3.11 Creating Policies by Using the zman Command Line Utility

ZENworks Configuration Management allows you to create different types of policies, such as Browser Bookmarks policy, Dynamic Local User policy, Local File Rights policy, and Printer policy. Each policy has its own set of data and configuration settings. Because it is complex to pass the data as arguments in the command line, the zman utility takes XML files as an input to create policies. You can use exported XML files as a templates to create polices. To use the zman command line utility to create a policy, you must have a policy of the same type already created through ZENworks Control Center and export it to an XML file. For more information on creating policies by using ZENworks Control Center, see Section 3.0, Creating Windows Configuration Policies.

For example, you can export a Browser Bookmarks Policy already created through ZENworks Control Center into an XML file, then use it to create another Browser Bookmarks Policy by using zman.

A policy can have file content associated with it. For example, the printer driver to be installed is a file associated with the Printer policy.

Review the following sections to create a policy by using the zman command line utility:

3.11.1 Creating a Policy without Content

  1. Create a policy in ZENworks Control Center.

    For example, use ZENworks Control Center to create a Browser Bookmarks Policy called google containing a bookmark to http://www.google.co.in.

  2. Export the policy to an XML file by using the following command:

    zman policy-export-to-file policy_name policy_filename.xml

    For example, export the google policy to google.xml by using the following command: zman policy-export-to-file google google.xml

    If you want to create a new policy with new data, continue with Step 3. If you want to create a new policy with the same data as the google policy, skip to Step 4.

  3. Modify the XML file according to your requirements.

    For example, in google.xml, change the value of <URL> from http://www.google.co.in to http://www.yahoo.com in the browserbookmarkspolicy action of the Enforcement action set and <PolicyData> element in both <Actions> and <PolicyData> elements as shown below.

    <ns2:ActionSets>
    
     <Id>879de60b7591b6f6aefae09fcd83db54</Id>
    
     <Type>Enforcement</Type>
    
     <Version>1</Version>
    
     <Modified>false</Modified>
    
      <Actions>
    
       <Id>0ab9a1785370bcd38bc862bd2817abac</Id>
    
        <Name>browserbookmarkspolicy</Name>
    
         <Type>browserbookmarkspolicy</Type>
    
          <Data>
    
           <PolicyData xmlns="http://novell.com/zenworks/datamodel/objects/policies">
    
            <BookmarksPolicyHandlerData xmlns="">
    
             <EnforcePolicy>
    
              <Bookmarks>
    
               <Bookmark Type="url_string">
    
                 <Name>Google</Name>
    
                 <Url>http://www.yahoo.com</Url>
    
                 <Folder>/</Folder>
    
               </Bookmark>
    
              </Bookmarks>
    
             </EnforcePolicy>
    
            </BookmarksPolicyHandlerData>
    
           </PolicyData>
    
          </Data>
    
      <ContinueOnFailure>true</ContinueOnFailure>
    
      <Enabled>true</Enabled>
    
    <Properties>StandaloneName=browserbookmarksenf;Impersonation=SYSTEM;</Properties>
    
    </Actions>
    
    </ns2:ActionSets>
    
    <ns2:ActionSets xmlns:ns2="http://novell.com/zenworks/datamodel/objects/actions" xmlns="http://novell.com/zenworks/datamodel/objects/actions">
    
      <Id>4efa37c827cf0e8a8ac20b23a3022227</Id>
    
      <Type>Distribution</Type>
    
      <Version>1</Version>
    
      <Modified>false</Modified>
    
       <Actions>
    
        <Id>27c4a42544210b3ac3b067ff6aff2d5c</Id>
    
        <Name>Distribute Action</Name>
    
        <Type>Distribute Action</Type>
    
        <ContinueOnFailure>true</ContinueOnFailure>
    
        <Enabled>true</Enabled>
    
        <Properties />
    
       </Actions>
     </ns2:ActionSets>
    
     <ApplyImmediate>false</ApplyImmediate>
    
     <PolicyData>
    
      <BookmarksPolicyHandlerData>
    
        <EnforcePolicy>
    
          <Bookmarks>
    
            <Bookmark Type="url_string">
    
              <Name>Google</Name>
    
              <Url>http://www.yahoo.com</Url>
    
              <Folder>/</Folder>
    
            </Bookmark>
    
          </Bookmarks>
    
        </EnforcePolicy>
    
      </BookmarksPolicyHandlerData>
    
    </PolicyData>
    
  4. Create a new policy by using the following command:

    zman policy-create new_policy_name policy_xml_filename.xml

    For example, to create a policy named yahoo, use the following command:

    zman policy-create yahoo google.xml

3.11.2 Creating a Policy with Content

  1. Create a policy in ZENworks Control Center.

    For example, use ZENworks Control Center to create a Printer policy of type iPrint called iPrint Policy that automatically installs an iPrint driver from the driver.zip file provided as the policy content, and configures an iPrint printer on the device.

  2. Export the policy to an XML file by using the following command:

    zman policy-export-to-file policy_name policy_filename.xml

    This creates policy_filename.xml and policy_filename_ActionContentInfo.xml files.

    For example, export iPrintPolicy to iPrintPolicy.xml by using the following command:

    zman policy-export-to-file iPrintPolicy iPrintPolicy.xml

    The iPrintPolicy.xml and iPrintPolicy_ActionContentInfo.xml files are created. For more information about ActionContentInfo.xml, see Section 3.11.3, Understanding the zman Policy XML File Format.

    If you want to create a new policy with new data, continue with Step 3. If you want to create a new policy with the same data as iPrintPolicy, skip to Step 4.

  3. Modify the iPrintPolicy.xml and iPrintPolicy_actioncontentinfo.xml files according to your requirements.

    For example, to create a new policy to configure and install another iPrint in the network with a newer version of the driver, do the following:

    • Change all references of driver.zip to newDriver.zip in the <ActionSet> and the <PolicyData> section of iPrintPolicy.xml, and in the <ActionSet> section of iPrintPolicy_actioncontentinfo.xml.

    • Replace the name of the printer in the iPrintPolicy.xml file with the new name of the printer.

    A sample iPrintPolicy_actioncontentinfo.xml is shown below.

    <ActionInformation>
    
     <ActionSet type="Enforcement">
    
      <Action name="printer policy" index="1">
    
       <Content>
    
         <ContentFilePath>driver.zip</ContentFilePath>
    
       </Content>
    
      </Action>
    
     </ActionSet>
    
    </ActionInformation>
    
  4. Create a new policy by using the following command:

    zman policy-create new_policy_name policy_xml_filename.xml --actioninfo policy_name_actioncontentinfo.xml

    For example, use the following command to create a policy called New_iPrintPolicy:

    zman policy-create New_iPrintPolicy iPrintPolicy.xml --actioninfo iPrintPolicy_ActionContentInfo.xml

3.11.3 Understanding the zman Policy XML File Format

The policy-export-to-file command serializes the policy information, which is stored in the database, into an XML file. Each policy contains actions that are grouped into Action Sets, Enforcement, and Distribution. An exported policy XML file contains information for the policy, such as UID, Name, Path, PrimaryType, SubType, PolicyData, System Requirements, and information on all Action Sets and their actions. The file does not include information about assignment of the policy to devices or users.

A sample XML format template, WindowsGroupPolicy.xml, is available at /opt/novell/zenworks/share/zman/samples/policies on a Linux server and in ZENworks_Installation_directory:\Novell\Zenworks\share\zman\samples\policies on a Windows server.

NOTE:If the exported XML file contains extended ASCII characters, you must open it in an editor by using UTF-8 encoding instead of ANSI coding, because ANSI coding displays the extended ASCII characters as garbled.

When you create a policy from the XML file, zman uses the information specified in the <Description>, <SubType>,<Category>, <ActionSets>, <PolicyData>, and <SysReqs> tags of the file. The values for the Name and Parent folder are taken from the command line. For the remaining elements, the default value is used.

Follow the guidelines listed below to work with the XML file:

  • If you want to create a policy without file content, you need only the policy XML file to create the policy.

    For example, a Local File Rights Policy does not have file content associated with it.

  • If you want to create a policy with content, you must provide an additional XML file, which contains the path of the content file, as an argument to the -–actioninfo option of the policy-create command.

    For example, a Printer policy can have the printer drivers to be installed as associated file content.

    A sample XML format template, ActionInfo.xml, is available at /opt/novell/zenworks/share/zman/samples/policies on a Linux server and in ZENworks_Installation_directory:\Novell\Zenworks\share\zman\ samples\policies on a Windows server.

  • If you want to modify the <Data> element of actions in the exported XML file, ensure that the new data is correct and that it conforms to the schema. The zman utility does a minimal validation of the data and does not check for the errors. Hence, the policy might be successfully created, but with invalid data. Such a policy fails when deployed on a managed device.

  • File content is associated with a particular action in an Action Set. The Action Content Information XML file should contain the path of the file to which the file content is to be associated and the index of the action in the Action Set.

    For example, the Printer driver selected to be installed when creating a Printer policy is associated to the printerpolicy action in the Enforcement action set of the created Printer policy.

  • The Action Set is specified by the type attribute in <ActionSet> element. It should be the same as the Action Set type of the policy XML file.

  • The <Action> element has a name attribute, which is optional, for user readability.

  • The index attribute is mandatory. It specifies the action to which the content should be associated to. The index value of the first action in the Action Set is 1.

  • Each action can have multiple <Content> elements, each containing a <ContentFilePath> element. The <ContentFilePath> element contains the path of the file content to be associated with the Action. Ensure that the filename is the same as the filename specified in the policy XML file in <Data> for that action.

  • Ensure that the order of the <Content> elements is in accordance with the order in the policy XML file. For example, a Printer Policy can have multiple drivers configured.The path to the driver files should be specified in the <Content> elements in the order the files are specified in the data for the action as show below.

    <ActionInformaion>
    
     <ActionSet type="Enforcement">
    
      <Action name="printer policy" index="1">
    
       <Content>
    
        <ContentFilePath>driver1.zip</ContentFilePath>
    
       </Content>
    
       <Content>
    
          <ContentFilePath>driver2.zip</ContentFilePath>
    
       </Content>
    
      </Action>
    
     </ActionSet>
    
    </ActionInformation>