The following sections provide information about deploying ZfD 3.2 Remote Management:
The Remote Management Agent should be installed on the managed workstation so that the administrator can remotely manage that workstation.
The Remote Management Agent starts automatically when the managed workstation boots up. When you initiate a Remote Management session with a managed workstation, the Remote Management Agent uses NDS® to verify whether you have the Remote Management rights. On successful verification, the Remote Management session proceeds.
You can use the Remote Management policy to specify the preferred protocol (IP or IPXTM) that the agent should use to communicate with the management console during a remote session. For details, see Setting Up the Remote Management Policy.
If you select a protocol that is not available on that managed workstation, the agent will attempt to use the available protocol. The management console attempts to contact the agent using the network addresses stored within the Workstation object in NDS. It will cycle once through the network addresses trying to communicate with the agent on the managed workstation. For IP addresses in the workstation, the management console attempts to contact the agent using IP. For IPX addresses stored in the Workstation object, the management console attempts to contact the agent using IPX. However, for the management console to communicate with the managed workstation using IPX, ensure that the IP as well as IPX stacks are installed on the managed workstation. If only the IPX stack is installed, the management console will not be able to communicate with the managed workstation using IPX. For any two machines to communicate, there must be a common protocol stack available on both machines. This has been depicted in the following illustration.
IMPORTANT: IPX support for Chat, Diagnostics, File Transfer, and Remote Wake Up is not available.
Before you install the Remote Management component, ensure that all the installation prerequisites for Remote Management are met. For details, see Installation Prerequisites for Remote Management in Remote Management in Getting Started. ZfD 3.2 Remote Management functionality can be used to remotely manage Windows 95/98 or Windows NT/2000 workstations. If you need to remotely manage Windows NT/2000 servers, you can use the ZENworks for Severs Remote Management functionality. For more information, see the ZENworks for Servers documentation.
To install the Remote Management Agent, ensure you have administrator rights.
To remotely access a workstation from the ZfD 3.2 management console, the appropriate Remote Management Agent must be loaded on that workstation. The Remote Management Agent is a service installed on the Windows 95/98/NT/2000 workstation and runs automatically after installation. The agent can be installed using the Novell Application LauncherTM (NAL), the login script or RMSETUP.EXE.
The preferred method for installing the agent is to add the Remote Management Install Application object to the Application Launcher and associate the Application object with the managed workstation. The Remote Management Install Application object is created in NDS during ZfD 3.2 installation.
The following sections provide information about installing the Remote Management Agent on Windows 95/98/NT/2000 workstation:
IMPORTANT: For Windows NT/2000 managed workstations, you must associate the Application object with the Workstation object or the Container of the Workstation object. You will not be able to launch the Application object if you associate it with a User object.
To install the Remote Management Agent using the Application Launcher:
From the management console, right-click a managed workstation.
Click Properties > Applications.
Click Add > browse to select Remote Management Install.
From the Applications Page, select one of the following association for Remote Management Install.
Click OK.
Double-click the Remote Management Agent from the Application Explorer.
NOTE: Upgrade the ZfD3.2 Remote Management files on the ZENworks server before running the Remote Management Install object from the Application Explorer.
If the NAL components are not installed on the ZENworks server and the target machine, you can add the Remote Management Agent install program (RMSETUP.EXE) in the login script, at any user/container object level.
To add RMSETUP.EXE to the login script:
From ConsoleOne®, right-click the container or any user object, then click Properties > Login Script.
Add the following line to the login script:
#ZENworks_server_name\SYS\PUBLIC\ZENWORKS\ RMSETUP.EXE
Click Apply > Close.
From the target workstation, log in as user where the modified login script is associated.
From the workstation where you want to install the Remote Management Agent, map to the SYS:\PUBLIC\ZENWORKS directory located on the ZfD server.
Double-click RMSETUP.EXE
This automatically installs the Remote Management Agent files on the managed workstation.
In order for the Remote Management Agent to accept a Remote Management request, the managed workstation must be registered in NDS and be imported as an NDS Workstation object. The Remote Management Agents use NDS authentication to verify that the user requesting to remotely access the managed workstation is authorized to do so. The effective policy settings based on which the administrator performs Remote Management sessions on the managed workstation are taken from the NDS Workstation object and the User object of the user logged in to the managed workstation.
The ZfD 3.2 management console runs from ConsoleOne. The Remote Management Agents are NDS authentication-aware and policy-aware and will not allow unauthorized Remote Management sessions.
The following sections provide information about setting up security for Remote Management sessions:
The Remote Management policy is an NDS object in a policy package. Policy packages are NDS objects that contain policies grouped according to the object type. Object types can be Workstation object, User object, User Group, or Container object.
The Remote Management policy enables the administrator to specify security settings for various Remote Management sessions. The administrator can use the ZENworks Policy wizard to create a policy package or use an existing Remote Management policy for an object. The policy packages are categorized into Workstation Policy Packages and User Policy Packages. The Workstation Policy Package and the User Policy Package are further categorized based on the operating system of the workstation or the operating system that the user is logged in to. Each policy package has a set of default policies that you can use. By default, the Remote Management policy is available from all the listed policy packages provided by ZfD 3.2, including:
The following figure displays the Remote Control security options available from the Remote Management policy.
The following table provides a description of security options available in the Remote Management policy.
