4.3 Configuring Server Policies

You can configure server policies for containers, servers, and service locations. The policies allow you to automate use of NetWare functionality. See your NetWare documentation for specific information.

To configure server policies, review the instructions in the following sections:

For information on scheduling server policies, see Section 4.7, Scheduling Policies.

4.3.1 Compiling Zentrap.mib

The SNMP Community Strings and SNMP Trap Targets policies utilize SNMP. Zentrap.mib is located on the Program CD under \zfs\tedpol\sfiles\mibs.

To receive SNMP traps on your SNMP management console, you must copy the zentrap.mib file from the ZENworks 7 Server Management with Support Pack 1 Program CD to the location that your management console uses to manage MIBs, then compile it. Your SNMP management console can then receive and interpret SNMP traps from Server Management.

4.3.2 Configuring the Container Package Policy

The Search policy is used by the Distributor for information on how to read the eDirectory tree when the Distributor has been refreshed.

IMPORTANT:If you do not use the Search policy, Server Management searches up to [Root] and reads the objects every hour. Be sure to configure and enable the Search policy to limit unnecessary search traffic.

To configure the Search policy:

  1. In ConsoleOne, right-click the Container Package, click Properties.

  2. Select the Policies tab, select the check box for Search Policy, click Properties, then select the Search Level tab.

    If the box under the Enabled column is not selected for the Search policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. To determine the upper limits of the search policy, select one of the following:

    Search Location

    Description

    Object Container

    Search to the parent container of the Server object

    Partition

    Search to the Partition Root

    Selected Container

    Search to the selected container

    [Root]

    Search to the root of the tree

    If you chose Selected Container, browse to select the container.

    To determine searching limits in either direction of the item selected, enter a number. For example:

    #

    Description

    0

    Limits the search to the current level (as set in the Search For Policies Up To field).

    1

    Limits the search to one level above the current level (as set in the Search For Policies Up To field).

    For example, if you specify the server’s parent container in the Selected Container field, +1 would limit the search to one level above the parent container.

    –1

    Limits the search to one level below the chosen search level (as set in the Search For Policies Up To field).

    For example, if you select [Root] in the Search For Policies Up To field, -1 would allow searching up to one level below [Root].

  4. To determine the search order, select the Search Order tab.

    Type

    Description

    Object

    Server

    Group

    Server Group

    Container

    Container of Servers

    Use the arrow keys to change the order. You can also click Add or Remove to change which object types are used.

  5. (Optional) Because policies are refreshed when they are received at the Subscriber, specify a refresh frequency.

    The default is once every hour.

    If you leave both time increments at zero (days and hours), policies are not refreshed from eDirectory, even if you have Policy Manager Will Refresh Policies From eDirectory selected.

    Changes made to enabled policies are not enforced until they are refreshed at the given refresh interval. However, you can manually refresh all policies using the POLICY REFRESH command at the server console. The refresh rate is listed in seconds at the server console (1 hour = 3600 seconds).

  6. Click OK to close the policy.

    If you click Cancel, none of the Search policy changes made on any of the tabs are saved.

  7. To associate the policy package so that the Search policy is enforced on the Distributor, select the Associations tab, then click Add.

  8. Browse to select the container where the Distributor object resides (or any container above it), then click OK.

    If you click Cancel, the association you made is not saved.

4.3.3 Configuring Service Location Package Policies

Because the Distributor does not receive Distributions, policies for a Distributor must be associated with the container where its object resides. The Service Location Package contains policies used by the Distributor.

To configure Service Location Package policies, review the following sections:

SMTP Host

Sets the TCP/IP address of the SMTP relay host that processes outbound Internet e‑mail. This policy must be enabled if you select the E‑Mail option for notifying or logging messages for the Distributor.

To configure the SMTP Host policy:

  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the SMTP Host policy’s check box, then click Properties.

    If the box under the Enabled column is not selected for the SMTP Host policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. Provide the TCP/IP address or DNS name of the relay host server, then click OK.

  4. To associate the policy package so that the SMTP Host policy is enforced on the Distributor, select the Associations tab, then click Add.

  5. Browse to select the container where the Distributor object resides (or any container above it), then click OK.

    If you click Cancel, the association you made is not saved.

SNMP Trap Targets

Use this property page to establish the targets (or locations) where you want SNMP traps sent from the Distributor. Each target must be a valid TCP/IP address or DNS name.

Make sure that you have compiled zentrap.mib (see Section 4.3.1, Compiling Zentrap.mib).

To configure the SNMP Trap Targets policy:

  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the SNMP Trap Targets policy, then click Properties.

    If the box under the Enabled column is not selected for the SNMP Trap Targets policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. To add items to the SNMP Trap Targets list on the SNMP Trap Policy tab, click Add.

  4. On the SNMP Target dialog box, provide valid a TCP/IP address or DNS name, then click OK.

  5. Repeat Step 3 and Step 4 for each trap target to be added.

  6. To schedule the policy, select the Schedule tab, select a type in the Schedule Type field, then configure the schedule:

  7. Click OK when finished.

  8. To associate the policy package so that the SNMP Trap Targets policy is enforced on the Distributor, select the Associations tab, then click Add.

  9. Browse to select the container where the Distributor object resides (or any container above it), then click OK.

    If you click Cancel, the association you made is not saved.

Tiered Electronic Distribution

This policy allows you to set default values for the attributes of Distributors and Subscribers.

How the Policy Works

The default values set in the Tiered Electronic Distribution policy become effective when you associate the Service Location Package that contains this policy to a container above where the Distributor and Subscriber objects reside, or to the container where Subscriber objects reside.

The values in the attributes of the Tiered Electronic Distribution policy automatically replace the similar values for the Distributor and Subscriber objects, but only if the default values of those attributes have never been changed in the object’s properties.

After you have changed the values of the attributes in the Distributor or Subscriber objects and you want to use the values in the Tiered Electronic Distribution policy, then you must edit the Distributor or Subscriber object’s properties and select the Use Policy check box at the top of each tab in the object’s properties that contains the check box. Then the Tiered Electronic Distribution policy values will appear in the Distributor or Subscriber object’s attributes.

Cumulative Policies

Tiered Electronic Distribution policies are not cumulative, meaning:

  • One at a time: You cannot have more than one Service Location Package (containing the Tiered Electronic Distribution policy) associated to the same container.

  • Closest wins: If the Subscriber’s container is associated with a Tiered Electronic Distribution policy (in the Service Location Package) and a parent container also has a Tiered Electronic Distribution policy (in the Service Location Package) associated with it, the Tiered Electronic Distribution policy of the closest container (the Subscriber’s own container) prevails.

Replacing, Adding, or Losing Property Values

The following information applies only where the Tiered Electronic Distribution policy is in effect:

  • You can add the Variables defined in the Tiered Electronic Distribution policy to the Distributor or Subscriber’s list of variables. They do not replace the variables already defined in the Distributor or Subscriber object.

  • For all other policy fields that coincide with values in a Distributor’s or Subscriber’s properties, the Tiered Electronic Distribution policy replaces, not supplements, them, including the possibility of replacing property values with empty fields. Therefore, if you create a Tiered Electronic Distribution policy, make sure you fill in all of the fields on every tab in the policy that you want to be applied to the affected Distributors or Subscribers.

    For example, if your Subscriber has a working directory entered in its object’s properties, and you do not provide a working directory in the Tiered Electronic Distribution policy, then later apply the policy by selecting the Use Policy check box on the Subscriber’s properties, the Subscriber will no longer have a working directory available to it.

Multiple Policies for Platform Configurations

You can have multiple instances of the Tiered Electronic Distribution policy for your Subscriber objects for the purpose of defining different policy settings for different server platforms. To do this, you must have created the Subscriber objects in different containers representing their respective operating systems.

Subscriber attributes that could require operating system-specific values are:

  •    working directories
  •    messaging settings
  •    variables definitions
Configuring the Tiered Electronic Distribution Policy
  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the Tiered Electronic Distribution policy, then click Properties.

    If the box under the Enabled column is not selected for the Tiered Electronic Distribution policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. Click General > Settings and fill in the fields:

    Input rate: Sets the default input rate to minimize network traffic for Tiered Electronic Distribution objects. This determines the receive rate for Subscribers and Distributors. The default value is the maximum that the connection can handle. You can use this rate to control the use of narrow bandwidth links.

    Output rate:  Sets the default output rate to minimize network traffic for Tiered Electronic Distribution objects. This determines the send rate for Distributors and parent Subscribers. The default value is the maximum that the connection can handle. Blank means that bandwidth is taken from third-party applications.

    There are three output priorities where you can specify a rate:

    • High priority: These Distributions are sent before any Medium or Low priority Distributions.

    • Medium priority: These Distributions are sent after all High priority and before any Low priority Distributions.

    • Low priority: These Distributions are sent after all High and Medium priority Distributions.

    For more information, see Section 3.4.5, Prioritizing Distributions.

    Maximum concurrent Distributions to build: Specifies the maximum number of distribution threads that can be running concurrently for building Distributions. The default value is 5. Valid values are from 1 to 10.

    This number can help in load-balancing a Distributor’s building activity.

    Maximum concurrent Distributions to send: Specifies the maximum number of distribution threads that can be running concurrently for sending Distributions. The default value is unlimited (a blank field).

    This number can help in load-balancing a Distributor’s sending activity and spread network traffic over an entire scheduling window.

    Connection time-out: Specifies a default number of seconds before the Distributor times out when connecting to another node, or specifies the number of seconds a Subscriber waits for a response from a Distributor (receiving) or a Subscriber (sending) before ending the connection.

    After the time has transpired, a Distributor ends the connection and does not retry until the Channel’s Send schedule starts again. If a connection is ended during sending or receiving, a Subscriber does not start again until the next time the Channel’s Send schedule starts.

    The default value is 300 seconds (five minutes). The available range in seconds is 1 to 60,000. You should select a reasonable time to wait for a response from one node to another.

    IMPORTANT:This interval must be increased on slow or busy links where longer delays are frequent.

    Working directory: Provide a default Tiered Electronic Distribution directory to store Distributions, persistent status, and temporary files on a server. The directory needs to be located where there is enough free space to handle processing of Distributions.

    The Working Directory field allows the use of variables to specify the volume/drive and directory names. However, variables only work with Subscribers.

    IMPORTANT:Distributors are not able to resolve variables and use exactly what is specified in the Working Directory field. For example, if the value was %VOL%ted1\working, the Distributor would create a working directory on the sys: volume named sys:\%VOL%\ted\working, because it could not resolve %VOL%.

    For more information, see Section 3.12, Working Directories.

    Parent Subscriber: Subscribers should generally not receive their Distributions directly from a Distributor. You can browse for a Subscriber to be the default parent Subscriber for your whole network, which passes on Distributions when a Subscriber object might not have a parent Subscriber defined in its properties.

    Disk space desired to be left free: Use this as the default value to ensure there is enough free disk space for receiving Distributions where you might not have this value defined in a Subscriber object’s properties. A Subscriber does not attempt to receive a Distribution if the disk space value set here is insufficient.

  4. Click General > Messaging and fill in the fields:

    Server console: Procedure to follow when displaying messages at the server console. The default is Level 4 (Information & Level 3 Messages).

    SNMP trap: Procedure to follow when sending SNMP traps. The default is Level 0 (No Messages).

    Log file: Procedure to follow when recording information to a log file. The default is Level 5 (Trace Information & Level 4 Messages).

    Filename: By default, this field is blank. Whatever log filename you select, it replaces ted.log for the servers where this policy is enforced.

    To create a log file, specify the log file’s filename using the following format:

    installation_path\directory_path\filename.filename_extension
    

    The installation_path is not required for ZENworks to locate the log file, but it is easier for you to locate the file if the path is included.

    IMPORTANT:Because the log file can become quite large, for NetWare servers we recommend that you do not use the sys: volume.

    Use filename extensions such as .log or .txt.

    Delete log entries older than __ days: Controls disk space usage. For log files, it is important to set the message levels at minimal detail and to purge entries older than six days (the default).

    E-mail: Procedure to follow when sending e‑mail messages. None or Errors Only are recommended to minimize unnecessary e‑mail traffic. The default is Level 0 (No Messages).

    Users: Add users, groups, or e‑mail addresses.

    Address attribute: Displays the attribute of the associated user or group. You can change the attribute from the drop-down list, which displays over three dozen options.

    Following are some of these options:

    CN

    Given Name

    Postal Code

    Description

    Initials

    Postal Office Box

    EMail Address

    Internet EMail Address

    Surname

    Full Name

    Mailbox ID

    Telephone Number

    Employee ID

    NSCP:mailHost

    Title

    Entrust:User

    OU

    uniqueID

    Generational Qualifier

    Physical Delivery Office Name

     

  5. To assign default values to variables used by the Subscriber, select the Variables tab, click Add, then fill in the fields:

    Variable: Name of the variable. It should indicate how the variable is used. For example, WORKINGVOL.

    The variable name can be derived from predefined and user-defined variables.

    Value: The value that the Subscriber uses when this variable is specified. For example, data:.

    A value can be another variable name. You can nest variables using this method.

    To ensure that extraction takes place, provide an absolute path to the Subscriber. For example, if the path is only the data: volume, make sure the colon (:) is included, because it is a necessary part of the full path.

    Description: Describes how the variable is used. For example:

    Volume for the working directory.
    

    If a variable defined here does not exist in a Subscriber’s variables list, it is automatically added. However, if the variable does exist in the Subscriber’s variables list, the definition in the Subscriber prevails.

  6. To assign a default refresh schedule for all Distributors, select the Schedule tab, click Distributor Refresh Schedule, select a schedule in the Schedule Type field, then configure the schedule:

    For information on the refresh schedule, see Scheduling.

    IMPORTANT:We recommend the Distributor’s Refresh schedule be daily, unless changes to Distributions warrant a more frequent refresh. However, do not refresh the Distributor more often than every five minutes. The following can need up to five minutes to complete their processes: Distribution building, eDirectory replication, and tree walking (when no Search policy is defined).

  7. To assign a default extraction schedule for all Subscribers, select the Schedule tab, click Subscriber Extract Schedule, select a schedule in the Schedule Type field, then configure the schedule:

    For information on the extraction schedule, see Scheduling.

  8. Click OK to close the policy.

  9. To associate the policy package so that the Tiered Electronic Distribution policy is enforced on the Distributor, select the Associations tab, then click Add.

  10. Browse to select the container where the Distributor object resides (or any container above it), then click OK.

    If you click Cancel, the association you made is not saved.

  11. To associate the policy package so that the Tiered Electronic Distribution policy is enforced on a Subscriber, select the Associations tab, then click Add.

  12. Browse to select the container where Subscriber objects reside (or any container above it), then click OK.

    This should be the Subscribers where you want the Tiered Electronic Distribution policy’s default information to be available.

    If you are creating this policy for a particular operating system, make sure you select the correct platform-specific container, and the policy applies only to the Subscribers under that container.

    If you click Cancel, the association you made is not saved.

  13. Repeat Step 12 for each container where Subscribers exist that you want to use this policy.

ZENworks Database

Sets the DN for locating a ZENworks Database object. If you did not establish this information when installing Policy and Distribution Services, you can create this policy to enable Server Management to locate a database file for logging successes and failures that are used in creating reports. You can also create this policy to override the information established during installation.

Use this property page to select the database object to be associated with the current ZENworks Database policy. The policy is not in effect until you have distributed the policy to the Subscribers, or associated the policy with the Distributor.

The Server Management database is used to store reporting information for Distributions and Server Policies.

To configure the ZENworks Database policy:

  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the ZENworks Database policy, then click Properties.

    If the box under the Enabled column is not selected for the ZENworks Database policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. Select the Policy/Distribution Management tab.

  4. In the Database DN field, browse for the ZENworks Database object that represents the database for this policy, then click OK.

  5. To associate the policy package so that the ZENworks Database policy is enforced on the Distributor, select the Associations tab, then click Add.

  6. Browse to select the container where the Distributor object resides (or any container above it), then click OK.

    If you click Cancel, the association you made is not saved.

4.3.4 Configuring Distributed Server Package Policies

You can configure Distributed Server Package policies to automate control of various server behaviors and processes and to automate control of SMTP Host TCP/IP addresses, SNMP Trap Targets, and the ZENworks Database object’s DN.

There are several Policies tab options for server policies, one for each supported operating system. The policies that are available on the General tab apply to servers on all platforms. The policies available on the specific platform tabs apply only to the servers for those platforms.

Platform-specific policies, such as those on the NetWare tab, always override similar policies on the General tab for a particular policy package.

All policies are contained in the NetWare policies. Therefore, only the NetWare policies are documented here. The information applies equally to each platform.

To configure Distributed Server Package policies, review the following sections:

Copy Files

The Copy Files policy enables copying of files on a server from one location to another by using policy configurations. You can either copy or move the files.

To configure the Copy Files policy:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Select the Policies tab, then select the platform from:

    •    General
    •    Windows
    •    NetWare
    •    Linux
    •    Solaris
  3. Click Add, click Copy Files, provide a policy name, then click OK.

  4. Click Properties.

    The Copy Files tab displays.

  5. Click Add.

    Local File Copy #1 defaults. You can edit that name.

  6. Fill in the fields:

    Source path: Provide the full path where the files to be copied are located.

    You can use wildcards in the path:

    •    * = any number of characters
    •    ? = any single character in that position
    •    ??? = any characters in those positions

    Target path: Provide the full path where the copied files are to be placed.

    You can use wildcards in this path. This path does not need to mirror the source path. However, you could mirror an existing target path.

    Include subdirectories: Includes all subdirectories and their files beginning from the directory at the end of the path; otherwise, only the files in the directory at the end of the path are copied.

    Maintain attributes: Maintains the file attributes in the target’s file system that exist in the source’s file system.

    Overwrite destination files: Overwrites files of the same name in the destination directories, regardless of differences in file dates. If you do not select this option, files of the same name is not replaced.

    Maintain trustees: Maintains the file’s trustee attributes.

    When a file is locked: Select one or both:

    • Retry __ times: Retries overwriting a locked file the number of times you select before failing to replace the file. Leave this check box deselected to not replace locked files on the target file system.

    • Kill connection of open files: (NetWare only) Attempts to kill the connection of locked files so they can be overwritten. This applies only to files being extracted, not to files being accessed to build the Distribution. If a file belonging to a Distribution is locked when the Distribution is being built, the build fails. Server and NLM connections cannot be killed.

    Error processing: Fail On Error is selected by default. This stops the file copying process when an error is encountered in copying. To continue file copying when an error is encountered, select Continue On Error.

    Operation: Sets whether to copy or move the files identified in the Source Path.

  7. Select the Schedule tab, then schedule the policy (see Section 4.7, Scheduling Policies).

  8. Click OK to close the policy.

NetWare SET Parameters

You can automate the use of SET parameters by your servers.

To configure NetWare SET parameters:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or General).

  3. Click Add, then select NetWare Set Parameters.

  4. Provide a name for this SET parameters policy, then click OK.

    Because the policies selected from this dialog box are plural, you can have multiple SET parameter policies listed on the Policies tab. Therefore, provide a unique name for this policy.

    When you click OK after naming the SET parameters policy, it is selected on the Policies tab.

  5. Click Properties.

    The Set Commands tab displays.

  6. Click Add.

    The NetWare Server SET Command Wizard opens.

  7. Select the server containing the SET parameters, then click Next.

    IMPORTANT:The Policy/Package Agent must be running.

  8. Select all of the commands you want to configure in the policy.

    You can select whole categories by selecting the check box for the category, or clicking the plus sign to expand a SET command category and selecting the check boxes for individual commands to be included.

    WARNING:Do not select the Set Developer Option SET command and change the default of Off to On. This parameter is meant to help developers debug server abends. It disables some of the operating system checking to prevent certain abends from occurring. Also, if the Set Developer Option is enabled, running NCP™ scripts that require keyboard entry could abend the server.

  9. Click Finish when you are finished selecting the commands.

    The selected commands are now displayed in the Set Commands tab for the policy.

  10. To edit a SET command, click its plus sign to expand its attributes.

  11. To edit an attribute, select the attribute, then click Edit.

    A dialog box is displayed in which you can make changes to the attribute.

  12. Repeat Step 11 for each attribute to edit for a given SET command.

  13. Repeat Step 10 through Step 12 to edit another SET command’s attributes.

  14. Schedule the policy (see Section 4.7, Scheduling Policies).

  15. Click OK to close the policy.

    If you click Cancel, neither the schedule or the SET parameter changes are saved.

Prohibited File

This policy allows you to monitor and enforce the deletion or moving of unauthorized files from a specified volume/drive or directory/folder. For example, you can automate deletion of .jpg, .mp3, and .avi files from a server.

All platforms are supported (NetWare®, Windows, Linux, and Solaris), including the use of the General tab.

With this policy, you can:

  • Specify one or more volumes/drives or directories to monitor. You have the option to include all subdirectories.

  • Specify which file types to monitor using wildcard combinations.

  • Specify the action for all encountered files as follows:

    • Delete

    • Move to specified location

  • Specify a schedule for enforcement of the policy.

To configure a policy to manage prohibited files:

  1. In ConsoleOne, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Click Add, then select Prohibited File.

  4. Provide a unique name for the policy, then click OK.

    The following property page is displayed:

  5. Fill in the fields:

    Directories to monitor: For this instance of the policy, you can specify the paths to be monitored:

    • Path: This can be a volume, drive, or directory name. It must be the full path when a directory is given.

      You can add multiple paths. For each path that you enter, files matching the file types that you define in the File Type field are either deleted or moved according to which Action button you select.

      Variables are supported in the paths.

    • Subdirectory: Select the check box to specify that all subdirectories be included.

      If you want only a certain subdirectory, you should create another policy just for that subdirectory by giving its full path in the Path field. However, you cannot move files to a directory that is being monitored, or to any of its subdirectories.

    • Add: Opens a dialog box where you can select a path. This field cannot be browsed, so you must know the full path to the files to be moved or deleted.

    • Edit: Allows you to edit the selected path.

    • Remove: Removes the selected path entry from the list.

    Files to manage: You can specify the type of files you want to monitor:

    • Add: Opens a dialog box where you specify a file type. You can use wildcards in the path:

      •    * = any number of characters
      •    ? = any single character in that position
      •    ??? = any multiple characters in those positions

      This field cannot be browsed, so you must specify the correct information to identify the files to be moved or deleted.

      IMPORTANT:The ? wildcard acts differently in ZENworks than in DOS. For example, the search string *.htm? finds only files that end in .html, whereas DOS finds files that end in both .htm and .html. In other words, use of the ? wildcard in ZENworks means that you expect a character to occupy its position in the filename.

    • Edit: Allows you to edit the selected file type.

    • Remove: Removes the selected file type from the list.

    Action: You have two options for how to handle the files you’ve specified in the Directories to Monitor and the Files to Manage boxes:

    • Delete files: Select the option to delete the specified files from the locations you have identified.

    • Move files to: Select the option to move the specified files to the path that you specify in this field. This field cannot be browsed, so you must know the full path to where you want the files to be moved.

      If you move files:

      • The full paths of the files are preserved (meaning if the path doesn’t exist at the target, it is created there)

      • Files are overwritten if they exist in the same path

      • File or directory attributes and trustees are not transferred

      • File ownership is preserved

      IMPORTANT:If a directory is being monitored, you cannot move files into it or any of its subdirectories.

    When a file is locked: Occasionally, files you might be trying to delete or move might be open. For these files, you can specify one of the following resolutions:

    • Retry ___ times: Select the check box and enter a number for how many times you want to retry deleting or moving the file before continuing with the next file. Valid entries are from 1 to 10. The time used by each increment depends on the various hardware and software speeds involved in your system.

      Use this field to allow enough time for a temporarily opened file to be closed, such as a file that is only opened long enough for the application to either obtain a copy for editing or write a new copy of the file.

    • Kill connection of open files: (NetWare only) Kills the connection that is holding the file open so that the file can be deleted or moved, even if opened by a user at the time.

      IMPORTANT:You can only kill connections to files on workstations. Server files cannot be disconnected from the process that has them open.

  6. Click OK to close the policy.

Scheduled Down

You can automate when and how you want a server to go down, and whether it should be automatically brought back up.

To configure a scheduled downing for a server:

  1. In ConsoleOne, right-click Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Click Add, then select Scheduled Down.

  4. Provide a unique name for the policy, then click OK.

    Because the policies selected from this dialog box are plural, you can have multiple Scheduled Down policies listed on the Policies tab. Therefore, provide a unique name for this policy.

    When you click OK after naming the Scheduled Down policy, the policy is selected on the Policies tab.

  5. Click Properties.

    The Up Procedure tab displays.

  6. Select the downing method:

    Downing Option

    Description

    Reset Server

    Downs the server and then does a warm boot

    Restart Server

    Downs the server and then restarts it

    Down Server

    Downs the server, does not restart it

  7. Schedule the policy (see Section 4.7, Scheduling Policies).

  8. Click OK to close the policy.

    If you click Cancel, neither schedule for your newly scheduled Down policy is saved.

Scheduled Load/Unload

You can automate scheduled loading and unloading of NLM files and Java Class processes, and Linux and Solaris executables.

To configure the schedules:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Click Add, then select Scheduled Load/Unload.

  4. Provide a name for this Load/Unload policy, then click OK.

    Because the policies selected from this dialog box are plural, you can have multiple Load/Unload policies listed on the Policies tab. Therefore, provide a unique name for this policy.

    When you click OK after naming the Load/Unload policy, it is selected on the Policies tab.

  5. Click Properties.

    The Scheduled Load/Unload tab displays.

  6. Click Add.

  7. Select one of the following options:

    Select an item for further instructions on configuring it.

