10.2 Creating Registration Keys and Rules

The first time a device registers, it is added to a folder. By default, it is added to either the /Servers folder or the /Workstations folder, depending on the device type.

You can use registration keys and registration rules to override the default folder assignment and specify another folder, and to assign the device to groups. Although you can manually move a device to another folder and add it to groups after the device registers, this can become burdensome if you have a large number of devices or if you are consistently adding new devices. The best way to manage a large number of devices is to use registration keys and rules to automatically add them to the correct folders and groups during registration.

  • Registration key: A registration key is an alphanumeric string that you manually define or randomly generate. During deployment of the ZENworks Agent on a device, the registration key must be provided. When the device connects to a ZENworks Server for the first time, the device is added to the folder and groups defined within the key.

  • Registration rule: A registration rule is a set of predefined criteria (for example, operating system type, CPU, or IP address) that you define. If the device meets the criteria, the rule is used for registration. You can create multiple rules; all rules are checked before the default folder is used. Registration rules are applied only if a registration key is not used.

The following sections provide instructions for creating registration keys and rules:

10.2.1 Creating a Registration Key

The steps in this section explain how to create a registration key. After you have created a key, you can use the key in the following ways:

  • Include the key in a deployment task so that it is used during installation of the ZENworks Agent. See Section 11.5, Using a Task to Deploy the Agent.

  • Add the key to a deployment package so that when the package is used in either a deployment task or a manual installation, the registration key is applied. See Deployment Packages.

  • Use the key with the ZENworks Agent command line utility (zac) to initially register a device within a zone (zac register command), or to manually reregister the device with an additional key (zac add-reg-key command). See Manually Registering a Device.

To create a registration key:

  1. In ZENworks Control Center, click the Configuration tab, then click the Registration tab.

  2. In the Registration Keys panel, click New > Registration Key to launch the Create New Registration Key Wizard.

  3. Complete the wizard by using information from the following table to fill in the fields.

    Wizard Page

    Details

    Basic Information page

    Define the registration key name and folder location, add information to describe the key, and specify the number of times the key can be used.

    Key Code: Provide a key code for the registration key. When devices register during installation, this is the key code the device provides to be assigned to the folder and groups associated with this registration. Any device that presents this key code is given the assignments associated with this registration.

    Choose something simple for reduced security, or click Generate to generate a complex registration string that is difficult to guess. Use the Generate option along with a registration key limit for increased security. If you manually enter a name, the name must be different than any other registration key names and must not use any of the following invalid characters: / \ * ? : " ' < > | ` % ~.

    Folder: Specify the folder for this registration key. This is for organizational purposes only. Devices do not need to know where a registration key is located in order to use it to register, they simply need to know the key name.

    Description: Use this field to provide information about the new registration key. This is for your benefit. This field appears only in ZENworks Control Center.

    Number of Times This Key Can Be Used: For security purposes, this enables you to limit the number of times the devices can use this key to register.

    Containment Rules page

    Specify the folder in which to place the devices.

    As a general rule, devices with similar configuration settings (refresh intervals, logging settings, remote management settings, and so forth) should be grouped in the same folder so that you can specify the configuration settings on the folder and have the devices in the folder inherit them. You should not use the same folder for devices that require different configuration settings; doing so prohibits you from using the folder to define the settings and forces you to define them on each individual device.

    Device Fields

    Specify the department, site, and location information you want entered on a device details page when it registers. For example, if you enter Accounting in the Department field, then Accounting is entered in the Department field on the device details page.

    Group Membership page

    Specify the groups that devices will become members of when they register.

    Adding groups causes registering devices to receive any assignments provided by membership in the groups. Assignments from group membership are additive, so if a device is assigned to both groups A and B, the device receives all assignments from both groups.

    You can only add groups that are valid for the type of device folder you specified on the previous page of the wizard. For example, if you specified the /Devices/Workstations folder, you can only choose workstation groups.

