App Distribution to Windows 2000 Local User Group
Novell Cool Solutions: Trench
By Winfee Martin
Digg This -
Posted: 13 Feb 2002
Versions: ZENworks 2 and 3
Please Note: This article is not valid for users who have updated to ZEN3SP1. If you are using a ZfD version later than ZENworks for Desktops 3.0, you won't need this.
Winfee Martin is a managing consultant and one of the senior systems engineers for Strategis Information Systems in Purchase, New York. He is also a former senior systems integrator for Bristol Myers-Squibb pharmaceuticals at the global infrastructure command center located in Princeton, New Jersey, where he worked alongside Julian Greenwood, now a member of the ZENworks board of review. He has also worked for Fortune 500 companies such as Citigroup, Atlanta division, and Fortis America, Atlanta division, in a senior level capacity.
The issue to be discussed in this article is the matter of effectively distributing applications to workstations via ZENworks where the workstation users are members of the Windows 2000 local user group.
The Windows 2000 workstation architecture is, in fact, almost identical to that of NT4. However, the Microsoft engineers have worked quite extensively to plug many of the security holes of NT4, some of which were needed to be in place in order for ZENworks administrators to distribute applications to desktops with practical ease.
With Windows 2000 as an organization's desktop operating system, there are some complications when applications are distributed to Windows 2000 workstations via NAL, unless a user is a member of the workstation's local administrator group. If the locally logged-on user is a member of the workstation's local restricted user group, and the application needs to either
- Update a secure portion of the registry, or
- Modify protected system files (i.e. system32 files), or
- Make changes to the local operating systems architecture, (i.e. updating *.dat files or allocating IO port address of the application)
the application will fail to distribute or launch properly. This is due to the fact that Windows 2000 is more securely protected that NT4 was.
Windows 2000 is a secure operating system out of the box. However, it is very customizable. This, in turn, means a lot more customization work for your organization's desktop engineering team.
In order for NAL to distribute properly functional applications to Windows 2000 workstations without sacrificing local security, the following changes to the organization's standard Windows 2000 desktop image are necessary...
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com