15.0 Understanding Policies

Novell ZENworks Linux Management policies provide a mechanism of uniformly configuring applications. ZENworks policies let you configure system and application settings and then set them as Lockdown or Default. Lockdown lets you restrict users from changing settings, so the application must use the values that are configured in the policy. Default lets users change settings.

A policy applies to all users on assigned devices. You can use the Lockdown and Default mechanisms to configure applications in such a way that critical and important settings are locked and an appropriate default value is provided for other settings that might be relevant. Also, if you do not want to enforce a particular setting, you can exclude that setting while creating or editing a policy.

You can also use policies to modify configuration files and execute scripts or programs on managed devices.

Policies can be used to create a set of configurations that you can deploy on any number of managed devices, thereby providing the devices with a uniform configuration and eliminating the need to configure each device separately. You can also create policies with different settings and assign them appropriately to give a different configuration to a specific set of devices.

On managed devices, each policy type is enforced by a Policy Handler/Enforcer, which makes all the configuration changes necessary to enforce and unenforce the settings in a given policy. The Policy Handler/Enforcer executes with root privileges.

The following sections provide basic concepts you should understand as you begin using policies: