Novell Documentation: ZENworks for Servers 3 - Setting Up Security for Remote Management

Setting Up Security for Remote Management

The following sections provide information about setting up security for the Remote Management sessions:

Configuring the Remote Management Policies

To configure the Remote Management policies, you must perform the following tasks:

Creating the Policy Packages

ZfS 3 requires policy packages in the eDirectory tree that can hold the server policies. You can later configure and enable the server policies.

Policy packages are eDirectory objects that contain collections of policies grouped according to the object types. You should create an Organizational Unit (OU) for holding the policy packages. Consider the following when determining where to place this OU:

Whether you have partitions in your tree
The 256-character limit in eDirectory for the full distinguished name
How you will use the Search policy to locate the policy package

If you install ZENworks for Desktops (ZfD) to your tree, you may want to keep the ZfS and ZfD policies in separate containers, such as ZfS_Policies and ZfD_Policies.

For ZfS 3 Remote Management, create two containers, one for Tiered Electronic Distribution (TED) objects and the other for the Remote Management policy package.

To create a container:

In ConsoleOne, right-click the container where you want the container for the policy packages placed.

Click New > Object > Organizational Unit > OK.

Name the container, for example, ZfS_Policies > click OK.

IMPORTANT: If you have partitions that are accessed across a WAN, make sure that the Policy Package objects are in the same partition as the Server object so that the Policy/Package Agents will load. Also make sure that the Search policy does not require searching outside the partition where the Server object exists.

For Remote Management, you must create the Distributed Server package. The Distributed Server package is required to distribute the Remote Management policies among the managed servers for enforcement.

To create the Distributed Server package:

Right-click the policy package's container > click New > click Policy Package.

The Policy Package Wizard is displayed.

From the Policy Packages list, select Distributed Server Package > click Next.

Enter a name for the Distributed Server Package > click Next > click Finish.

Creating and Configuring the TED Objects

For ZfS 3 Remote Management, you must create and configure the following TED objects:

TED Distribution
TED Channel

To create and configure the TED objects, see Configuring TED Objects .

Configuring the Server Remote Management Policy

The Server Remote Management policy defines the behavior of the Remote Management Agent. This policy is distributed to the specified Windows managed servers using the TED, which helps the remote operator to associate the Remote Management policy to a group of Windows managed servers from the management console.

To configure the Server Remote Management policy:

In ConsoleOne, right-click the Distribute Server Package object > click Properties.

Click the Policies tab > select the Windows sub-option.

Select the check box under the Enabled column for the Server Remote Management Policy.

Click the Properties button > the Remote Management tab.

Click the General tab.

Click Display Remote Management Agent Icon To Users for Remote Control and Remote View sessions.

Click the Remote Control tab > select the options that you want to use. Your choices are:
- Prompt User for Permission to Remote Control
- Give User Audible Signal when Remote Controlled
- Give User Visible Signal when Remote Controlled
- Allow Blanking User's Screen
- Allow Locking User's Keyboard and Mouse

Click the Remote View tab > select the options that you want to use. Your choices are:
- Prompt User for Permission to Remote View
- Give User Audible Signal when Remote Viewed
- Give User Visible Signal when Remote Viewed

Click Apply > Close.

Right-click the Server Remote Management policy > select Edit Schedule.

Modify the schedule > click Apply > click Close.

To associate the Server Remote Management policy with a managed server, click the Distribution tab.

Click Add > browse for and select the Distribution object > click OK.

Click Apply > click Close.

Configuring the Distribution Object for Remote Management

You must configure the Distribution object for distributing the Remote Management policies.

To configure the Distribution object:

In ConsoleOne, right-click the Distribution object > click Properties.

Click the Type tab.

Select Policy Package from the Select Type drop-down list.

Click Add > select the Distributed Server package that has the Server Remote Management policy.

Click the Schedule tab.

Modify the schedule > click Apply > click Close.

Configuring the Distributor and the Subscriber Objects

To configure the Distributor and the Subscriber objects, see Configuring TED Objects .

If the managed servers are residing on a different eDirectory tree or the Windows NT server does not have the eDirectory installed, you must create and configure an External Subscriber object for sending Distributions to Subscribers residing on managed servers in other trees. For more information on External Subscribers, see Configuring TED Objects .

Setting Up the Agent Password at the Managed Server

The user at the managed server can change the password of the Remote Management Agent to make sure that the Remote Management sessions are secure.

To change the agent password:

Right-click the Remote Management Agent icon from the system tray of the Windows NT/2000 managed server.

Click Security > click Set Password.

Use a password of ten or fewer alphanumeric characters. The password is case-sensitive and cannot be blank.

The new password must be communicated to the remote operator each time it is changed.