Scenario 2: Desktop Management Agent Only Installed on Workstations

The table below summarizes the limitations you can expect when using ZENworks 6.5 in the following environment:

Tested Function ZENworks Behavior or Limitation

Authentication

The user logs in to the VPN network and the eDirectory tree at the same time.
  • No integration with the VPN client (unlike a Novell Client environment, users must always log in to the desktop first)
  • No integration with NetIdentity (the VPN client does not populate NetIdentity secure store with user credentials)

Automatic Workstation Import
  • Manual registration (zwsreg.exe) is required after the user has used the VPN client to authenticate.
  • The zenwsimport DNS name can be configured at the ZENworks Middle Tier Server or in the DNS/hosts file, but the user must be authenticated to the Middle Tier Server in order to use the Middle Tier zenwsimport setting.
  • Workstations can be registered on the LAN first and then connected through the VPN client.

Distributing User Associated Policies
  • The Dynamic Local User policy (DLU) fails because the user is required to log in to the workstation before starting the VPN client.
  • The iPrint policy is distributed normally if the policy distribution is configured as a login event or as a scheduled action.
  • The User Extensible policy is distributed normally if the policy distribution is configured as a login event or as a scheduled action. A workstation reboot may be required for some configuration changes to take effect.
  • The Windows Group policy is distributed normally if the policy distribution is configured as a login event or as a scheduled action. A workstation reboot may be required for some configuration changes to take effect.
  • The Remote Control policy is distributed normally.

    Remote control does not work based on imported Workstations IP address stored in the Workstation object. BorderManager 3.8 has a unique IP address for the VPN session, and that IP address must be used to remotely control the client. The Workstation object must also be logged in.

Distributing Workstation Associated Policies
  • Agent policies that are configured to distribute with a scheduled action are distributed normally to workstations that must log in locally before authenticating through the VPN client. A workstation reboot may be required for some configuration changes to take effect.
  • The iPrint policy is distributed normally if the policy distribution is configured as a login event or as a scheduled action.
  • The Extensible policy configured to distribute with a scheduled action distributes normally to workstations that must log in locally before authenticating through the VPN client. A workstation reboot may be required for some configuration changes to take effect.

Using the Novell Application LauncherTM to Distribute User Associated Applications

  • MSI applications
  • Simple applications
  • Web applications
  • AOT/AXT
  • Distribution requires selecting ZENworks Middle Tier Server Login for authentication, even when user has already been successfully logged in using other Middle Tier applications (for example, NetStorage).
  • The Work Online/Offline toggle might not function correctly until authentication through the ZENworks Middle Tier Login function is accomplished.
  • Myapps.html access fails with the Internet browser, generating a GPF error.After authentication, the applications are distributed normally.

Using the Novell Application Launcher to Distribute Workstation Associated Applications

  • MSI applications
  • Simple applications
  • Web applications
  • AOT/AXT
  • Application Launcher does not distribute workstation associated applications.
  • If the user is unable to authenticate to the Workstation object on login, the Application Launcher Workstation Helper (zenappsws.dll) does not connect. In contrast, Workstation Manager logs in about 60 seconds after the VPN connection becomes available.