  8. Repeat Step 6 and Step 7 for each NLM or process to be included.

  9. To rearrange the order, use the arrow keys.

  10. Schedule the policy (see Section 4.7, Scheduling Policies).

  11. Click OK to close the policy.

    If you click Cancel, your newly scheduled Load/Unload policy is not saved.

Server Down Process

You can automate the procedures your servers use when they are downed.

IMPORTANT:For the Windows, Linux, and Solaris platforms, if you down the server from its console, this policy is not recognized. Instead, you must down the server using the Actions option in Remote Web Console in iManager so that this policy can be applied.

To configure the downing process for a server:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Select the Server Down Process policy, then click Properties.

    If the box under the Enabled column is not selected for the Server Down Process policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  4. To configure procedures for downing, select the Down Procedure tab, then click Down Procedures.

  5. To enable the policy’s options, select the check box labeled Follow this procedure when a down server is triggered, then enter the number of minutes to wait before downing the server.

  6. To disable login before downing, select the check box, then enter the number of minutes before downing to disable login.

  7. To drop connections before downing, select the check box, then enter the number of minutes before downing the server to drop connections.

  8. To configure an order for unloading, select the Down Procedure tab, then click Ordered Unload.

    1. To include NLM files and processes, select the Unload these NLMs and kill these processes in this order before downing check box.

    2. Click Add.

    3. Select either NLM or Process, provide the name, then click OK.

    4. To change the order, use the arrow keys.

  9. To configure reporting, select the Notification tab, then click Reporting.

    1. To have another server send an SNMP alert if the server is not up after a specified time, select the Send SNMP Alert check box, then enter the number of minutes.

      For information about displaying SNMP traps on your management console, see Section 4.3.1, Compiling Zentrap.mib.

    2. To specify which servers can watch for the restart and send the alert in case of failure, click Add to display an ordered list of candidate servers.

      Policy and Distribution Services starts at the top of the list to communicate with the first server and use it for the alert notification. If Policy and Distribution Services cannot communicate with a server, the next one on the list is tried. The first server that can be used is the one that is scheduled to send the alert.

    3. Browse to select a server.

    4. Repeat Step 9.a through Step 9.c for each server needed.

    5. To change the order, use the arrow keys.

  10. To configure broadcast messages, select the Notification tab, click Broadcast Messages, then click Send messages to connected users.

    1. Enter the number of times to send the message.

    2. To broadcast custom text, enter it in the box.

    3. To include the predefined message containing a time as the last line of your broadcast, select the check box.

      The x minutes is derived from dividing the number of times from Step 10.a into the number of minutes remaining before the server can be downed, then subtracting that amount (in whole minutes) for the amount to display in each broadcast. For example, if there are 10 minutes remaining and you select 5 in Step 10.a, the message is broadcast every two minutes. The number of minutes remaining after each broadcast will be two minutes less than at the last broadcast.

  11. To configure targeted messages, select the Notification tab, click Targeted Messages, then click Send e‑mail to selected users when server is going down.

    1. To specify the users, groups, or e‑mail addresses to receive the targeted messages, click Add.

    2. Select either User, Group, or E‑Mail Address.

    3. Browse to select the user or group, or provide the e‑mail address.

    4. Repeat Step 11.a through Step 11.c for other users, groups, or e‑mail addresses.

  12. To configure the conditions for downing a server, select the Conditions tab, then click Use Conditions.

    1. To specify the conditions, click Add.

    2. Select from the following conditions to specify when not to bring the server down:

      Some of these conditions require you to enter valid names. Others use the Select Object dialog box to browse for them.

      File open: If the files that you specified are open. For example, a .exe.

      NLM loaded: If the NLM files that you specified are running.

      Server connected: If the server that you specified is connected.

      User connected: If the users that you specified are connected.

      Number of user connections: If the number of users connected exceeds the number you specify. In other words, don’t bring the server down if too many users would be affected.

      Workstation connected: If the workstations that you specified are connected.

    3. Repeat Step 12.a and Step 12.b for each condition to add to the list.

    4. To change the order, use the arrow keys.

  13. Click OK to close the policy.

    If you click Cancel, none of the Server Down Process policy changes made on any of the tabs are saved.

Server Scripts

You can automate script usage by your NetWare servers.

To configure server scripts:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Click Add, then select Server Scripts.

  4. Provide a unique name for the policy.

    Because the policies selected from this dialog box are plural, you can have multiple Script policies listed on the Policies tab. Therefore, provide a unique name for this policy.

    When you click OK after naming the Script policy, it is selected on the Policies tab.

  5. Click Properties.

    The Script tab displays.

  6. Click Add, then select Server Scripts.

  7. Provide a script name.

    Script #1 displays.

  8. Select the script type (NCF, NetBasic*, PERL).

    IMPORTANT:NetBasic is not supported on NetWare 6.5 servers.

  9. Enter the script text.

  10. Repeat Step 6 through Step 9 for each script to be added.

  11. Use the arrow keys to arrange the order to execute the scripts.

  12. Schedule the policy (see Section 4.7, Scheduling Policies).

  13. Click OK to close the policy.

    If you click Cancel, neither the schedule or any of the scripts entered are saved.

SMTP Host

You can set the TCP/IP address of the relay host that processes outbound Internet e‑mail.

To configure the SMTP Host policy:

  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the SMTP Host policy, then click Properties.

    If the box under the Enabled column is not selected for the SMTP Host policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

    The SMTP Host tab defaults.