    To specify a group:

    1. Click Add to display the Groups dialog box.

    2. Browse for and select the group (or groups) to which you want to add the devices. To do so:

      1. Click next to a folder (for example, the Workstations folder or Servers folder) to navigate through the folders until you find the group you want to select.

        or

        Search for the group by entering its name in the Item name box. You can use an asterisk (*) as a wildcard. For example, entering P* finds all groups that start with P, or entering *Accounting finds all groups that end with Accounting.

      2. Click the underlined link in the Name column to select the group and display its name in the Selected list box.

      3. Repeat steps 2a and 2b until you have selected all groups to which you want to assign membership.

      4. Click OK to add the selected groups to the list.

    Reconcile Settings page

    Specify how you want the to reconcile the existing devices with the new devices that come for registration in the Management Zone.

    For information, see Reconciling the Devices.

    Enable reconcile setting if ZENworks Agents are deployed in VDI environment. This device reconcile setting take precedence over zone level device reconcile settings.

When you complete the wizard, the key is added to the Registration Keys panel.

You can also use the registration-create-key command in the zman utility to create a registration key. For more information, see Registration Commands in the ZENworks Command Line Utilities Reference.

10.2.2 Creating a Registration Rule

  1. In ZENworks Control Center, click the Configuration tab, then click the Registration tab.

  2. In the Registration Rules panel, click New to launch the Create New Registration Rule Wizard.

  3. Complete the wizard by using information from the following table to fill in the fields.

    Wizard Page

    Details

    Basic Information page

    Define the rule name and add information to describe the rule.

    Name: Provide a name for the rule. Users never see the rule name; it displays only in ZENworks Control Center. The name must be different than any other registration key names and must not use any of the following invalid characters: / \ * ? : " ' < > | ` % ~.

    Description: Provide information about the new registration rule. The information appears only in ZENworks Control Center.

    Device Criteria page

    Define the criteria that must be met for the registration rule to be applied to a device. The criteria are defined through the use of filters. At least one filter must be defined.

    1. Click Add Filter to add a filter line.

    2. Create the filter expression.

      An expression consists of a criteria option, operator, and value.

      Example 1:

      IPAddress Equal to 123.45.67.89

      IPAddress is the criteria option, Equal to is the operator, and 123.45.67.89 is the value. In the above example, the registration rule is applied only to devices whose IP addresses is equal to 123.45.67.89.

      Example 2:

      NOT IPAddress Equal to 123.45.67.89

      You can use NOT to perform a logical negation of the expression.

      In the above example, the registration rule is applied only to devices whose IP addresses is not equal to 123.45.67.89.

      Example 3:

      IPAddress Within 123.45.67.89-123.45.67.99

      You can use the Within operator to specify the IP address range. Two types of IP address ranges are supported:

      • Standard dotted-decimal notation

        Example: 123.45.67.89-123.45.67.99

      • CIDR notation

        Example: 123.45.67.89/24, where /24 represents the prefix length, which is the number of shared initial bits, counting from the left side of the address.

      The criteria options you can use are listed below, along with possible values. The format for all values, with the exception of CPU, Language, Device Type and OS, are free form string.

      • Azure AD Tenant ID: d7878af8-383c-4161-8b76-e8fc4566b42e

      • Azure AD Tenant Name: mftest

      • CPU: Intel(R) Pentium(R) M processor 1600MHz

      • DNS: abc.xyz.com

      • Device Carrier: T-mobile

      • Device Manufacturer: Apple

      • Device Model: MD439LL/A

      • Device Type: Workstation or Server

      • GUID: 5bf63fb9b1ed4cd880e1a428a1fcf737

      • Hostname: zenserver

      • IMEI: 2436262256

      • IPAddress: 123.45.67.89

      • Language: Portuguese (Brazil)

      • MAC Address: 00-0c-29-e8-cd-3a

      • OS: win2003-se-sp1-x86

    3. If necessary, click Add Filter to create another filter.

      Filters are combined with the AND operator, which means that the criteria defined in each filter must be met before the registration rule is applied to a device. For example: OS equals Windows Server 2003 AND IPAddress Equal to 123.45.67.89

      In the above example, the registration rule is applied only to devices whose operating system is Windows 2003 and whose IP address is equal to 123.45.67.89.

    Device Criteria page (continued)

    You can add filters individually or in sets. Logical operators, either AND or OR, are used to combine each filter and filter set. By default, filters are combined using OR (as determined by the Combine Filters Using field) and filter sets are combined using AND.

    You can change the default and use AND to combined filters, in which case filter sets are automatically combined using OR. In other words, the logical operator that is to combine individual filters (within in a set) must be the opposite of the operator that is used between filter sets.

    You can easily view how these logical operators work. Click both the Add Filter and Add Filter Set options a few times each to create a few filter sets, then switch between AND and OR in the Combine Filters Using field and observe how the operators change.

    As you construct filters and filter sets, you can think in terms of algebraic notation parentheticals, where filters are contained within parentheses, and sets are separated into a series of parenthetical groups. Logical operators (AND and OR) separate the filters within the parentheses, and the operators are used to separate the parentheticals.

    For example, “(u AND v AND w) OR (x AND y AND z)” means “match either uvw or xyz.” In the filter list, this looks like:

    u AND
    v AND
    w
    OR
    x AND
    y AND
    z

    Containment Rules page

    Specify the folder in which to place the devices.

    As a general rule, devices with similar configuration settings (refresh intervals, logging settings, remote management settings, and so forth) should be grouped in the same folder so that you can specify the configuration settings on the folder and have the devices in the folder inherit them. You should not use the same folder for devices that require different configuration settings; doing so prohibits you from using the folder to define the settings and forces you to define them on each individual device.

    Device Fields

    Specify the department, site, and location information you want entered on a device details page when it registers. For example, if you enter Accounting in the Department field, then Accounting is entered in the Department field on the device details page.

    Group Membership page

    Specify the groups that devices will become members of when they register.

    Adding groups causes registering devices to receive any assignments provided by membership in the groups. Assignments from group membership are additive, so if a device is assigned to both groups A and B, the device receives all assignments from both groups.

    You can only add groups that are valid for the type of device folder you specified on the previous page of the wizard. For example, if you specified the /Devices/Workstations folder, you can only choose workstation groups.

    To specify a group:

    1. Click Add to display the Groups dialog box.

    2. Browse for and select the group (or groups) to which you want to add the devices. To do so:

      1. Click next to a folder (for example, the Workstations folder or Servers folder) to navigate through the folders until you find the group you want to select.

        or

        Search for the group by entering its name in the Item name box. You can use an asterisk (*) as a wildcard. For example, entering P* finds all groups that start with P, or entering *Accounting finds all groups that end with Accounting.

      2. Click the underlined link in the Name column to select the group and display its name in the Selected list box.

      3. Repeat steps 2a and 2b until you have selected all groups to which you want to assign membership.

      4. Click OK to add the selected groups to the list.

    Reconcile Settings page

    Specify how you want the to reconcile the existing devices with the new devices that come for registration in the Management Zone.

    For information, see Reconciling the Devices.

    Enable reconcile setting if ZENworks Agents are deployed in VDI environment. This device reconcile setting take precedence over zone level device reconcile settings.

    When you complete the wizard, the rule is added to the Registration Rules panel. Rules are applied from the top down. You want to list the more restrictive rules first, followed by the more general rules. If no rules apply, the default server and workstation rules are applied.

  4. If you want to reorder the rules, click Advanced (located in the upper right corner of the Registration Rules panel).

  5. Select the check box in front of the rule you want to move.

  6. Click Move Up or Move Down to reposition the rule.

You can also use the ruleset-create command in the zman utility to create a registration rule. For more information, see Ruleset Commands in the ZENworks Command Line Utilities Reference.