The Application Launcher components, authentication methods, and file system access used when managing workstation-associated applications differ from a Windows 98 operating system to a Windows 2000/XP operating system, as explained in the following sections:
The following table lists the components, authentication method, and file system access used by Application Launcher when managing a workstation-associated application on a Windows 98 workstation.
Table 23-3 Windows 98 (Workstation-Associated Applications)
Event |
Responsible Component |
eDirectory Authentication |
Workstation File System Access |
Network Server File System Access |
|
---|---|---|---|---|---|
Distribution |
Workstation Helper |
Windows user 1 |
NetWare: Folder and file rights assigned to eDirectory workstation 2 Windows: Permissions assigned to Active Directory user 3 Linux: Rights assigned to Samba user 4 |
||
Launch (normal) |
Same as Distribution. |
|
|||
Launch (force run 5) |
Workstation Helper |
eDirectory workstation (Workstation object) |
Windows user |
NetWare: Folder and file rights assigned to eDirectory workstation Windows: Permissions assigned to Active Directory user Linux: Rights assigned to Samba user |
|
Caching |
Same as Launch (force run). |
|
|||
Uninstall |
Workstation Helper |
eDirectory workstation (Workstation object) |
Windows user |
Not applicable |
|
1 The Windows 98 operating system, unlike Windows 2000/XP, does not provide file system security for individual users. Each Windows 98 user account has full access to the local file system, which means that Application Launcher and Workstation Helper have all the file system access they require.
2 NetWare file system rights can be assigned through the Application object (
tab > page). Any workstation that is associated with the Application object receives these rights. You can also directly assign rights to workstations through their Workstation objects ( tab > page) or some other method, such as adding them to a workstation group that has been assigned the appropriate rights.
3
Windows server file permissions must be assigned through the user's Active Directory account, which must have the same username and password as the user's eDirectory account. The user, Middle Tier Server (if used), and Windows server must be members of the same Windows domain. For information about using Novell DirXML to synchronize user account information between eDirectory and Active Directory, see Installing Nsure Identity Manager 2.02 Bundle Edition
in Installing in a Windows Network Environment
in the Novell ZENworks 7 Desktop Management Installation Guide.
Note that this is different than for a workstation-associated application distributed to a Windows 2000/XP workstation (see Windows 2000/XP (Workstation-Associated Applications)). Windows 98 does not differentiate between the user and the workstation (system), so the user credentials must be used for login, not the workstation credentials. If access to the Windows server is being provided through the ZENworks Middle Tier Server, the Domain User account used by the Middle Tier Server must be assigned the appropriate permissions.
4
Linux server file rights are assigned through Samba. The procedures for doing this depend on the Linux distribution (OES Linux, SUSE Linux Enterprise Server, etc.) being used. For OES Linux and SUSE Linux Enterprise Server, see Configuring a Linux Server for ZENworks File Access
in the Novell ZENworks 7 Desktop Management Installation Guide. For additional information, refer to the OES Linux and SUSE Linux Enterprise Server documentation available on the Novell Documentation Web site or refer to the documentation for your Linux distribution.
5 The Force Run setting causes the application to automatically distribute after it becomes available. For information about configuring an application as Force Run, see Associations Page.
The following table lists the components, authentication method, and file system access used by Application Launcher when managing a workstation-associated application on a Windows 2000/XP workstation.
Table 23-4 Windows 2000/XP (Workstation-Associated Applications)
Event |
Responsible Component |
eDirectory Authentication |
Workstation File System Access |
Network Server File System Access |
|
---|---|---|---|---|---|
Distribution |
NAL Service |
eDirectory workstation (Workstation object) |
Windows System user 1 |
NetWare: Folder and file rights assigned to eDirectory workstation 2 Windows: Permissions assigned to Active Directory workstation 3 Linux: Rights assigned to workstation through Samba4 |
|
Launch (normal) |
Application Launcher or NAL Service (when run as secure/unsecure System user 5) |
eDirectory workstation (Workstation object) |
Windows user or Windows System user (when run as secure/unsecure System user) |
NetWare: Folder and file rights assigned to eDirectory user or folder and file rights assigned to eDirectory workstation (when run as secure/unsecure System user) Windows: Permissions assigned to Active Directory user or permissions assigned to Active Directory workstation (when run as secure/unsecure System user) Linux: Rights assigned to Samba user or rights assigned to workstation (when run as secure/unsecure System user) |
|
Launch (force run 6) |
NAL Service |
eDirectory workstation (Workstation object) |
Windows System user |
NetWare: Folder and file rights assigned to eDirectory workstation Windows: Permissions assigned to Active Directory workstation Linux: Rights assigned to workstation through Samba |
|
Caching |
NAL Service |
eDirectory workstation (Workstation object) |
Windows System user |
NetWare: Folder and file rights assigned to eDirectory workstation Windows: Permissions assigned to Active Directory workstation Linux: Rights assigned to workstation through Samba |
|
Uninstall |
NAL Service |
eDirectory workstation (Workstation object) |
Windows System user |
Not applicable |
1 For Application Launcher and its associated programs (NAL Service and Workstation Helper) to work properly, the Windows System user account must have full rights to all areas of the workstation. By default, this access is granted to the System user as a member of the Administrators group. Do not limit the default rights given to the Administrators group or the System user account.
In addition, Application Launcher requires that the Windows user account provide the following rights:
At least Read access to the NAL cache directory (typically, c:\nalcache). For more information, see Section 24.2, File System Rights to the NAL Cache.
Full Control access to the user's temp directory (typically, c:\documents and settings\username\local settings\temp).
Full Control access to the user's data encryption directory (typically, c:\documents and settings\username\application data\microsoft\crypto). This is required only if the user is using the Desktop Management Agent without a network client.
Read\Write rights to the HKEY_CURRENT_USER\ Software\NetWare\NAL\.1.0 registry key.
Read rights to the HKEY_LOCAL_MACHINE\Software\NetWare\NAL\1.0 registry key
Read rights to the HKEY_LOCAL_MACHINE\Software\Novell\ZENworks registry key.
2 NetWare server file rights can be assigned through the Application object (
tab > page). Any workstation that is associated with the Application object receives these rights. You can also directly assign rights to workstations through their Workstation objects ( tab > page) or some other method, such as adding them to a workstation group that has been assigned the appropriate rights.3 Windows server file permissions must be assigned through the workstation's Active Directory account. The workstation, Middle Tier Server (if used), and Windows server must be members of the same Windows domain. Note that this is different than for a workstation-associated application distributed to a Windows 98 workstation (see Windows 98 (Workstation-Associated Applications)). Windows 98 does not differentiate between the user and the workstation (system), so the user credentials must be used for login, not the workstation credentials. If access to the Windows server is being provided through the ZENworks Middle Tier Server, the Domain User account used by the Middle Tier Server must be assigned the appropriate permissions.
4
Linux server file rights are assigned through Samba. The workstation (not the logged-in user) must have rights to read files from the Linux server’s Samba share. The procedures for assigning rights depend on the Linux distribution (OES Linux, SUSE Linux Enterprise Server, etc.) being used. For OES Linux and SUSE Linux Enterprise Server, see Configuring a Linux Server for ZENworks File Access
in the Novell ZENworks 7 Desktop Management Installation Guide. For additional information, refer to the OES Linux and SUSE Linux Enterprise Server documentation available on the Novell Documentation Web site or refer to the documentation for your Linux distribution.
5 The Secure System User and Unsecure System User settings cause the application to run in the "system" space as the Windows System user rather than in the “user” space as the logged-in user. These settings are intended to ensure that users can run the application even if they have limited access rights to the workstation's file system. For more information, see Environment Page.
6 The Force Run setting causes the application to automatically distribute after it becomes available. For information about configuring an application as Force Run, see Associations Page.