  3. Provide the TCP/IP address or DNS name (such as mail.novell.com), then click OK to close the policy.

    If you click Cancel, the TCP/IP address is not saved.

SNMP Community Strings

This policy provides configuration and scheduling of SNMP community strings.

Make sure that you have compiled zentrap.mib (see Section 4.3.1, Compiling Zentrap.mib).

IMPORTANT:Running INETCFG does not show that the policy has been applied to the server. Instead, use TCPCON to verify. See Verifying Community String Changes.

To configure the SNMP Community Strings policy:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Select the SNMP Community Strings policy, then click Properties.

    If the box under the Enabled column is not selected for the SNMP Community Strings policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

    The SNMP Community Policy tab displays.

  4. Fill in the Community Strings fields:

    •    Monitor
    •    Control
    •    Trap

    Community strings are case sensitive. Enter a string for each field as needed.

  5. Select the Schedule tab, then schedule the policy (see Section 4.7, Scheduling Policies).

  6. Click OK to close the policy.

Verifying Community String Changes

To confirm that the SNMP Community Strings policy has been successfully applied to a server, do the following on any NetWare server:

  1. At the server’s main command prompt, enter tcpcon to display the following menu:

  2. Select SNMP Access Configuration to display “Local System” in the Transport Protocol field:

  3. Press Enter to display the Transport options:

  4. Select the TCP/IP option to display the TCP/IP transport protocol information:

  5. Replace lb with the IP address of the NetWare server where you want to verify the string changes, and replace public with a valid monitor read string:

  6. Press Esc to display the Save TCP/IP Console Option? menu, then select Yes to continue:

  7. At this point, you should see the statistics being updated; however, if the community string changes are not displayed (as depicted below), make sure that the correct monitor string was entered in Step 5.

  8. Another way to see that the policy is actually applied when the policy is deployed is to change the messaging level for the server’s Subscriber object to Level 4 or Level 5 (see the SNMP trap field in Step 3 under Section 3.6.3, Configuring Subscribers), then view the new and old string values in the TCP/IP Console screen as the changes occur.

SNMP Trap Targets

You can set targets for SNMP traps for the Policy/Package Agent.

For information about displaying SNMP traps on your management console, see Section 4.3.1, Compiling Zentrap.mib.

Understanding How the Windows Trap Target Policy Enforcer Behaves

The following abbreviations are used in this section to represent these Windows registry locations:

  • AGENT_KEY: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters

  • ZFS_KEY: HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Zenworks\ZfS

The Windows SNMP trap target policy enforcer performs in the following sequence:

  1. The policy enforcer first verifies an installation of an SNMP agent. This is done by checking if AGENT_KEY exists. If it exists, the enforcer assumes that an SNMP agent is installed and continues with the following steps. Otherwise, an error is returned and the processing stops.

  2. The enforcer keeps track of all trap targets added by the ZENworks Server Management policy by placing the trap targets in ZFS_KEY. The trap targets are organized like the trap targets in AGENT_KEY with a subkey of TrapConfiguration. The subkey TrapConfiguration contains community strings that are represented as registry subkeys. These community strings contain the trap target values associated with each community string.

  3. Each trap target in the ZENworks Server Management policy is put into AGENT_KEY, unless it already exists. The policy enforcer ensures that each Server Management trap target is found, or is added to each community string. If no community strings exist in AGENT_KEY, a community string named “public” is created.

  4. Any previously added trap targets found in ZFS_KEY that are removed from the ZENworks Server Management policy are removed from AGENT_KEY. Trap targets not added by Server Management are not removed.

  5. If Microsoft’s SNMP agent is installed, the agent’s trap targets are automatically updated with registry changes.

Configuring the SNMP Trap Target Policy

To configure the SNMP Trap Targets policy:

  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the SNMP Trap Targets policy, then click Properties.

    If the box under the Enabled column is not selected for the SNMP Trap Targets policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. Click Add.

  4. Provide a new target, then click OK.

    HINT:Provide the TCP/IP address or DNS name of the target server. IPX addresses are not supported.

  5. Repeat Step 3 through Step 4 for each new trap target.

  6. Select the Schedule tab, then schedule the policy (see Section 4.7, Scheduling Policies).

  7. Click OK to close the policy.

    If you click Cancel, none of the targets that you provided are saved.

Text File Changes

You can automate changes to text files on your servers.

To configure text file changes:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Click Add, then select Text File Changes.

  4. Provide a unique name for the policy.

    Because the policies selected from this dialog box are plural, you can have multiple text file policies listed on the Policies tab. Therefore, provide a unique name for this policy.

    When you click OK after naming the text file policy, it is selected on the Policies tab.

  5. Click Properties.

    The Text Files tab defaults.

  6. Click Add.

    After one text file has been added, you are given the opportunity to select whether you are adding another text file or another change item for the selected text file.

    To add another text file, select Text File. It does not matter which text file or change item is selected in the left pane—the text file is added to the far left level.

    To add another change to a text file, in the left pane select the text file for the change, click Add, then select Change. The change item is added under the selected text file.

  7. If you are adding a text file, provide the name of the text file.

  8. Accept the default name (such as Change #1) or rename it; if you are adding a text file, click OK.

  9. Click the down-arrow for the Change Mode field, then select the change mode from the drop-down list.

  10. Click the down-arrow for the Search Type field, then select the search type from the drop-down list.

  11. Enter the exact search string.

  12. Select the check box if you want the string search to be case sensitive.

  13. To find all occurrences of the search string, make sure the box is selected, or deselect the box to find only the first occurrence.

  14. Click the down-arrow for the Result Action field, then select the action from the drop-down list that should result if a string is matched.

  15. If you are replacing a string or entering a new one, enter the text in the New String text box.

  16. Repeat Step 6 through Step 15 for each text file to add or each change to be made.

  17. To reorder the text files and change items, use the arrow keys.

  18. Schedule the policy (see Section 4.7, Scheduling Policies).

  19. Click OK to close the policy.

    If you click Cancel, neither the schedule or any of the text files entered are saved.

ZENworks Database

If you installed the Server Management database during installation, but the database file is not associated with a Database object, you can set its object’s DN so that the server this policy is associated with can find the database file for logging information.

To configure the ZENworks Database policy:

  1. In ConsoleOne, right-click the Service Location Package, then click Properties.

  2. Select the ZENworks Database policy, then click Properties.

    If the box under the Enabled column is not selected for the ZENworks Database policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

  3. Select the Policy/Distribution Management tab.

    The Inventory Management tab defaults. Make sure you are using the correct tab.

  4. Provide the DN of your ZENworks Database object, or browse to select the DN, then click OK to close the policy.

    If you click Cancel, the DN is not saved.

ZENworks Server Management

This policy provides basic configuration parameters for Policy and Distribution Services.

To configure the ZENworks Server Management policy:

  1. In ConsoleOne, select the Distributed Server Package’s container, right-click the Distributed Server Package, then click Properties.

  2. Click Policies > NetWare (or other platform).

  3. Select the ZENworks Server Management policy, then click Properties.

    If the box under the Enabled column is not selected for the ZENworks Server Management policy, select it before clicking Properties. A policy must be enabled to activate the Properties button.

    The General – Status tab displays.

  4. To determine the policy’s general status:

    1. Select the procedure to follow when displaying messages at the server console.

    2. Select the procedure to follow when sending SNMP traps.

      For information about displaying SNMP traps on your management console, see Section 4.3.1, Compiling Zentrap.mib.

    3. Select the procedure to follow when recording information to a log file.

      Logging Procedure

      Description

      Log File

      Select this option to enable it and provide the log file’s filename. Include its full path. By default, Policy and Distribution Services uses \zenworks\zfs-startup.log, unless you enter a filename here. Then, for the servers where this policy is enforced, the log file you specify here is used instead of zfs-startup.log.

      Some examples:

      • sys:\zenworks\polpack.log
      • sys:\zenworks\polpack.txt
      • data:\zenworks\policies.log

      Delete Log Entries Older Than__Days

      Use this option to control disk space usage.

      E-Mail Messages

      Select whether to send e‑mail messages. The None or Errors Only options are recommended.

      • Users

      You can add users, groups, or e‑mail addresses.

      • Address Attribute

      After you select users or groups, this field displays the attribute of the associated user or group. You can change the attribute from the drop-down list.

      IMPORTANT:Set the E‑Mail Messages option to either None or Errors Only. If you set this to a more detailed level, performance degrades because of the extra e‑mail messages that are created.

  5. To determine the policy’s configuration, select the ZENworks Server Management tab, then click Configuration.

    1. Provide a console prompt.

      You can customize the prompt using plain text and variables. The default is:

      %SERVER_DN% - ZENworks Server Management >
      

      You can use any of the predefined or user-defined variables (for more information, see Section 9.2, Types of Variables).

    2. Provide a working path.

      This is for Policy and Distribution Services temporary and backup files. The default directory is \zenworks\pds\smanager\working.

    3. To determine how old database information should be before purging, enter the number of days.

      All policy-related information older than the number of days entered is purged when Server Management is started on the same server where zfslog.db resides.

      IMPORTANT:The database can only be purged if Server Management is running on the same server where zfslog.db is located.

      Tiered Electronic Distribution information is purged manually from the database. For more information, see Section 10.5, Purging the Database.

  6. To set a port number for the ZENworks Web Server, select the Port Configuration tab and select or enter a port number.

  7. Click OK to close the policy.

    If you click Cancel, none of the policy changes on any of the tabs are saved.

4.3.5 Creating Custom Log Files Using Policies

If you want to create custom log files, you can use either the Tiered Electronic Distribution policy (Service Location Package) or the ZENworks Server Management policy (Distributed Server Package):

  • Tiered Electronic Distribution policy: With this policy, you associate its Service Location Package to an eDirectory container, and all Distributor and Subscriber objects under it can use this policy. The Use Policy check box that is displayed in each of the object’s properties allows you to individually select whether that Distributor or Subscriber should use the policy. The check box is disabled by default.

    Using this policy, the Distribution Agent logs Tiered Electronic Distribution information to your custom log file for the selected Distributors and Subscribers.

  • ZENworks Server Management policy: With this policy, you distribute its Distributed Server Package to the servers where you want the policy enforced.

    Using this policy, the Policy/Package Agents for these servers log policy and software package information to your custom log file.

When you are creating and configuring one of these policies, the Path and Filename field for the log file is blank by default.

For information on how to create and configure these policies, see: