17.10 Verifying Policy Enforcement

ZENworks Linux Management lets you verify the enforcement of a policy after it has been assigned to a device or updated and the device has been refreshed (either manually or automatically by ZENworks). After a policy has been enforced, a message is logged indicating the success or failure of the policy enforcement. These messages can be seen in the Event log of the device on which the policy was applied or can be seen in the Event log of the policy that was applied.

To verify the enforcement of the GConf-based policies, you need to re-login to the assigned device. You can then start the application and verify that the policy has been enforced correctly.

If a desktop or user interface session is in progress on a managed device with GConf-based policies assigned to it, and an updated policy is enforced on that device by a console login or an su command, all updated settings may not be immediately applicable on the desktop session. The updated settings are reflected only when the user logs in via the user interface session again.

In the Novell Linux Desktop policy, some of the configuration settings are file-permission-based, and hence for a root user, these settings such as items in the Program menu and System menu will be accessible even if it is locked.

For the Remote Execute and Text File policies, the enforcement occurs according to the schedule. To verify the enforcement, check the managed device to ensure that the specified changes or actions have taken place.

You can also verify the enforcement status or check for errors by looking at the ZMD log on the managed device (/var/opt/novell/log/zenworks/zmd-messages.log for all managed devices except SUSE Linux Enterprise Server 10 (SLES 10) and SUSE Linux Enterprise Desktop 10 (SLED 10) devices. The path for SLES 10 and SLED 10 devices is /var/log/zmd-messages.log).