9.4 Applying Policies

ZENworks Configuration Management lets you use policies to create a set of configurations that can be assigned to any number of managed devices. It helps you to provide the devices with a uniform configuration, and it eliminates the need to configure each device separately.

ZENworks Configuration Management policies help you manage the external services, puppet policy related settings, Internet Explorer favorites, Windows Group policies, local file rights, A/C Power Management settings, printers, SNMP service settings, roaming profiles, and configure dynamic local user accounts and manage them on the managed devices. You can also configure the behavior or execution of a Remote Management session on the managed device, and administer as well as centrally manage the behavior and features of ZENworks Explorer.

The following section contains the list of Windows Configuration policies that can be created and assigned to a user or a managed device.

  • Browser Bookmarks Policy: Configures Internet Explorer favorites for Windows devices and users.

  • Dynamic Local User Policy: Configures users created on Windows XP, Windows Vista, Windows 7 workstations; and Windows 2003, Windows 2008, Windows 2008 R2 Terminal Servers after the users have successfully authenticated to Novell eDirectory.

  • Local File Rights Policy: Configures rights for files or folders that exist on the NTFS file systems.

    The policy can be used to configure basic and advanced permissions for both local and domain users and groups. It provides the ability for an administrator to create custom groups on managed devices.

  • Power Management Policy: Configures Power Management settings on the managed devices.

    Watch a video that demonstrates how to use configure a Power Management policy.

  • Printer Policy: Configures Local, SMB, HTTP, TCP/IP, CUPS, and iPrint printers for Windows devices and users.

  • Remote Management Policy: Configures the behavior or execution of a Remote Management session on a managed device. The policy includes properties such as Remote Management operations, security, and so forth. A Remote Management policy can be assigned to users as well as managed devices.

  • Roaming Profile Policy: Allows the user to configure the path where his or her user profile should be stored.

    A user profile contains information about a user’s desktop settings and personal preferences, which are retained from session to session.

    Any user profile that is stored in a network path is known as a roaming profile. Every time the user logs on to a machine, his or her profile is loaded from the network path. This helps the user to move from machine to machine and still retain consistent personal settings.

  • SNMP Policy: Configures SNMP parameters on the managed devices.

  • Windows Group Policy: Configures Group Policy for Windows devices and users.

  • ZENworks Explorer Configuration Policy: Allows you to administer and centrally manage the behavior and features of ZENworks Explorer.

The following section contains the list of Linux Configuration policies that can be created and assigned to a user or a managed device.

  • External Services Policy: Configures the external services on a Linux-managed device for the YUM, ZYPP or MOUNT repositories. It provides the ability for an administrator to download and install software packages or updates from these repositories, on the managed devices.

  • Puppet Policy: Specifies how to run puppet manifests and modules on a managed device, upload the script files, and specifies if a dry run of the script should be performed on the device.

The following section lists the policies that are applicable for mobile devices enrolled in the zone.

  • Mobile Device Control Policy: Enables you to allow or restrict users from accessing the various features of a mobile device.

  • Mobile Email Policy: Enables you to manage the corporate email account on mobile devices.

  • Mobile Enrollment Policy: Enforces which users can enroll their mobile devices, what mobile devices the users can enroll, the mode to be used for mobile device enrollment, and the location and naming of the device.

  • Mobile Security Policy: Configures the password restrictions, encryption settings, and device inactivity settings on devices.

  • Mobile Compliance Policy: Ensures devices are compliant with the rules applied on these devices.

  • Android Enterprise Enrollment Policy: Allows users to enroll their Android devices in the work profile mode or in the work-managed device mode as part of the Android Enterprise program.

  • Intune App Protection Policy: Enforces restrictions on Microsoft Intune apps such as restricting cut, copy and paste actions on the app and enforcing the usage of a PIN to access an Intune app. This is applicable for iOS, iPadOS, and Android devices.

9.4.1 Creating a Policy

To create a policy, you use the Create New Policy Wizard. In addition to helping you create the policy, the wizard also lets you assign it to devices and users and decide whether to enforce the policy immediately or wait until the device refreshes its information.

  1. In ZENworks Control Center, click the Policies tab.

  2. In the Policies panel, click New > Policy to display the Select Platform page.

  3. Select the policy category, then click Next to display the Select Policy Category page.

  4. Select the category of policy you want to create, then click Next.

  5. Select a Policy Type from the list of policies provided. Follow the on-screen prompts to create the policy.

    Click the Help button on each wizard page for detailed information about the page.

    When you complete the wizard, the policy is added to the Policies panel. You can click the policy to view the policy’s details and modify assignments.

You can also use the policy-create command in the zman utility to create a policy. For more information, see Policy Commands in the ZENworks Command Line Utilities Reference.

9.4.2 Assigning a Policy

After you create a policy, you need to assign it to the devices where you want it applied. You can make assignments to devices or to users.

  1. In the Policies panel, select the policy you want to assign by selecting the check box next to it.

  2. Click Action > Assign to Device.

    or

    Click Action > Assign to User.

  3. Follow the prompts to assign the policy.

    Click the Help button on each wizard page for detailed information about the page.

    When you complete the wizard, the assigned devices or users are added to the policy’s Relationships page. You can click the policy to view the assignments.

You can also use the policy-assign command in the zman utility to assign a policy. For more information, see Policy Commands in the ZENworks Command Line Utilities Reference.

9.4.3 Where to Find More Information

For more information about applying policies, see the ZENworks Configuration Policies Reference.

For more information on applying policies on mobile devices, see ZENworks Mobile Management Reference.