Novell is now a part of Micro Focus

Associating apps with specific workstations using ZEN 1.1

Novell Cool Solutions: Trench
By Daniel Stricharz

Digg This - Slashdot This

Posted: 25 Jun 1999

Frequent-contributor Daniel Stricharz, our very creative ZEN guru from the Faculty of Law, University of Wuerzburg, Germany, sent this excellent solution that shows you how to use pre-launch scripts to associate applications to workstations. Even though this functionality is available in the ZEN 2 release, Daniel's tool will let you do it using ZEN 1.1, so you can have this convenience before you are able to upgrade. This guy is certifiably cool. Take a look at this...

Here I have two simple but hopefully effective solutions for associating applications delivered via the Application Launcher to workstations. Although ZENworks 2 adds sophisticated features for maintaining this task, there might be some people out there needing this function right now, until they can upgrade to ZEN 2.

The first solution is built upon the following methods and commands:

  • Usage of scripts in the ZENworks Application Launcher (formerly known as NAL)
  • The variable "P_STATION" used to read the workstation node number
  • The conditional statement "IF ... THEN ... [ELSE ... END]"
  • The login script command "TERM"

The second solution, an alternative but similar approach to the same problem, uses the ZENworks toolkit utility NALRUNW.

First Solution

The concept of this approach is quite simple: a custom script will be used to restrict an application to one or several specific workstations. The script will be part of the Application Object itself. Whenever the Application is called, the script will check to see if the contained rule was matched, and allow or deny the execution of the application.

After you've created the Application Object, the best place to start is with its Script page. In the Script page actions can be specified to be run before and after launching the application. This solution will make use of the Pre-launch Script. Before adding the script, you will need to know the network address of the workstation(s) you want to permit the usage of the app.

As a first example, "012345678901" will be used as the station address permitted to use the app. Now all you have to do is to add a line like this into the "Run before launching" text box:

IF P_STATION <> "012345678901" THEN TERM "1"

Once you've saved the changes to the Application Object, if a user tries to start the application and the workstation's NIC contains the wrong(!) address, one of these messages will pop up:

"Could not launch [the app]. Application was not launched due to a terminate command in the pre-launch script."

or simply

"Application was not launched due to a terminate command in the pre-launch script."

In this first solution you aren't able to customize the message. [See also TID 2937040 for more on the TERM command.] The pre-launch script won't terminate the distribution of the application, but it also won't allow the application to launch. Thus, there won't be any files, registry or INI-files updates copied to the workstation.

Important Notes:

  1. The sample script above will work if only one single workstation is permitted to access the application. If you want to permit several workstations to access it, you will need to change the script logic slightly as follows:

    IF P_STATION = "012345678901" THEN EXIT
    IF P_STATION = "012345678902" THEN EXIT
    IF P_STATION = "012345678903" THEN EXIT
    TERM "1"

    Beginning with the first line, the script will check for correspondence between the machine address from which you try to start the app, and the given address in the first line. If both addresses match, the script will exit and the application will start. Otherwise the script will proceed to the next line and perform the check against the next given address. If no address matches, the script will go on until it reaches the last line, which will cause the application distribution to terminate.

  2. Please note that you should use "END" at the end of your "IF ... THEN" statement, when using more than one line:

    IF P_STATION = "012345678901" THEN
    IF P_STATION = "012345678901" THEN
    TERM "1"

  3. When creating the script, make sure the TERM statement reads as follows:

    TERM "1"

    and not

    TERM = "1"

Now bear in mind, this solution won't prevent your users from seeing the application in the Application Launcher or Explorer. If, however, they try to open an application to which that machine is not permitted access, they will see the TERM popup message.

If you fear that this rather cryptic TERM popup message is going to cause more confusion (and calls for help) from your users, you may want to try the second solution, which lets you create a more useful error message for your users.

Second Solution:

(If you think the TERM command message will confuse your users)

When we discussed this approach in the Support Connection Discussion Groups, the question was raised, whether we could circumvent the non-intuitive message that the TERM command was giving us when the machine was not allowed to use the application. With the ZENworks Toolkit in mind, an alternative solution was easy to find.

The second solution is based upon the first solution, but makes use of the utility NALRUNW found in the ZENworks Application Management Toolkit (NALRUNW lets you start Application Objects via command line parameters.) You may also wish to use another tool I created called SAYIT. SAYIT will let you create simple message boxes with customized text.

Here's what you do.

  1. Copy the NALRUNW (and SAYIT, if you're using it) utility onto your server and make sure your users have read and filescan rights to these files.
  2. Create an Application Object. I will call this object the pre-launch object in this solution.
  3. Instead of specifying an AOT/AXT-file or an executable, you need to set the object to "Install only".
  4. Choose a proper application icon title and icon for the object. Since this object will be the one presented to your users, you should use a similar or the same title and icon as used for the application that you want to restrict to certain workstations.
  5. You may want to change the application icon title of the target object (the application you want to run on certain workstations).
  6. You should also change the settings of the target object so that its icon won't be displayed in NAL. For each workstation you want to permit to the target object, enter a line as follows in the scripts property page of the pre-launch object:

IF P_STATION = "012345678901" THEN @PATH\nalrunw treename objectname parameters [Note: all one line]


  • P_STATION address is the MAC address of the workstation you permit to use the target app
  • PATH is the path where you stored the NALRUNW utility
  • treename, objectname and parameters are the command line parameters that are needed to invoke the target object (parameters are optional in this case).

[Note: If you need more information about using NALRUNW, look for the reference guide in the Toolkit archive.]

If you want to specify several workstations, the script would read:

IF P_STATION = "012345678901" THEN @PATH\nalrunw treename objectname parameters [Note: all one line]
IF P_STATION = "012345678902" THEN @PATH\nalrunw treename objectname parameters [Note: all one line]
IF P_STATION = "012345678903" THEN @PATH\nalrunw treename objectname parameters [Note: all one line]

If a user starts the pre-launch object, it will run the script and check if the currently used workstation matches one of the P_STATION values given in the script the same way as was done in the first solution. If matching addresses are found, the target object will be launched. Otherwise nothing happens.

To give your users some feedback so they'll know why the application isn't opening for them, you could use the SAYIT utility that I wrote. SAYIT will take your command line argument and create a simple message box containing the argument. You would need to change the script slightly:

IF P_STATION = "012345678901" THEN
@PATH\nalrunw treename objectname parameters
IF P_STATION = "012345678902" THEN
@PATH\nalrunw treename objectname paramters
@PATH\sayit The current computer is not permitted to run this application! [Note: all one line]

A similar but more powerful utility for creating customized message boxes can be found in the 3rd Party Files forum under the name BOX.EXE. Take your pick.

The second solution is meant for those of you who can't live with the TERM message box mentioned in the previous solution. It has not had as much work and thought as the first solution, but it shows that ZENworks still is open for your creativity. If you need a fast and painless solution right now, go with the first solution.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates