12.5 Using the Desktop Management Agent Distributor to Deploy the Agent to Workstations in a Microsoft Domain

The Desktop Management Agent Distributor can facilitate the initial deployment and future upgrades of the ZENworks Desktop Management Agent through the use of Microsoft domains and Microsoft Active Directory. By default, the Agent Distributor uses Microsoft domains and Active Directory when selecting target workstations and during deployment of the Desktop Management Agent to those same target workstations.

This section includes the following information:

NOTE:The information in this section also applies to ZENworks 7 Desktop Management with Support Pack 1.

12.5.1 Prerequisites for Using the Agent Distributor

Before you use the Agent Distributor to deploy the Desktop Management Agent in a Microsoft domain environment, make sure the following prerequisites are satisfied:

  • The Agent Distributor is installed with ConsoleOne and can be run from any workstation that has access to ConsoleOne and is part of a Microsoft domain and Active Directory. The agentdistributor.exe is a standalone utility that can be copied from the \sys\public\mgmt\consoleone\1.2\bin directory to the local distributing workstation. The Agent Distributor is executed locally.

  • The user who is logged in at the Windows workstation must be a member of the domain Administrator group.

  • The ZENworks Desktop Management Agent MSI installation file (zfdagent.msi) is located on the Windows workstation or a network location available to the workstation. The zfdagent.msi file is located in the \agentinstall\english directory on the Novell ZENworks 7 Desktop Management CD (or the ZENworks 7 Desktop Management with SP1 CD).

  • Each workstation where the Desktop Management Agent will be deployed must have the Microsoft Windows Installer installed. The installer is preconfigured on Windows 2000 and Windows XP workstations.

  • The Agent Distributor cannot deploy the Desktop Management Agent to a targeted Windows XP SP2 workstation where the Windows firewall is enabled unless the firewall is disabled or the File and Printer Sharing option is selected in the Windows Firewall configuration dialog box.

Enabling Administrative Shares

If administrative shares (displayed as Admin$ on mapped drives) are not enabled on the target workstation, you will be unable to install the Agent on targeted workstations. Windows 2000 workstations enable administrative shares by default. On Windows XP workstations, you need to disable simple file sharing to enable the share.

You can configure a Windows Group Policy to disable simple file sharing on Windows XP workstations. For information about setting up Windows Group Policies, see Windows Group Policy (User and Workstation Packages) in the Novell ZENworks 7 Desktop Management Administration Guide.

The following steps summarize how to configure the policy:

  1. In ConsoleOne, open an existing Windows Group Policy package, then, using the policy editor, launch the Microsoft Group Policy management utility (gpedit.msc).

  2. In the Group Policy management utility, click Local Computer > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

  3. In the Security Options dialog box, change Network access: Sharing and security model for local accounts security setting to Classic - local users authenticated as themselves.

    This disables simple file sharing on the XP workstation.

What Happens if the Shares Are Not Enabled?

If administrative shares are not enabled, you might see the following error:

Failed - Unable to map Admin$ share drive.

The items in the list below are some reasons to explain why you might see the error:

  • A network workstation typically receives its clock time from a network server at login time. The clock time for all of the servers in your network environment should be synchronized. In order to distribute the Agent using the Agent Distributor utility, you should verify that server clock times are within a 10-minute range. If clock times do not fall within this range, the zfdagent.msi cannot be distributed and the error message is displayed.

  • On Windows 2000 workstations, if the registry entry HKLM\System\currentcontrolset\services\lanmanserver\parameters\AutoShareWrks is set to 0 (disabled), Admin$ share is not accessible and the error is displayed.

    In some Windows 2000 machines, this registry entry is not present, but the Admin$ share is available. Testing has shown that to avoid the error, either the AutoShareWrks parameter should not be present in the registry or you need to enable it if it is present.

12.5.2 Deploying the Desktop Management Agent

To deploy the Desktop Management Agent to workstations that are members of a Microsoft domain or Active Directory:

  1. At the Windows workstation, log in to the domain as a user who is a member of the domain Administrator group.

  2. Launch ConsoleOne on the Windows workstation, then click Tools > ZENworks Utilities > Install Agents.

    or

    Copy the agentdistributor.exe file to the distributing workstation from the sys\public\mgmt\ConsoleOne\1.2\bin directory and execute it on the local workstation.

    If you are not a member of the domain Administrator group, or if the workstation is not a member of the domain, the main dialog box of the Agent Distributor waits for input (this allows for the possibility of distributing the agent to Windows workgroups; see Section 12.6, Using the Desktop Management Agent Distributor to Deploy the Agent to Workstations in a Windows Workgroup). Otherwise, the following dialog box is displayed:

    Domain Administrator Credentials Required dialog box
  3. Enter your domain administrator username and password, then click OK to display the following dialog box.

    Agent Distributor Utility dialog box
  4. In the Location of ZENworks Desktop Management Agent (zfdagent.msi) field, browse to and select the zfdagent.msi file.

    If the zfdagent.msi file is not already on the workstation's local drive or an available network drive, copy it from the \agentinstall\english directory located on the Novell ZENworks 7 Desktop Management CD.

