You can export security policies from your Management Zone and then import them into another zone or the same zone. This can be useful for exchanging security policies between zones or for backing up important security policies for a single zone.
Exporting and importing is performed through the zman command line utility on the ZENworks Server. The following sections provide instructions:
When you export a policy, all of the policy data except the relationships (user assignments, device assignments, and policy group membership) is written to an export file. The export file is encrypted so that the data is secure outside of the ZENworks system. Because it is encrypted, you also need to export the policy encryption key with the policy.
At a ZENworks Server command prompt, run the following command:
zman epetf (policy path) (XML policy filepath)
(policy path) - The path (including the filename) of the policy object relative to the Policies root folder. For example, FWpolicy1 or ESMpolicies/DEpolicy4.
(XML policy filepath) - The path (including the filename) where you want to save the XML policy file. If you specify only a filename, the file is saved to the current directory. For example, firewallpolicy.xml or c:\firewallpolicy.xml.
Examples:
zman epetf FWPolicy1 c:\FWpolicy1.xml
zman epetf ESMpolicies/DEpolicy4 DEpolicy4.xml
At a ZENworks Server command prompt, run the following command:
zman epektf (policy encryption key filepath)
(policy encryption key file path) - The path (including filename) where you want to save the security policy encryption key file. If you specify only a filename, the file is saved to the current directory. Use any supported filename for the file. The extension is not important; you can use any extension or no extension. For example, key.txt, key.xml, and decryption.file are all valid filenames.
Examples:
zman epektf c:\key.txt
zman epektf EncryptionKey.xml
When you import a policy from an XML policy file, you can specify the name for the policy and the folder in which to place it.
At a ZENworks Server command prompt, run the following command:
zman epi (policy name) (policy encryption key filepath) (XML policy file path) [parent folder]
(policy name) - The name to assign to the policy object.
(policy encryption key filepath) - The full path (including the filename) of the security policy encryption key (KMK) file for the Management Zone from which the policy was exported. This file is required to decrypt the encrypted XML file. If the key file is in the current directory, specify only the filename.
(XML policy filepath) - The full path (including the filename) of the encrypted XML policy file. If the file is in the current directory, specify only the filename.
[parent folder] - The Policies folder in which to create the policy object. If you want to create the object in the root folder, ignore this option.
Examples:
zman epi FWPolicy c:\key.txt c:\FWpolicy.xml
zman epi DEPolicy key.txt encryptionpolicy.xml esmpolicies/encryption