ZENworks and the Art of NDS
Novell Cool Solutions: Tip
By Jayne Mooney
Digg This -
Posted: 4 May 1999
Welcome to the wonderful world of Z.E.N.works! Z.E.N.works is an integrated set of products for distributing and managing applications, configuring and managing workstations and Windows desktops, and remotely repairing workstation software while reducing the total cost of ownership for networked computers through the power of NDS.
Z.E.N.works is a NetWare Administrator snap-in utility with features that support both IPX and IP protocols. The following information assumes you know NDS, NetWare Administrator, and how snap-in utilities enhance NetWare Administrator. If you need to brush up, see your NetWare documentation.
Whether you want to experiment with Z.E.N.works (at no additional cost), or you realize the power of Z.E.N.works and want to use every feature available (at a nominal cost), Z.E.N.works offers a package that will fit your needs.
In conjunction with NDS and NetWare Administrator, Z.E.N.works uses NDS objects (such as Application, Workstation, and Policy Package objects) to provide features that help you manage workstations and applications. With the Starter Pack, you can:
--Distribute and maintain applications on the workstation
--Launch applications on the workstation automatically for users
--Import Workstation object information into NDS
--Distribute and update print drivers dynamically
--Centralize the location and administration of user profiles
--View and update client configurations without visiting the workstation
--Update workstation software automatically from your office
--Create Scheduled Actions for users (available if using Desktop Management features, this automatically runs programs you specify for Windows 95 and Windows NT clients)
Full Z.E.N.works Product
With the full Z.E.N.works product (available from your reseller), you can do everything in the Starter Pack list, and in addition:
--Solve user software problems without visiting the workstation or NT server (using NDS-authenticated remote control)
--Provide end-users with a help request system (The Help Requester is an end-user program that helps users provide pertinent information about themselves and their workstations to your Help Desk using e-mail or phone. This can mean faster problem resolution!)
--Control the end-user help request system and the remote control feature for workstations. You can set these once for a container or group or set them individually for users with special needs.
--Place hardware inventory into NDS automatically for tracking and troubleshooting
NDS Objects Unique to
Z.E.N.works is powerful because it uses both new NDS objects (Workstation, Workstation Group, and Policy Package objects) and existing NDS objects (User, Group, Organizations, Organizational Units, and Application objects).
Workstation objects are created when you register and import workstations in your NDS tree. They represent physical workstations and serve many functions. With the full product, for example, you can collect workstation inventory and use remote control.
You can use NetWare Administrator 32 to create Policy Packages and associate them at the User, Group, Workstation, Workstation Group, or container level. Within Policy Packages are Policies that you can enable and apply to one or more objects. For example, a Windows 95 User Policy Package contains Policies that allow you to configure the desktop and set up login restrictions. Once you enable one or more Policies in a User Policy Package, all Users?and Users within Groups or containers?associated with the Policy Package will be affected by the enabled Policies in the package.
1. Users must have the Write right to the WM:Registered Workstation attribute on the parent container (the container where the Workstation object will be created). The wsrights.exe program does this automatically for all existing containers during the Z.E.N.works installation. You can set these rights manually by using the Prepare Workstation Registration utility in the Tools menu or by running wsrights.exe explicitly from sys:\public.
Note: If you add a container after installing Z.E.N.works, you must use one of the methods described in step 1 to set up rights manually to the WM:Registered Workstation attribute in the container.
2. A workstation registers with NDS. The registration program creates a Workstation entry in the Workstation Registration page of the container where the logged-in user's User object resides.
3. The registered workstation is imported into a container object. The import process adds a Distinguished Name (DN) to the Workstation entry and then adds a Workstation object to the tree, naming it automatically according to the name format specified in the Workstation Import Policy in the User Policy Package associated with the user logging in.
4. Once a Workstation entry is imported, the Workstation Registration program must run again to find the Workstation object's DN, store the DN locally on the workstation, and then update the Workstation object.
Now the workstation is synchronized with its NDS object, and each time the Workstation Registration program runs on this workstation, it will update the Workstation object with the following information: registration time, network address, last server, and last user.
Using Workstation Group Objects
A Workstation Group object lets you manage or maintain a group of workstations. By creating Workstation Group objects according to various group needs, you reduce the time it takes to maintain software versions and workstation configurations.
For instance, if a group of Windows NT workstations contain the same word processing software, they might all need to be upgraded at the same time to the newest version of the software. You can create a Workstation Group object called Windows NT and add the workstations to the group. Then, when you need to make a change, apply the change to the Workstation Group object instead of the individual Workstation objects.
To associate a Workstation with a Workstation Group, either add a Workstation to the Members page of the Workstation Group object, or add a Workstation Group to the Workstation Groups page of the Workstation object.
When the Workstation Registration program is run, the workstation sends its registration time, network address, last server, and last user information to NDS and places a Workstation entry in the Workstation Registration page of the container. Easy!
The registered workstation must then be imported before an object will be created in the tree. Once the workstation is imported, the Workstation Registration program must run again to:
1. Find the Workstation object's Distinguished Name (DN)
2. Store the DN locally on the workstation
3. Update the Workstation object and synchronize the workstation with NDS
Once the workstation is synchronized with NDS, each time the Workstation Registration program runs on this workstation it will update the Workstation object.
Each Policy contains one or more pages where you can specify settings or configurations related to User, Workstation, Group, or container objects, depending on the type of Policy. The following figure is a sample page from a Workstation Import Policy. This page (Workstation Naming) is used to specify how workstations are named when they are registered and imported into NDS.
A Policy Package contains Policies that have been grouped according to the types of objects with which the Policies can be associated. This simplifies administration?another plus. You can use Policy Packages and NetWare Administrator to maintain Workstation objects and other NDS objects associated with workstations.
The three basic types of Policy Packages are Container, User, and Workstation. However, the User and Workstation Packages are platformspecific (Windows 3.1, Windows 95, or Windows NT). Consequently, you really have three Policy Packages to choose from for Users, three for Workstation, and one for Container--seven in all.
Policies must be enabled from within a Policy Package before they become effective. The following figure is a sample Policies page from a Windows 95 User Package. The checked boxes on the left of the screen indicate which Policies have been enabled.
Note: Policies are added to a Policy Package when their .dlls are added to the Z.E.N.works product. Policy Packages vary by platform and by Z.E.N.works product. For example, the sample Policies page in the preceding figure is from a Windows 95 User Package in the full Z.E.N.works 1.0 product. Since the Remote Control Policy .dll does not ship in the Z.E.N.works 1.0 Starter Pack, the Policies page in the Z.E.N.works 1.0 Starter Pack won't list the Remote Control Policy.
When you want the settings in a Policy Package to apply to an object, you must associate the Policy Package with the object. One way to do this is to choose the Associations page of the Policy Package and add the object to the Associations list.
Much like Effective Rights in NDS, Z.E.N.works has Effective Policies. The Effective Policies for any object is the sum of all of the enabled Policies in all Policy Packages associated directly or indirectly with that object.
The system looks up the tree for effective Policies (assuming you use the default search order, which starts at the leaf objects and goes up towards the root of the tree), just as the system looks up the tree for effective rights. The first enabled Policy it finds sets the rule.
For example, if the Desktop Preferences Policy is not enabled in a User Policy Package associated with the User object, but the Desktop Preferences Policy is enabled in the User Policy Package associated with the container where the User objects reside, the enabled Desktop Preferences Policy is the effective Policy for the user.
Most of the Z.E.N.works files are installed to sys:\public on the server, except some of the client files which are installed in the platform-specific client directories. Some of the important changes that occur during the Z.E.N.works installation are described here:
Z.E.N.works makes significant changes to the Directory's schema. New attributes and classes are required for managing workstations using Z.E.N.works.
Several Application objects are added to the tree.
Note: Some of the schema changes and application objects described in this section are for features not included in the Z.E.N.works Starter Pack.
Z.E.N.works makes the following significant schema changes, which you need to be aware of:
WM:Registered Workstation: This attribute is added to the Organization (O) and Organizational Unit (OU) classes. Users are granted the Write right to this attribute automatically during the Z.E.N.works installation, or you can grant the Write right manually using the Prepare Workstation Registration instructions.
Note: In order to register their workstations with NDS, users must have the Write right to this attribute in the container where the Workstation objects are to be created. A user with Supervisor or the All Attribute Write right to the container will also have the Write right implicitly to the WM:Registered Workstation attribute.
DM:Remote Control: A user must have the Write right to this new workstation attribute in order to control the workstation remotely. A user with Supervisor or the All Properties Write right (set in Trustees of this Object) to the Workstation object will also have the Write right implicitly to the DM:Remote Control attribute.
WM:Network Address: A user must have the Read right to this attribute in order to control the workstation remotely. A user with Supervisor or the All Properties Read right (set in Trustees of This Object) to the Workstation object will also have the Read right implicitly to the WM:Network Address attribute.
Workstation Group: For a collection of Workstation objects
Policy Packages: Acts as a container for the following seven policy packages. Each policy package contains a collection of policies related to workstation management which have been grouped into packages according to the types of objects with which they can be associated.
Windows 3.1 User Package
Windows 95 User Package
Windows NT User Package
Windows 3.1 Workstation Package
Windows 95 Workstation Package
Windows NT Workstation Package
New Classes that Can Be
Hidden Objects in the Tree
These new classes are for Policy objects that are created automatically when a Policy Package is created. (Each Policy Package contains one or more Policies.) When you use the NetWare Administrator that ships with Z.E.N.works (nwadmn32.exe), these objects are not displayed in the tree and are more easily managed collectively by managing the Policy Package containing them.
Note: More information is available in Policy Overviews in the Z.E.N.works help file (dmpolicy.hlp).
3.x Computer System Policy
95 Computer System Policy
95 Desktop Preferences
95 User System Policy
95 Computer Printer Policy
Dynamic Local User Policy
Help Desk Policy
Novell Client Configuration Policy
NT Computer Printer Policy
NT Computer System Policy
NT Desktop Preferences
NT RAS Configuration Policy
NT User System Policy
NT User Printer Policy
Remote Control Policy
Restrict Login Policy
Workstation Import Policy
HelpReq16: An Application object used for launching the Help Requester program on a 16-bit workstation
HelpReq32: An Application object used for launching the Help Requester program on a 32-bit workstation
NWADMIN32: An Application object used for launching the NetWare Administrator on a workstation
QuickStart16: An Application object used for launching Quick Start on a 16-bit workstation
QuickStart32: An Application object used for launching Quick Start on a 32-bit workstation
Remote16: An Application object used for launching the Remote Control Agent on a 16-bit workstation
RemoteNT: An Application object used for launching the Remote Control Agent on an NT workstation
SnapShot: An Application object used for launching snAppShot
WREG16: An Application object used for launching the Workstation Registration program on a 16-bit workstation
WREG32: An Application object used for launching the Workstation Registration program on a 32-bit workstation
NetWare 5 contains the Z.E.N.works Starter Pack. To use all of the Z.E.N.works features you must purchase the full Z.E.N.works product (available from your reseller) and meet the following requirements:
NetWare 4.11 or higher running on the server
40 MB of available memory and 175 MB available disk space on the NetWare server
The Supervisor right to the NetWare server where you install Z.E.N.works
The Supervisor right to the NDS container where you install Z.E.N.works
Rights to modify the schema of the NDS tree in which you are installing Z.E.N.works
Z.E.N.works client software on each workstation participating in Z.E.N.works
To use Z.E.N.works as designed, you should purchase the full Z.E.N.works product. We also recommend strongly that you use the 32-bit NetWare Administrator (nwadmn32.exe), because the 32-bit version:
--Provides a more graceful way of managing the new Policy objects that are added to the tree when you create Policy Packages
--Prevents you from having to update the registry for the snap-in .dlls
1. From a Windows 95 or NT workstation, log in to the NDS tree as Admin (or as a user with the Supervisor right).
2. Insert the Z.E.N.works CD.
3. When the autostart installation screen displays, follow the prompts and install Z.E.N.works.
4. When prompted, upgrade your clients with new Novell Client software. Access online help if you need assistance.
5. Set up Z.E.N.works administrative workstations by creating an icon on each workstation that points to NetWare Administrator 32 in sys\public\win32 on the NetWare server.
When Z.E.N.works is installed, the NWAdmin32 Application object is created. You can distribute the Application object automatically using Application Launcher (formerly NAL). Upon delivery, all necessary Registry changes are made automatically.
If you are using NetWare Administrator 32, you can take advantage of all the features of Z.E.N.works. However, you can use an older version of NetWare Administrator by modifying the workstation's Registry.
To modify a workstation's Registry, run zenfull.reg, located in the same directory (on the NetWare server) as the older version of NetWare Administrator.
1. Create a User Policy Package and enable the Workstation Import Policy
2. Register workstations in your tree
3. Import the registered workstations
4. Reregister workstations to allow NDS to discover them
For detailed instructions, see the help documentation (dmpolicy.hlp, which can be read from the Client CD or the Z.E.N.works CD) and complete the steps outlined in Set Up Z.E.N.works and Set Up Workstations for Z.E.N.works. To complete one sample setup, complete the steps outlined in Z.E.N.works Quick Start (also found in dmpolicy.hlp).
To view comprehensive overview and procedural information once NetWare Administrator 32 and Z.E.N.works are installed, choose Z.E.N.works from the NetWare Administrator 32 Help Contents menu:
1. Launch nwadmn32.exe.
2. Choose Help > Help Topics > Z.E.N.works.
To view the Help file from the CD without installing Z.E.N.works, browse the CD to the products\zenworks\public\nls\<language> directory and double-click dmpolicy.hlp.
For guidelines on designing NDS for Z.E.N.works, see NDS Design for Z.E.N.works .
To view Novell Client documentation directly from the CD, double-click viewdoc.exe under \novdocs.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com