Controlling rogue processes is one of the many cool features of ZENworks. But to implement it you have to set keys in the registry on each of the users machines. Per the documentation, you can do this manually or with an application object that's pushed via the Application Launcher. I thought it would be easier to be able to push these settings to the workstation using a Windows Group Policy setup in the ZENworks User Package. Using the ZfDRogue.adm administrative template file allows you to setup such a policy that some of you may find to be an easier way of administering rogue processes.
The screen shots are of the policy in action:
Click to view.
Enable to terminate all rogue processes, Disable to ignore.
Click to view.
Add processes to the exception list.
Click to view.
These are things to know before you use this administrative template. Please read in its entirety.
- This has only been tested with ZfD 7 on Windows XPSP1, so please try it out first in a development setting before pushing it out in a production network.
- The ZENworks documentation says that the processes listed under the Exception List key in the registry are to be created as DWORDS. Due to the limitations on creating administrative templates, these items are created as STRINGS. Even though the types are different, the Application Launcher still controlled the rogue processes as expected in my tests.
- If you have the Application Launcher running when configuring the new policy in ConsoleOne, and you Enable the "Configure Rouge Process Management", ConsoleOne will be shutdown by the Application Launcher because it will be viewed as a rogue process.
To avoid this problem, either shutdown the Application Launcher prior to creating the policy, or run ConsoleOne from an application object. The same problem arises if you Disable this setting and were to add ConsoleOne to the exception list.
- If you've already implemented rogue process management, the existing DWORDS will not be read by the policy. Instead, they will be removed and the new entries that you add will be created as STRING values. So if you have a lot of DWORD entries already created, you should export that key before testing. And then re-enter those values via the policy.
Description of settings:
When you load the ZfDRogue.adm, you may not see its contents. If this happens, click the View|Filtering menu and uncheck the "Only show policy settings that can be fully managed."
Configure Rogue Process Management:
When enabled, Application Launcher terminates all rogue processes. Disable to have Application Launcher ignore all rogue processes.
Configure Exception List:
The 'Configure Rogue Process Management' setting determines what happens to the processes you add to the exceptions list. If 'Configure Rogue Process Management' is disabled (ignore processes), then any processes you add to the exceptions list are terminated rather than ignored. If 'Configure Rogue Process Management' is enabled (terminate processes), then any processes you add to the exceptions list are ignored rather than terminated.
Enter the name of the process in the 'Enter the name of the item to be added' field and leave the remaining field blank.
When 'Report Ignored Processes' is enabled, Application Launcher reports on all ignored processes. Uncheck to disable reporting of ignored processes.
When 'Database Reporting is enabled, Application Launcher writes to the database determined by the Service Location Policy package associated with the user.
When 'SNMP Reporting' is enabled, Application Launcher sends to the SNMP trap targets determined by the Service Location Policy package associated with the user.
When 'XML Reporting' is enabled, Application Launcher sends to the XML targets determined by the Service Location Policy package associated with the user.
Specify the full path and filename, in the 'File Reporting' field, to enable logging to a file. This can be a mapped drive or a UNC path to a local or network drive. For example, \\server1\vol1\process\rogue.txt. If you do not enter a value, log file reporting is disabled.