zac for Windows (1)


zac - The command line management interface for the Novell ZENworks Adaptive Agent that is installed and running on Windows managed devices.


zac command options


The zac utility performs command line management functions on the ZENworks managed device, including installing and removing software bundles, applying policies, and registering and unregistering the device.

Guide to Usage

Most commands have a long form and a short form:

  • Long form: add-reg-key

  • Short form: ark

When both forms are available, the command is listed as follows:

add-reg-key (ark) arguments

When using the command, enter only the long form or the short form:

zac add-reg-key arguments

zac ark arguments

Arguments can be mandatory or optional. Mandatory arguments are included in angle brackets <argument>. Optional arguments are included in square brackets [argument]. If an argument includes a space, enclose it in quotation marks:

zac ark "arg 1"

Help Commands

/h or --help

Displays information about the commands.

Authentication Satellite Server Commands

authentication server reconfigure (asr) [-t all|config|jetty|casa] [-u username] [-p password]

Reconfigures an enabled Authentication Satellite.


To fetch the configuration files from the server:

zac asr -t config

To reconfigure the CASA signing certificate:

zac asr -t casa

To reconfigure the Jetty web server:

zac asr -t jetty -u Administrator -p password

To reconfigure the entire Satellite:

zac asr -t all -u Administrator -p password

If a username and password is required but is not provided on the command line you will be prompted.

import-authentication-cert(iac)[-pk <private-key.der>] [-c <signed-server-certificate.der>] [-ca <signing-authority-public-certificate.der>] [-ks <keystore.jks>] [-ksp <keystore-pass-phrase>] [-a <signed-cert-alias>] [-ks <signed-cert-passphrase>] [-u username] [-p password] [-rc]

Configures an Authentication Satellite device with externally signed certificates.

  • rc - Confirms reconfiguration of the Authentication Satellite Server so that the administrator is not prompted for reconfiguration.

Bundle Commands

bundle-install (bin) <bundle display name>

Installs the specified bundle. Use the bundle-list command to get a list of the available bundles and their display names.


zac bin bundle1

bundle-launch (bln) <bundle display name> [-noSelfHeal]

Launches the specified bundle. Use the bundle-list command to get a list of the available bundles and their display names.

Example to launch a bundle based on the display name:

zac bln bundle1

Example to launch a bundle based on the display name and turn selfhealing off if the launch action fails (by default, selfhealing is turned on):

zac bln bundle1 -noSelfHeal

bundle-list (bl)

Displays the list of bundles assigned to the device and the logged in user.


zac bl

bundle-props (bp) <bundle display name>

Displays the status, version, GUID, and requirements information for the specified bundle. Use the bundle-list command to get a list of the available bundles and their display names.


zac bln bundle1

bundle-refresh (br) <bundle display name or guid>

Refreshes information about the specified bundle.


zac br bundle1

bundle-uninstall (bu) <bundle display name>

Uninstalls the specified bundle. Use the bundle-list command to get a list of installed bundles and their display names.


zac bu bundle1

bundle-verify (bv) <bundle display name>

Verifies an installed bundle (specified by bundle display name) to ensure that no files have been removed or corrupted. Use the bundle-list command to get a list of the installed bundles and their display names.


zac bv bundle1

Certificate Commands

cert-info (ci) [ca certificate file path] [-u <username> -p <password>]

Lists public key certificate information for each known ZENworks server or adds a trusted root certificate to the device trusted store. The file can be in ASN.1 DER format or base-64 encoded delimited by ----BEGIN CERTIFICATE---- and ----END CERTIFICATE--.


To list the certificate for each known ZENworks server:

zac ci

To add a trusted root certificate to the devices trusted store:

zac ci c:\certs\mytrustcacert.der -u myuser -p mypassword

Content Distribution Commands

cdp-checksum (cchk) [-l:<path to log>]

Validates satellite content by computing the checksum on each file.

The optional log file details results of the checksum comparison.


zac cchk -l:"C:\Program Files\Novell\ZENworks\logs\cchk.log"

cdp-verify-content (cvc) [-c] [-l:<path to log>]

Compares the list of content IDs and their sync states on this CDP with what the Primary Servers thinks it should have.

You can use the following options:

  • c - Computes the checksum on the local content.


zac cvc -l:"C:\Program Files\Novell\ZENworks\logs\cvc.log"

cdp-import-content (cic) <content path> [-l:<path to log>]

Imports missing content from the directory specified by content-path, logging to the file specified by log-path.


zac cic c:\import_source_directory -l:"C:\Program Files\Novell\ZENworks\logs\cic.log”

wake-cdp (cdp) [replicate | cleanup]

Wakes the Content Distribution Point worker thread. You can use either of the following options:

  • replicate - Downloads any new or changed content from the Content Distribution Point’s parent ZENworks Server.
  • cleanup - Removes any content that should no longer be stored on the Content Distribution Point.


zac cdp

zac cdp replicate

This command is applicable only if the agent is promoted as a satellite.

Database Commands

statussender CleanUp

Runs the cleanup immediately and deletes entries in the MDStatus database that have not been updated for 14 days since the last successful rollup. By default, the cleanup is performed once a day and runs the first time the Agent Service is started. The cleanup method logs appropriate messages to the zmd-messages.log file when the log level is set to DEBUG.

The MDStatus database is used for rolling bundle and policy status from the managed device to the ZENworks Server.

statussender RollUp

Rolls up statuses to the MDStatus database that have been updated since the last time the status was rolled up successfully. By default, the status sender automatically rolls statuses up every 5 minutes.

The MDStatus database is used for rolling bundle and policy status from the managed device to the ZENworks Server.

Imaging Commands

file-system-guid (fsg) [-d] [-r]

Displays, removes, or restores the workstation GUID in the file system in preparation for taking an image.

For example:

To display the GUID value:

zac fsg

To remove the GUID from the file system:

zac file-system-guid -d

To restore the GUID to the file system:

zac file-system-guid -r

Do not specify an option to print the the GUID value:

zac fsg

Inventory Commands

inventory [scannow | cdf | -f scannow]

Runs an inventory scan or opens the Collection Data Form.

Example to run an inventory scan:

zac inv scannow

Example to open the Collection Data Form:

zac inv cdf

Example to run a full scan:

zac inv -f scannow

Location Commands

config-location (cl)

Displays the configuration location. The configuration location determines which ZENworks \\server (or servers) the device connects to for authentication, configuration, content, and collection purposes.


zac config-location

zac cl

security-location (sl) [view | list | set <location>]

Displays or changes the security location for the device. The security location determines which security policies (settings) are applied to the device.

Accepts the following optional arguments. If no argument is specified, the view argument is used.

  • view - Displays the current location.
  • list - Displays all defined locations.
  • set <location> - Changes to the specified location. <location> must be one of the defined locations.


  • zac security-location view
  • zac sl
  • zac sl list
  • zac sl set office

Logging Commands

logger (log) [resetlog | level [MANAGED|ERROR|WARN|INFO|DEBUG] | managedlevel]

Changes or displays the logger configuration for the ZENworks Adaptive Agent.

You can use the following options:

  • resetlog - Resets the log.
  • level - If this option is used without a level, it displays the current managed logging level. If it is used with one of the levels, changes the logging level to the specified level.
  • managedlevel - Displays the Global Log level of the zone.

Example to reset the log file:

zac logger resetlog

Example to show the current log level:

zac logger level

Example to set the log level to DEBUG and above:

zac logger level DEBUG

Policy Commands

policy-list (pl)

Lists the policies that are currently being enforced on the device (effective policies). To list all policies (effective and non-effective), use the --all option.


zac pl

zac pl --all

policy-refresh (pr)

Applies all of the policies assigned to the device and user.


zac pr

Registration Commands

add-reg-key (ark) <registration key>

Registers the device by using the specified key. Registration with keys is additive. If the device has previously been registered with a key and you register it with a new key, the device receives all group assignments associated with both keys.


zac ark key12

register (reg) [-g] [-k <key>] [-u <username> -p <password] <ZENworks Server address:port>

Registers the device in a Management Zone.

You can use the following options:

  • g - Lets you create a new device object with a new GUID and password for the device if you have multiple devices with the same GUID. When you register a device by using this switch, all the associations (policies and bundles) assigned to the original device object are removed. You cannot use this option to create a new GUID for a Primary Server or a Satellite device. The local user must have Local Administrator rights to use this option.
  • k - Lets you register the device using the specified registration key.
  • p - Lets you specify the Management Zone administrator’s password.
  • u - Lets you specify the Management Zone administrator’s username.


zac reg -k key1 https://123.456.78.90

zac reg -k key1 -u administrator -p novell

The port number is required only if the ZENworks Server is not using the standard HTTP port (80). If a username and password are not supplied, you are prompted for them.

reregister (rereg)[-u <username> -p <password>] <new guid>

Registers a device in the current zone and assigns it the GUID of an existing device object. The currently associated device object is deleted.

For example, if you image a device after replacing the hard drive, the device might get a new GUID. However, by using the reregister command, you can assign the device’s GUID that it had before you replaced the hard drive.


To reregister, specify a username and password:

zac reregister -u myuser -p mypassword eaa6a76814d650439c648d597280d5d4

To reregister and be prompted for a username and password:

zac reregister eaa6a76814d650439c648d597280d5d4

NOTE:The -g and -k options will not be honored if the corresponding device object is already present on the server and reconciliation takes place with that device object.

unregister (unr) [-f] [-s] [-a] [-u <username> -p <password>]

Removes the device’s registration from the Management Zone.


To force a device to unregister locally when a server cannot be contacted:

zac unr -f -u myuser -p mypassword

To unregister locally and suppress prompting for a user name and password:

zac unr -s

Use -a option to unregister asynchronously. With this option server deletes the device asynchronously.

The -a, -f, -u, and -p parameters are optional. If you don’t use the -u and -p parameters, you are prompted to enter a username and password. The -f parameter ignores the ZENworks database and forces the device to be unregistered locally; this option is necessary only if the device object has already been deleted from the ZENworks database or if the device cannot connect to the database. If -a option is specified, ZENworks server returns the unregister call quickly, but deletes the device object asynchronously from the database at a later point of time. If your device deletion is not complete and tries to register the device again, then ZENworks server displays an error. If there is large amount of data associated with the device in the database, it might take long time to delete the device. Ensure that -a option is used when actual device deletion on server takes long time and causes the agent unregister command to timeout.

reestablish-trust (retr) [-u <username> -p <password>]

Reestablishes trust with the current Management Zone. The username and password used must be of the Zone Administrator.


zac retr -u myuser -p mypassword

The -u and -p parameters are optional. If you don’t use the -u and -p parameters, you are prompted to enter a username and password.

Remote Management Commands

request-remote-session, rrs

Requests a remote management session from the managed device even in the absence of the Z-icon. This command is available on managed devices with 11.3.1 and later versions.


zac request-remote-session

zac rrs

Status Commands

cache-clear (cc)

Clears the ZENworks cache on the device. This removes all entries in the cache database and deletes any cache files associated with those entries.


zac cc

NOTE:If your ZENworks administrator has enabled the self defense feature for the ZENworks Adaptive Agent, you must supply an override password before running the zac cc command. Otherwise, you receive the following message:

You do not have permission to clear the cache. Please contact your ZENworks administrator.

You must request the override password from your ZENworks administrator. If he has not set an override password, he must do so before you can use the command. After you receive the password:

  1. Double-click the ZENworks icon (z-icon) in the system tray, click Agent (under Status), then click the Policy Override link in the Agent Security Settings section to display the About box.

  2. Click Override Policy, enter the override password, then click Override.

  3. Go to a command line prompt and run the zac cc command.

  4. After the cache is successfully cleared, return to the About box and click Load Policy to disable the password override.

dump-prop-pages (dpp) <target directory>

Outputs the HTML pages displayed in the ZENworks icon’s property pages to files in the specified target directory.


zac dpp c:\temp

get-settings (gs) <key>

Lists the settings associated with the specified key.


zac gs key1

All valid ZENworks settings keys are stored in the \Program Files\Novell\ZENworks\cache\zmd\settings directory.

Example to list the Remote Management settings:

zac gs RemoteManagement

refresh (ref)[general | partial bundle <Bundle Display Name> [bypasscache]

Initiates a general refresh to refresh all bundles, policies, registration, and configuration settings; initiates a partial refresh to refresh all policies, registration, and configuration settings.

Use bypasscache to avoid using data from the server cache during the refresh. This option is useful for testing or troubleshooting.


zac ref general bypasscache

zac ref partial bypasscache

set-proxy (sp) [options] <IP address/Hostname:port> [username] [password]

Specifies a proxy to contact rather than contacting a ZENworks Server directly. The options are:

  • /default - Sets a proxy that can be overriden by proxy settings from the Management Zone.
  • /clear - Clears the current proxy, but will use proxy settings from the Management Zone.


zac sp 123.456.78.90 administrator novell

zac sp /default 123.456.78.90

If a username and password are not supplied, you are prompted for them.

winproxy-refresh (wpr)

Queries the Management Zone for proxy work assigned to this device.


zac wpr


Lists port and tags for registered handlers.


zac zhs

This command is applicable only if the agent is promoted as a satellite.

info-collect (zeninfo) [<targetfile>] [-q]

Collects ZENworks support information, including cache data, configuration data, debug logs, product installation information, refresh times, status events, and basic system information. The information is packaged into a ZIP file and placed in the location you specify. If you do not specify a location, ${TEMP}\zeninfo-${DateTime}.zip is used for Windows and ${TMPDIR}\zeninfo-${DateTime}.zip is used for Linux. If you are experiencing problems with a managed device, Novell Support might ask you to run this command and send the resulting ZIP file to Novell to help troubleshoot your problem.

To run the zeninfo process in the background, run the following command:

zac zeninfo /tmp/zeninfo/ & echo $! > /tmp/zeninfo/

To stop the zeninfo process, run the following command:

kill `cat /tmp/zeninfo/`

You can use the following option:

  • q - Skip launching explorer after collection.

The zeninfo command can be run by the local administrators. If you are not a local administrator and you run the command, the system prompts you to enter the administrator credentials. You can also set the AllowZenInfoWithoutAdminPwd string value to True, which enables any user to run the zeninfo command. To set the AllowZenInfoWithoutAdminPwd string value, do the following:

  1. Open the Registry Editor.

  2. Go to HKLM\Software\Novell\ZCM\.

  3. Set the AllowZenInfoWithoutAdminPwd string value to True.

WARNING:If the AllowZenInfoWithoutAdminPwd string value is set to True, the sensitive ZENworks Configuration Management settings and configuration information is visible also to the users who are not the local administrators.

zone-config (zc) [-l]

Displays information about the ZENworks Server that the device is accessing for configuration information (the Configuration server) or lists the information for the Configuration server.


zac zc

zac zc -l

statussender (sts) [options]

This command rolls-up status information to the server or cleans up status information locally on the device. The options are:

Rollup - This is used to schedule an immediate rollup of the status information to the server in spite of the pre-scheduled time.

Cleanup - This is used to schedule an immediate cleanup of the status information into the MDStatus database.