  5. Configure the Management Agent options. To do so:

    1. Click Configure Agent to display the Configure ZENworks Desktop Management Agent dialog box.

      Configure ZENworks Desktop Management Agent dialog box

      Use this dialog box to configure the Desktop Management Agent options. The options you select (such as Install or Uninstall) determine the availability of other options. A description of each option is listed below.

      Uninstall/Install/Reboot: Select whether you want the Desktop Management Agent installed or uninstalled. Select Reboot if you want the workstation to reboot after the operation is complete.

      Features: Select the features you want installed or uninstalled. If you select Uninstall and select all of the features, the ZENworks Desktop Management Agent is uninstalled.

      Middle Tier Address and HTTP Port: If you are using a ZENworks Middle Tier Server, specify the DNS name or IP address of the ZENworks Middle Tier Server that the Desktop Management Agent will be connecting to, then specify the HTTP or HTTPS port number that the Apache Web Server (NetWare) or the IIS Web Server (Windows) will use to listen for the Agent login.

      If you are using the Novell Client, no Middle Tier address is required.

      If no Middle Tier address is specified, the Agent Distributor verifies at installation time that a Novell Client is installed. The Agent Distributor does not install the Agent if the Middle Tier has not been specified.

      Login Settings: These settings determine the ZENworks Middle Tier Server login options that are available in Workstation Manager.

      • Display Novell Login: Select this option to enable the Middle Tier Server login to be displayed by the Workstation Manager.

      • Editable Middle Tier Address: Select this option to enable users to edit the Middle Tier Server address during login.

      Application Launcher Settings: These settings apply to the Novell Application Launcher.

      • Limit Application Launcher to One Tree: Select this option to limit the Novell Application Launcher access to applications in one tree only. Specify the tree in the ZENworks for Desktops Tree field.

      • Launch on Windows Startup: Select the Novell Application Launcher view (Application Explorer or Application Window) that is added to the Windows Startup folder and launched when Windows starts. If you don't want to use the Windows Startup folder to start Novell Application Launcher, don't select either view.

      Tree Settings: Use this field to specify the eDirectory tree to be used as the ZENworks tree. If Workstation Manager is installed, this tree becomes the tree where it looks for policies. If Limit Application Launcher to One Tree has been selected and Application Launcher is installed, this tree becomes the tree where it looks for applications.

    2. When you are finished configuring the Desktop Management Agent options, click OK to save the settings and return to the ZENworks Desktop Management - Agent Distributor Utility dialog box.

  6. Add the workstations where you want to deploy the Desktop Management Agent. To do so:

    1. In the Target Workstations box, click Add to display the Browse for Domain dialog box.

      Browse for Domain dialog box

      This dialog box lists the domain that you are authenticated to as an administrator. If your workstation is attached to a domain that has trusts with other domains, those domains are also listed.

    2. Select the domain that includes the workstations you want to add, then click OK to display the Select Workstation Using Active Directory dialog box.

      If you select a trusted domain, you are prompted to enter the domain administrator credentials.

      Select Workstation dialog box

      The Search Results list displays all workstations that are located in the context displayed in the LDAP Context field. You can use the Browse button to change contexts. Changing contexts displays workstations contained in the selected context.

      IMPORTANT:The data in Search Results list of the Agent Distributor is obtained from Active Directory. If you remove a workstation from the domain or directory but you do not remove the workstation from Active Directory using the Active Directory management tool, the Search Results list is inaccurate.

    3. In the Search Results list, select the workstations you want to add, then click Add.

    4. Repeat Step 6.a through Step 6.c to add all the workstations where you want to deploy the Desktop Management Agent.

  7. If you want to save your settings to a project (.pad) file for reuse another time, select File > Save As, specify the filename, then click OK.

    The project file is saved in readable .ini format.

  8. Click Deploy Agent to deploy the Management Agent to the selected workstations and display the Distributing ZENworks Desktop Management Agents to Target Workstations dialog box.

    Distributing ZENworks Desktop Management Agents to Target Workstations dialog box.

    The dialog box displays deployment successes and failures. You can save a failure event to a project file (.pad) and open it from the File menu after you have corrected the problems with the failed workstations.

The Agent Distributor also keeps a log file (lastrun.log) that includes the list of successes and failures of each distribution attempt. The log file includes the same output that the deployment window displays, but it also includes start and end times. The file is saved in the same directory as agentdistributor.exe. A sample lastrun.log file is shown below.

=============  Start time Thursday, April 01, 2004 11:32 AM ===========
Workstation SWILLIAMSDELL Successful
Workstation SWDESKPRO-W98 Successful
=============  End time Tuesday, April 06, 2004 11:34 PM ==============
=============  Start time Friday, April 09, 2004 12:49 PM =============
Workstation testing6 Failed - Unable to contact workstation.
Workstation WILLIAMS2KSP3 Failed - Unable to map $Admin share drive.
=============  End time Friday, April 09, 2004 12:49 PM ===============

The Agent Distributor also copies an MSI debug file from each workstation and stores it at the root of the Windows drive under a \workstationlogs directory. This directory contains only the most recent log files; all files are deleted on the next attempt to distribute the ZENworks Desktop Management Agent. This debug file can help you to troubleshoot a deployment failure on a particular workstation. The name of the file is the workstation name with a .log extension (for example, c:\workstationlogs\williams2ksp3.log).