Setting Up Rogue Process Management

Rogue process management is enabled and configured through the Windows registry. The following sections explain how to manually modify the registry on Windows 98 and Windows 2000/XP workstations and how to create an Application object to distribute the registry changes through Application Launcher:


Manually Modifying the Registry

  1. Use regedit.exe to open the Windows registry.

  2. Locate the following key:

    HKEY_CURRENT_USER\Software\NetWare\NAL\1.0

  3. Add a Process Management key under the 1.0 key:

    HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management

  4. Add a Default Action value to the Process Management key using the following information:

    Value Type: DWORD

    Value Name: Default Action

    Value Data: To have Application Launcher ignore all rogue processes, enter 0. To have Application Launcher terminate all rogue processes, enter 1.

  5. Add a Report Terminated value to the Process Management key using the following information:

    Value Type: DWORD

    Value Name: Report Terminated

    Value Data: To disable reporting of rogue processes that Application Launcher terminates, enter 0. To enable reporting of terminated rogue processes, enter 1.

  6. Add a Report Ignored value to the Process Management key using the following information:

    Value Type: DWORD

    Value Name: Report Ignored

    Value Data: To disable reporting of rogue processes that Application Launcher ignores, enter 0. To enable reporting of ignored rogue processes, enter 1.

  7. If you enabled reporting by adding a Report Terminated or Report Ignored value, you need to determine where you want the reports sent. To do so:

    1. Add a Reporting Targets key to the Process Management key:

      HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management\Reporting Targets

    2. To configure database reporting, add a Database value to the Reporting Targets key using the following information:

      Value Type: DWORD

      Value Name: Database

      Value Data: To disable reporting to a database, enter 0. To enable reporting to a database, enter 1. When this option is enabled, Application Launcher writes to the database determined by the Service Location Policy package associated with the user. For more information, see Enabling the ZENworks Database Policy .

      For information about queries you can use to generate reports from the database, see Generating Reports from a Database.

    3. To configure SNMP reporting, add an SNMP value to the Reporting Targets key using the following information:

      Value Type: DWORD

      Value Name: SNMP

      Value Data: To disable SNMP reporting, enter 0. To enable SNMP reporting, enter 1. When this option is enabled, Application Launcher sends to the SNMP trap targets determined by the Service Location Policy package associated with the user. For more information, see Enabling the SNMP Trap Targets Policy.

    4. To configure XML reporting, add an XML value to the Reporting Targets key using the following information:

      Value Type: DWORD

      Value Name: XML

      Value Data: To disable XML reporting, enter 0. To enable XML reporting, enter 1. When this option is enabled, Application Launcher sends to the XML targets determined by the Service Location Policy package associated with the user. For more information, see Enabling the SNMP Trap Targets Policy.

      If the XML reports are being processed into a database, see Generating Reports from a Database for information about queries you can use to generate reports from the database.

    5. To configure log file reporting, add a File value to the Reporting Targets key using the following information:

      Value Type: String

      Value Name: File

      Value Data: Specify the full path and filename to be used for the log file. This can be a mapped drive or a UNC path to a local or network drive. For example, \\server1\vol1\process\rogue.txt. If you do not enter a value, log file reporting is disabled.

      For information about understanding the information written to the log file, see Understanding Log File Reports.

  8. If you want to use an exceptions list, create an Exception List key under the Process Management key: 

    HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management\Exception List

    The Default Action setting (Step 4) determines what happens to the processes you add to the exceptions list. If the Default Action is set to 0 (ignore processes), then any processes you add to the exceptions list are terminated rather than ignored. If the Default Action is set to 1 (terminate processes), then any processes you add to the exceptions list are ignored rather than terminated.

  9. Add a DWORD value to the Exception List key for each process you want added to the list.

    Value Type: DWORD

    Value Name: Enter the process filename. You can enter either the displayed executable name or the original filename. If the process has an original filename, it is listed on the Version tab of the executable's Properties dialog box (right-click the executable file > click Properties > click Version). Do not enter a path for the file, only the filename.

    Value Data: Do not enter anything in this field.

  10. Save the registry changes.


Creating an Application Object to Distribute the Registry Modifications

  1. In ConsoleOne®, create a simple Application object (see Distribution: Simple Applications if necessary), using the following information:

    Object Name: Specify a unique name for the eDirectory object (for example, Rogue Process Management).

    Path to File: Do not specify anything in this field.

    Distribution Rules: If you want to enforce specific rules before the registry changes are distributed to a workstation, define the rules. You can also do this at a later time.

    Associations: Select the users or workstations you want the changes distributed to. You can also do this at a later time.

  2. After you've created the Application object, right-click the object, then click Properties to display the object's property pages.

  3. Click Distribution Options, then click Registry to display the Registry page.

  4. Create the following registry key:

    HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management

    To create the key:

    1. Select the HKEY_CURRENT_USER key, click Add, then click Key to add a new entry key called New Key.

    2. Rename the key to Software.

    3. Repeat the process described in Step 4.a and Step 4.b to create the complete key structure.

  5. Add a Default Action value to the Process Management key. To do so:

    1. Select the Process Management key, click Add, click DWORD to display the Edit DWORD Value dialog box, then fill in the fields as follows:

      Value Name: Default Action

      Value Data: To have Application Launcher ignore all rogue processes, enter 0. To have Application Launcher terminate all rogue processes, enter 1.

    2. Click OK to add the Default Action value to the Process Management key.

  6. Add a Report Terminated value to the Process Management key. To do so:

    1. Select the Process Management key, click Add, click DWORD to display the Edit DWORD Value dialog box, then fill in the fields as follows:

      Value Name: Report Terminated

      Value Data: To disable reporting of rogue processes that Application Launcher terminates, enter 0. To enable reporting of terminated rogue processes, enter 1.

    2. Click OK to add the Report Terminated value to the Process Management key.

  7. Add a Report Ignored value to the Process Management key. To do so:

    1. Select the Process Management key, click Add, click DWORD to display the Edit DWORD Value dialog box, then fill in the fields as follows:

      Value Name: Report Ignored

      Value Data: To disable reporting of rogue processes that Application Launcher ignores, enter 0. To enable reporting of ignored rogue processes, enter 1.

    2. Click OK to add the Report Ignored value to the Process Management key.

  8. If you enabled reporting by adding a Report Terminated or Report Ignored value, you need to determine where you want the reports sent. To do so:

    1. Add a Reporting Targets key to the Process Management key:

      HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management\Reporting Targets

    2. To configure database reporting, add a Database value to the Reporting Targets key using the following information:

      Value Type: DWORD

      Value Name: Database

      Value Data: To disable reporting to a database, enter 0. To enable reporting to a database, enter 1. When this option is enabled, Application Launcher writes to the database determined by the Service Location Policy package associated with the user. For more information, see Enabling the ZENworks Database Policy .

      For information about queries you can use to generate reports from the database, see Generating Reports from a Database.

    3. To configure SNMP reporting, add an SNMP value to the Reporting Targets key using the following information:

      Value Type: DWORD

      Value Name: SNMP

      Value Data: To disable SNMP reporting, enter 0. To enable SNMP reporting, enter 1. When this option is enabled, Application Launcher sends to the SNMP trap targets determined by the Service Location Policy package associated with the user. For more information, see Enabling the SNMP Trap Targets Policy.

    4. To configure XML reporting, add an XML value to the Reporting Targets key using the following information:

      Value Type: DWORD

      Value Name: XML

      Value Data: To disable XML reporting, enter 0. To enable XML reporting, enter 1. When this option is enabled, Application Launcher sends to the XML targets determined by the Service Location Policy package associated with the user. For more information, see Enabling the SNMP Trap Targets Policy.

      If the XML reports are being processed into a database, see Generating Reports from a Database for information about queries you can use to generate reports from the database.

    5. To configure log file reporting, add a File value to the Reporting Targets key using the following information:

      Value Type: String

      Value Name: File

      Value Data: Specify the full path and filename to be used for the log file. This can be a mapped drive or a UNC path to a local or network drive. For example, \\server1\vol1\process\rogue.txt. If you do not enter a value, log file reporting is disabled.

      For information about understanding the information written to the log file, see Understanding Log File Reports.

  9. If you want to use an exceptions list, create an Exception List key under the Process Management key: 

    HKEY_CURRENT_USER\Software\NetWare\NAL\1.0\Process Management\Exception List

    The Default Action setting (Step 4) determines what happens to the processes you add to the exceptions list. If the Default Action is set to 0 (ignore processes), then any processes you add to the exceptions list are terminated rather than ignored. If the Default Action is set to 1 (terminate processes), then any processes you add to the exceptions list are ignored rather than terminated.

  10. Add a string value to the Exception List key for each process you want added to the list. To do so:

    1. Select the Exception List key, click Add., click DWORD to display the Edit DWORD Value dialog box, then fill in the fields as follows:

      Value Name: Enter the process filename. You can enter either the displayed executable name or the original filename. If the process has an original filename, it is listed on the Version tab of the executable's Properties dialog box (right-click the executable file, click Properties, then click Version). Do not enter a path for the file, only the filename.

      Value Data: Do not enter anything in this field.

    2. Click OK to add the value to the Exception List key.

  11. Click the Associations tab to display the Associations page.

  12. Add the users and workstation you want to distribute the changes to. To make sure the changes are made without requiring any user intervention, enable the Force Run option on each association.

  13. Click OK to save the changes to the Application object.

The registry modifications are distributed to associated users the next time Application Launcher refreshes and to associated workstations the next time Application Launcher Workstation Helper refreshes.