The administrator can change the default settings on any page of the Remote Management policy. If you change the values of the default protocol and Remote Management Agent icon settings, you have to restart the Remote Management Agent for the changes to take effect. The new settings will apply for all ensuing Remote Management sessions.
NOTE: To traverse the options of the Remote Operations button, press Ctrl+PageUp or Ctrl+PageDown.
You can use the Manage Remote Operators wizard to set up the required rights for the management console user. Alternatively, you can use the Remote Operators tab to add the user as a management console user while giving the appropriate Remote Management rights.
To set required rights using the Remote Operator tab:
Right-click the workstation object from the management console.
Click Properties > the Remote Operator tab > Add.
In the Select Objects dialog box, do the following:
Click Apply > OK.
Remote Management session authentication in ZENworks 2 required the management console and managed workstation to always contact the Master Replica of the NDS partition that held the Workstation object. This dependency on the Master Replica would sometimes slow down the authentication process if the Master Replica was not on the same network as the management console and managed workstation. This constraint has been removed in ZfD 3 (with the exception listed below) to speed up the authentication wherever possible while ensuring the same level of seamless authentication.
With ZfD 3, the management console contacts any read/write replica to which the console user has access. This replica is almost always the nearest one. The reference of the replica contacted by the management console is then sent to the managed workstation.
The managed workstation uses this information and communicates with the same replica, thus ensuring that the managed workstation and the management console use the same NDS information.
HINT: If the managed workstation fails to contact the replica for which the reference has been sent by the management console, the Master Replica is still used for the purpose of authentication.
ZfD takes full advantage of the security functionality of NDS. NDS functionality ensures secure Remote Management sessions when users log out or new users log in to the management console or the managed workstation during a Remote Management session. The Remote Management session will terminate, restart, or continue based on the Remote Management security settings for the new user.
The following sections describe the Remote Management tasks of ZfD3.2 that the Remote Management Agent supports:
You can remotely power up a powered-down node in your network if the network card on the node is Wake on LAN* enabled. This feature lets the administrator manage nodes during off-hours to minimize the downtime users experience for system maintenance and upgrades. It also facilitates power savings while keeping systems available for maintenance. Ensure that you meet the prerequisites for initiating a Remote Wake Up session. For details, see Managing a Remote Wake Up Session in Managing Remote Workstations in Administration.
You can control a managed workstation from ConsoleOne using the Remote Control feature so that you can provide assistance to the user at the managed workstation to resolve workstation problems.
Remote Control establishes connections between the management console and the managed workstation. With remote control connections, the administrator can go beyond viewing the managed workstation to taking control of it.
You can view the desktop of the managed workstation from your desktop using the Remote View feature.
Remote View lets you connect with a managed workstation so you can view the managed workstation instead of controlling it. This will help you troubleshoot problems that the user encounters. For example, you can observe how the user at the managed workstation performs certain tasks to see if the user performs a task incorrectly.
Remote Execute lets you run any executable on the managed workstation from the management console. An application can be remotely executed by specifying its executable name in the Remote Execute window if the program is in the path of the managed workstation or by entering the complete path of the application if it is not in the path of the managed workstation.
You can determine the value of the path from the Environment window launched from the Diagnostic feature of ZfD.
Diagnostics shorten problem resolution times and assist users without requiring a technician to come to the troubled workstation. This increases user productivity by keeping desktops up and running.
Remote diagnostic information of managed workstations is available over IP only; IPX is not supported. Remote diagnostics is not supported on Windows 3.x managed workstations.
File Transfer lets you perform file operations between the management console and a managed workstation. To transfer files between the management console and the managed workstation, ensure that the Remote Management Agent is installed on the managed workstation.
Using File Transfer, you can move or copy files between the management console and a managed workstation. You can also rename and delete files, and create directories on the management console and on the managed workstation. From the File Transfer window, you can view the properties of files and directories on the management console and on the managed workstation, including size of the file, and the date and time of file creation. File Transfer also lets you open files with the associated application on the management console.
The File Transfer program does not allow access to non-fixed drives on the managed workstation. File Transfer is not supported on Windows 3.x managed workstations.
Chat is a real-time messaging tool that lets the management console user communicate with a user at the managed workstation. Only a management console user logged in as an administrator can initiate a chat session. To chat with the user at the managed workstation, you need to ensure that the Remote Management Agent is installed on the managed workstation.
When the management console user initiates a chat session with the user at the managed workstation, the user at the managed workstation will be prompted for permission to initiate the chat session. The chat session begins when the user at the managed workstation provides the permission to initiate the chat session. During the chat session, you can copy and paste text in the message area. Either the management console user or the user at the managed workstation can close the chat session.
Chat is not supported on Windows 3.x managed workstations.
The Windows NT/2000 event logging mechanism allows applications running on the managed workstation to record events as log files. You can use the Event Viewer to view the event logs. The Event Viewer maintains Application, Security, and System log files. The events for Remote Management sessions are stored in the Application log file. The managed workstation on which the Remote Management Agent is installed maintains this log information as an audit log.
IMPORTANT: ZENworks 2 stored audit information of Remote Management events in the SECURITY log file. ZfD stores the audit information in the APPLICATION log file. You can save the information of previous events using the Save As option from the File menu of the Event Viewer.
Remote Management security is enabled when a remote management session is initiated by the administrative user (the network administrator or another user). The following table provides information about how you can initiate a Remote Management session: