This document provides a test scenario that shows you how you can use scripting in ZENworks Endpoint Security Management to provide additional functionality for 3rd party products.
As the ZENworks administrator, you want to ensure that a specific application is always running on your ZENworks managed devices. The following steps help you import a predefined Scripting policy that monitors whether or not an application is running and, if it is not, start the application and inform the user that it is a required a application.
Import the Scripting policy:
Copy the following files to a directory on the ZENworks Primary Server:
When you click a filename, the file will either be opened, saved, or you will be prompted to open or save it. You need to save the file. If it opens, click> .
If you downloaded the Endpoint Security Resource Kit, you can copy the files from the PolicyExamples directory.
On the Primary Server, open a command prompt, change to the directory where you copied the files, then run the following commands one at a time, entering your ZENworks administrator username and password when prompted:
zman epi "Location Assignment" policykey.txt Location-Assignment.xml
zman epi "Scripting - Enforce Application Running" policykey.txt Scripting-Enforce-App-Running.xml
A message similar to the following is displayed when a policy is successfully imported:
Successfully created the object "Location Assignment" in "/Policies".
Validate the policy import:
In ZENworks Control Center, clickto display the list with the two imported policies.
Click thepolicy, then click its tab.
There are six locations included in the policy: the standardlocation and five locations that start with . The locations were imported with the policy and added as locations in your zone. If you go to the page ( > ), you will see them listed.
For this test scenario, only theis used. The other locations are used with the test scenarios for other policies (Wireless, USB, and VPN).
The locations do not include any network environments, which means that the only way a device can switch to one of the locations is for the device’s user to manually change to the location. For this reason, each location is configured to appear in thelist (available when right-clicking the ZENworks icon on the device) and to allow the user to manually change to the location.
Return to thelist.
Click thepolicy, then click its tab:
The script is a JScript that is configured to run in the System space with the same rights as a Windows service. The script is written to monitor the calc.exe application. If calc.exe is not running, it is launched and this message is displayed: The following application is required to run in this security location: calc.exe
Next to LocationName variable from to , then click to save the change., click to display the Edit Script Content dialog box. Change the
If desired, change any of the trigger events.
The script is configured to run when the ZENworks Agent enforces the policy (initial assignment, device startup, policy update), detects a network change, or detects a network connection or disconnection. It is also configured to run whenever the device’s location changes.
Clickto save the policy changes.
Clickto make the new policy the published version.
Return to thelist.
Assign the Location Assignment and Scripting policies to a device:
In thelist, select the check boxes next to the following policies:
Click> , then follow the prompts to assign the policies to the appropriate device.
When prompted for the policy conflict method, you can leave it set to.
Test the policy on the assigned device:
On the device, make sure that calc.exe (Calculator) is not running.
Right-click the ZENworks icon, then clickto retrieve the new policies.
When the device finishes refreshing and the policies are enforced, the script is run because of the Enforcement of this policy trigger. Because calc.exe is not running, a message will temporarily appear indicating that calc.exe is required to run in “this security location.” The Calculator will also open.
Right-click the ZENworks icon, and select> .
Changing to the BB_ZESM_ZONE_Scripting Test Location triggers the script again, displaying the message and launching calc.exe.
If you want to use this script for other applications, you can simply create new policies by copying the sample policy. If you want to create a new policy from scratch:
Retrieve the applicationWatcher.js script.
When you click the filename, the file will either be opened, saved, or you will be prompted to open or save it. You need to save the file. If it opens, click> .
If you downloaded the Endpoint Security Resource Kit, you can copy the file from the ScriptExamples directory.
In ZENworks Control Center, create a Scripting policy. When doing so:
Copy the applicationWatcher.js script into the Script Contents box.
Modify the LocationName variable to specify the security location in which you want the script run. Any time the device enters this location, the script is run.
Modify the requiredApp variable to specify the application you want to require.
Modify theand to specify any other events that you want to trigger the script.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/.
Copyright © 2016 Novell, Inc., a Micro Focus company. All Rights Reserved.