users are:
By default, all users are included.
For an indirect association, if an object is in both the lists, the clo seness of the association
is considered. A direct association is closer than a group association, which in turn is
closer than a folder.
If the closeness is the same, a user is directly added to Group A and Group B, and the
Included List takes precedence.
Excluded List Included List Result
User-A User-B The policy is applied on all
users except User-A.
User Group-1 User-A The policy is not applied on
any users in User Group-1,
except for User -A.
The policy is also applied on
users that are not contained in
User Group-1.
Container-1 User Group-1 or User-A The policy is not applied on
any users in Container-1,
except for User Group-1 or
User-A.
The policy is also applied on
users that are not contained in
Container-1.
Creating Policies 19
6 Click Next to display the File Rights page.
The following table contains information about managing Dynamic Local User file system
access on the managed device:
Field Details
Add Allows you to select and assign appropriate file rights.
To add a file/folder:
1. Click Add, then specify a file or folder.
2. Select the file rights you want to assign to the specified file or folder.
3. If you want to restrict the inheritance of the rights to only the immediate child
file or folder, select Restrict inheritance to immediate child files/folders only.
4. Click OK.
Edit Copy: Allows you to copy and add a file rights setting to the list.
1. Select a file or folder, then click Edit.
2. Click Copy.
3. Specify a new name.
4. Click OK.
Rename: Allows you to edit only the filename.
1. Select a file or folder, then click Edit.
2. Click Rename.
3. Specify a new filename.
4. Click OK.
Move Up or
Move Down
Remove Allows you to remove a file or a folder from the list.
Allows you to reorder the files or folders.
1. Select the check box next to the file or folder you want to move.
2. Click Move Up or Move Down to relocate it.
1. Select the check box next to the file or folder.
2. Click Remove.
7 Click Next to display the Summary page.
8 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment, system requirements, enforcement, status,
and which group the policy is a member of.
2.3 Local File Rights Policy
The Local File Rights policy allows you to configure rights for files or folders that exist on the
NTFS file systems.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Local File Rights Policy, click Next to display the Define Details page, then fill in the
fields:
20 ZENworks 10 Configuration Management Policy Management Reference
Policy Name: Provide a name for the policy. The policy name must be different than the name
of any other item (group, folder, and so forth) that resides in the same folder. The name you
provide displays in ZENworks Control Center.
Folder: T ype the name or browse to and select th e ZENworks Control Center folder where you
want the policy to reside. The default is
/policies
, but you can create additional folders to
organize your policies.
Description: Provide a short description of the policy’s content. This description displays in
ZENworks Control Center.
4 Click Next to display the Configure Basic Properties page, then use the options on the page to
configure the attributes.
The following table contains information about configuring a file or folder and the attributes
associated with it:
Field Details
File / Folder Path Allows you to specify the complete path of a file or folder on the managed
device. Y ou can use the ZENworks system v ariables or environment variables to
specify the path.
To configure system variables in ZENworks Control Center, click the
Configuration tab > the Content setting in the Management Zone Settings panel
> System Variables. Click the Help button for details about configuring system
variables.
Attributes Allows you to specify the attributes of a file or folder, such as Read only and
Hidden.
This page allows you to configure permi ssions for o nly one fil e or fo lder. If you want to assign
permissions to multiple files or folders, then configure them in the Details page after creating
the policy.
5 Click Next to display the Configure Permissions page, then use the options on the page to
configure permissions for selected users or groups.
The following table contains information about configuring permissions:
Creating Policies 21
Field Details
Permission for
Users or Groups
Create Groups on
the Managed
Device if they Do
not Exist
Remove Access
Control Rules not
Configured by
ZENworks
Allows you to configure permissions for users or groups.
1. Click Add, then Click User or Group to select a user or a group from the
appropriate drop-down list.
2. Select the type of permission you want to configure as Simple NTFS
Permissions or All NTFS Permissions. Depending on the type of
permission you select, a list of permissions are displayed. Configure the
permissions as applicable to the selected user or group.
3. By default, when a permission is set on a folder, all the subfolders and the
files also inherit the permissions. If you want to restrict the inheritance of
the rights to only the immediate child file or folder, select Restrict
inheritance to immediate child files/folders only.
4. Click OK.
The permissions configured for the user or group in the Dynamic Local User
policy takes precedence over the permissions configured in the Loca l File
Rights policy.
Creates a group for which permissions are configured; however the group
does not exist on the managed device. With this option, you can create only
local groups.
Removes all access control entries for users or groups not configured by the
ZENworks Local File Rights policy. Also, updates the existing access control
entries for users and groups configured in the policy. After the policy is applied,
any manual changes made to the permissions for a user or group configured
by the policy are lost when the policy is re-applied.
Inherit Applicable
Access Rights
Configured on
Parent Folders
Select Yes if you want a file or folder to inherit applicable access control rules
from its parent object. If you select No, inherited rules are removed. If you do
not want to make any changes, select not configured on the managed
device.At least one attribute, permission, or inheritance setting must be
configured to create a policy. Without configuring any settings, you cannot
create a policy.
NOTE: If the Full Control acce ss right is denied for the Administrators or Authen ticated Users
group, the policy is successful only during the first enforcement. However, if the Full Control
access right is denied for the Administrators or Authenticated Users group and the Remove
access control rules not configured by ZENworks option is selected, the policy fails.
The unenforcement of the Local File Rights policy from a device fails if the Ful l Control access
right is denied for the Administrators or Authenticated Users group in the policy.
6 Click Next to display the Summary page.
7 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment, system requirements, enforcement, status,
and which group the policy is a member of.
22 ZENworks 10 Configuration Management Policy Management Reference
2.4 Printer Policy
The Printer policy allows you to configure Local, SMB, HTTP, and iPrint printers on a Windows
device.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Printer Policy, click Next to display the Define Details page, then fill in the fields:
Policy Name: Provide a name for the policy. The policy name must be different than the name
of any other item (group, folder, and so forth) that resides in the same folder. The name you
provide displays in ZENworks Control Center.
Folder: T ype the name or browse to and select th e ZENworks Control Center folder where you
want the policy to reside. The default is
organize your policies.
Description: Provide a short description of the policy’s content. This description displays in
ZENworks Control Center.
4 Click Next to display the Printer Identification page, then select the type of printer to be
installed on the managed device.
5 Click Next, then skip to the appropriate step, depending on which printer type you chose in
Step 4:
Local Printer: Continue with Step 6.
Network Printer: Skip to Step 7.
/policies
, but you can create additional folders to
iPrint Printer: Skip to Step 8.
NOTE: Create and assign separate policies for different platforms for a printer.
6 (Conditional) If you are configuring a local printer, refer to the following table for more
information:
Field Details
Name Specify the name of the local printer that you want to configure on the target
device.
Port Select the physical port to which the printer is added, such as LPT1 or
COM1.
Driver Browse to and select a suitable driver for the printer . If the driver is not
contained in the browser list, type in the correct model name. The driver
must either be installed on the target device or specified in the enforced
policies. The driver must be digitally signed by Microsoft. However, if you
choose to use a driver that is not digitally signed, see the Troubleshooting
Scenario
Creating Policies 23
Field Details
Install a Driver Select this option to install a driver on the target device. The driver
installation must be non-interactive and silent. The supported driver
.inf
installation type is
or
.tar
formats. The
available on the target device. Ensure that the
installation of the driver.
NOTE: To add a new printer driver to the existing driver list:
Edit the
and the
.inf
.inf
driver files can be bundled in
file can be specified directly if it is already
.inf
file supports the
.zip
zenworks_installdir\novell\zenworks\share\tomcat\webapp
s\zenworks\WEB-INF\conf\printerDriverDetails.conf file
to add the following line:
Printer_ Manufacturername = Printer_ Model
For example, if you want to add an HP Color LaserJet 4550 PCL printer,
then add the following line:
HP = HP Color LaserJet 4550 PCL
Model Name Browse to select the model name of the driver.
Driver File Path Specify the driver files either from a particular device where the browser is
running or from a path on the managed device, such as
C:\temp\nipp.zip
.
NOTE: While configuring the policy, if you are using a
the Driver file, make sure the file you access must be on an anonymous
share.
Supported Platforms Specify a platform for the driver. The platform information helps to select a
suitable driver from the available drivers list, which is based on the
installation platform.
Language of
Installation
Install Forcefully
Even if the Driver is
Already Installed
Select the installation language. Your choices are English (United States),
French, German, Portuguese, Spanish, Italian, Chinese (Traditional),
Chinese (Simplified), or Japanese.
Select this option to force installation of the driver, even though it is already
installed on the target device.
UNC
path to access
7 (Conditional) If you are configuring a Network printer, refer to the following table for more
information:
24 ZENworks 10 Configuration Management Policy Management Reference
Field Details
Name / Location Specify the UNC path or URL name of the HTTP or an SMB printer.
For example, it is
and
http://server/printers/.myprinter/.printer
printer.
NOTE: Support for network printer that prompts for user credentials is not
provided.
Driver Browse to add and select a suitable driver for the Windows HTTP printer.
You can ignore this for SMB printers.
The driver must be digitally signed by Microsoft. However, if you choose to
use a driver that is not digitally signed, see the Troubleshooting Scenario
Install a Driver Use this option to install a driver on the target device. The driver installation
is non-interactive and silent. The supported driver installation types is
and the
file can be specified directly if it is already available on the target device.
Ensure that the
NOTE: To add a new printer driver to the existing driver list:
Edit the
.inf
\\server-name\printer-name
driver files can be bundled in
.inf
file supports the installation of the driver.
.zip
for an SMB printer,
for a HTTP
or
.tar
formats. The
.inf
.inf
zenworks_installdir\novell\zenworks\share\tomcat\webapps
\zenworks\WEB-INF\conf\printerDriverDetails.conf file
add the following line:
to
Printer_ Manufacturername = Printer_ Model
For example, if you want to add an HP Color LaserJet 4550 PCL printer , then
add the following line:
HP = HP Color LaserJet 4550 PCL
Model Name Browse to select the model name of the driver.
Driver File Path Specify the driver files either from a particular device where the browser is
running or from a path in the managed device, such as
NOTE: While configuring the policy, if you are using a
Driver file, make sure the file you access must be on an anonymous share.
Supported Platforms Specify a platform for the driver. The platform information helps to select a
suitable driver from the available drivers list, which is based on the
installation platform.
Language of
Installation
Install Forcefully
Even if the Driver is
Already Installed
Select the installation language. Your choices are English (United States),
French, German, Portugese, Spanish, Italian, Chinese (T raditional), Chinese
(Simplified), or Japanese.
Select this option to force the installation of the driver on the device every
time the policy is applied on the device, even if the driver is already installed
on the device.
c:\temp\nip.zip
UNC
path to access the
.
Creating Policies 25
8 (Conditional) If you are configuring an iPrint printer, refer to the following table for more
information:
On Windows Vista devices, you need to install the Novell iPrint client 5.04 or later.
Field Details
Name / Location Specify the URI name of the iPrint printer. For example,
acme.com/ipp/servername
Update iPrint Printer
while Installing the
Driver
Install iPrint Client Select this option to install the iPrint client on a target machine. The iPrint
iPrint Client Installer
File Path
Select this option to update the printer driver and to reinstall the printer
driver from the iPrint server while installing the iPrint printer.
client is not supported on 64-bit versions of Windows Server 2003.
The installation file can be either
which are capable of carrying out non-interactive silent installation.These
files can be uploaded from the machine where the browser is running.
T o inst all the iPrint client, you cannot use a
a silent installation. For example, you cannot use a
install iPrint client.
Allows to specify the path to the iPrint Client Installer (which installs the
iPrint client on the managed device).
.
nipp.zip
or
nipp-s.exe
.exe
ipp://
, both of
file that does not support
nipp.exe
file to
On the Managed Device: Select this option to specify the path to
the iPrint client installer on the managed device.
Select from this Device: Select this option to add the iPrint client
installer as content with the policy. You can also distribute the iPrint
client installer along with the policy.
Install Forcefully Even
if the Driver is Already
Installed
Select this option to force installation of the driver, even though it is
already installed on the target device.
Configure iPrint Client Select th is option to configure the iPrint proxy server.
If the workstations are located outside the physical firewall, you can use
this option to specify the proxy address followed by a (:) and the port
number.
Proxy Server Specify the iPrint proxy server name. For example,
proxy.companyx.com:8080
9 Click Next to display the Printing Preferences page, then use the options to specify the
preferences. Refer to the following table for more information:
Field Details
Orientation Select this option to specify the paper layout for the printer, such as
landscape or portrait.
Duplex Printing Specify whether or not to print on both sides of the paper, if the printer has
that capability .
Collate Specify whether or not the printer should organize multiple copies of a
document, if the printer has that capability.
26 ZENworks 10 Configuration Management Policy Management Reference
http://
Field Details
Print Quality Select the print quality. Select High quality , for the best po ssible resolution, or
select Low quality for lower resolution and lower quality.
Paper Source Specify the paper source for the printer. A source that is not listed in the
standard available list can also be specified, but it must be supported by the
printer. Information on supported paper sources is available in the printer
documentation or in the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Print\Printers\printername\DsDriver\printBinNames
Paper Size Specify the paper size for the printer. You can specify any paper size
supported by the printer, in addition to the options listed in the menu.
Information on supported sizes is available in the printer documentation or in
the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Print\Printers\printername\DsDriver\printMediaSupported
a printer is locally installed.
on a Windows machine.
on a Windows machine, where
10 Click Next to display the Additional Printer Policy settings, then use the options to specify the
settings. Refer to the following table for more information:
Field Details
Set as Default
Printer
Remove all
Printers not
Specified by
ZENworks Printer
Policies
Select this option to specify a printer as the default printer to which the print
requests are sent if no other printer is specified by the user.
On a Windows 7 managed device, the assigned printer might be set as a
default printer on the device even if the Set as Default Printer option is not
selected in the policy.
Select this option to remove all printers that are not specified through the
ZENworks Printer policy.
11 Click Next to display the Summary page.
This wizard allows you to configure only one printer. If you want to configure additional
printers, then configure them in the Details page after creating the policy.
12 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment, system requirements, enforcement, status,
and which group the policy is a member of.
Only the preferences that are supported by the printer are configured on that printer.
2.5 Remote Management Policy
The Remote Management policy lets you configure the behavior or execution of a Remote
Management session on the managed device. The policy includes properties such as Remote
Management operations and security.
Creating Policies 27
By default, a secure Remote Management policy is created on the managed device when the
ZENworks Adaptive Agent is deployed with the Remote Management component on the device.
You can use the default policy to remotely manage a device. To override the default policy, you can
explicitly create a Remote Management policy for the device.
For information on creating the Remote Management policy, see “Creating the Remote Management
Policy” in the ZENworks 10 Configuration Management Remote Management Reference.
2.6 Roaming Profile Policy
The Roaming Profile policy allows you to create a user profile that is stored in a network path. An
administrator can either use the roaming profile stored in the user’s home directory or the profile
stored in the network directory location.
IMPORTANT: Because of the security settings in Microsoft Vista, administrators must manually
add the appropriate security rights to the user registry hive to enable roaming profiles. For mo re
information, see Section 3.7, “Assigning a Roaming Profile Policy that has the User Profile Stored
on a Windows, Linux or NetWare Share,” on page 47.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Roaming Profile Policy as the Policy Type, then click Next.
NOTE: If you log into Windows Vista or Windows 7 by using a domain account, Roaming
Profile policy is not supported.
4 In the Define Details page fill in the following fields:
Policy Name: Provide a name for the policy. The policy name must be different than the name
of any other item (group, folder, and so forth) that resides in the same folder. The name you
provide displays in ZENworks Control Center.
Folder: T ype the name or browse to and select th e ZENworks Control Center folder where you
want the policy to reside. The default is
/policies
, but you can create additional folders to
organize your policies.
Description: Provide a short description of the policy’s content. This description displays in
ZENworks Control Center.
5 Click Next to display the Roaming Profile Policy page, then use the options to specify the
settings. Refer to the following table for more information:
Field Details
Store User Profile
in User’s Home
Directory
User Profile Path Select a UNC path to a user’s roaming profile. If you want to administer the
Select this option to load and save a user’s profile from the user ’s home
directory as specified in eDirectory.
This option is applicable only if the user object is in eDirectory. However, it is
currently not supported in Domain Services for Windows environment.
policy on more than one user object, use
variable. In this case, the environment variable is resolved with the logged-on
username and the user profile is loaded from the specified path.
%USERNAME%
as the environment
28 ZENworks 10 Configuration Management Policy Management Reference
Field Details
Override Terminal
Server Profile
If a user is accessing a terminal server that has its own profile, enable this
option to override the terminal server’s profile.
6 Click Next to display the Summary page.
7 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment, system requirements, enforcement, status,
and which group the policy is a member of.
2.7 SNMP Policy
The SNMP policy allows you to configure SNMP parameters on the managed devices.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select SNMP Policy, click Next to display the Define Details page, then fill in the fields:
Policy Name: Provide a name for the policy. The policy name must be different than the name
of any other item (group, folder, and so forth) that resides in the same folder. The name you
provide displays in ZENworks Control Center.
Folder: Type the name or browse to the ZENworks Control Center folder where you want the
policy to reside. The default is
your policies.
Description: Provide a short description of the policy’s content. This description displays in
ZENworks Control Center.
4 Click Next to display the SNMP Community Strings page. Refer to the following table for more
information:
/policies
, but you can create additional folders to organize
Field Details
Add a Community String Allows you to add a community string.
Community String Specify the name of the SNMP community string to be added.
Community Rights Allows you to administer rights for a selected community, such as
Read Only, Read & Write, Read & Create, and Notify.
Remove All SNMP
Community Strings not
specified by ZENworks
SNMP Policies
Send SNMP Authentication
Trap
Select this option to remove all the community strings that are not
specified through ZENworks SNMP policy.
Select this option if you want to send authentication trap information.
This page allows you to add only one community string to the policy. If you want to add
multiple community strings, then configure them in the Details page after creating the policy.
5 Click Next to display the SNMP Default Access Control List page, then use the options to
specify the settings. Refer to the following table for more information:
Creating Policies 29
Field Details
Allow SNMP Communication Select this option to specify whether SNMP communication is
allowed from any host or a list of predefined hosts.
Remove All SNMP Allowed
Hosts not Specified by
ZENworks SNMP Policies
Select this option to remove all the SNMP allowed hosts that are not
specified through the ZENworks SNMP policy.
6 Click Next to display the SNMP Trap Targets page, then use the options to speci fy the se tting s.
Refer to the following table for more information:
Field Details
Add a Trap Target Allows you to add a trap target for the SNMP service.
IP Address / Host Name Specify an IP address or host name of the target device.
Community String Specify a community string for the trap target defined in IP address/
Host name.
Remove All SNMP Trap
Targets Not Specified by
ZENworks SNMP Policies
Select this option to remove all the trap targets that are not
specified through the ZENworks SNMP policy.
This page allows you to add only one trap target to the policy. If you want to add multiple trap
targets, then configure them in the Det ails page after creating the policy.
7 Click Next to display the Default System Requirements for SNMP Policy page, then use the
options to specify the settings. Refer to the following table for more information:
Field Details
Apply Policy Only if SNMP
Service Exists On the Target
Device
Select this option apply the SNMP policy only if the SNMP service
exists on the target device. If the target device does not contain
the SNMP service, the SNMP policy cannot be fully applied or
effective on the target device.
8 Click Next to display the Summary page.
9 Click Finish to create the policy now, or select Define Additional Properties to specify
additional information, such as policy assignment, system requirements, enforcement, status,
and which group the policy is a member of.
2.8 Windows Group Policy
The Windows Group Policy allows you to configure a Group Policy for Windows devices.
1 In ZENworks Control Center, click the Policies tab.
2 In the Policies list, click New, then click Policy to display the Select Policy Type page.
3 Select Windows Group Policy, click Next to display the Define Details page, then fill in th e
fields:
30 ZENworks 10 Configuration Management Policy Management Reference
Loading...