zac for Windows (1)

Name

zac - The command line management interface for the Micro Focus ZENworks Agent that is installed and running on Windows managed devices.

Syntax

zac command options

Description

The zac utility performs command line management functions on the ZENworks managed device, including installing and removing software bundles, applying policies, and registering and unregistering the device.

Guide to Usage

Most commands have a long form and a short form:

  • Long form: add-reg-key

  • Short form: ark

When both forms are available, the command is listed as follows:

add-reg-key (ark) arguments

When using the command, enter only the long form or the short form:

zac add-reg-key arguments

zac ark arguments

Arguments can be mandatory or optional. Mandatory arguments are included in angle brackets <argument>. Optional arguments are included in square brackets [argument]. If an argument includes a space, enclose it in quotation marks:

zac ark "arg 1"

Help Commands

/h or --help

Displays information about the commands.

Authentication Satellite Server Commands

authentication server reconfigure (asr) [-t all|config|jetty|casa] [-u username] [-p password]

Reconfigures an enabled Authentication Satellite.

Examples:

To fetch the configuration files from the server:

zac asr -t config

To reconfigure the CASA signing certificate:

zac asr -t casa

To reconfigure the Jetty web server:

zac asr -t jetty -u Administrator -p password

To reconfigure the entire Satellite:

zac asr -t all -u Administrator -p password

If a username and password is required but is not provided on the command line you will be prompted.

import-authentication-cert(iac)[-pk <private-key.der>] [-c <signed-server-certificate.der>] [-ca <signing-authority-public-certificate.der>] [-ks <keystore.jks>] [-ksp <keystore-pass-phrase>] [-a <signed-cert-alias>] [-ks <signed-cert-passphrase>] [-u username] [-p password] [-rc]

Configures an Authentication Satellite device with externally signed certificates.

  • rc - Confirms reconfiguration of the Authentication Satellite Server so that the administrator is not prompted for reconfiguration.

Bundle Commands

bundle-install (bin) <bundle display name>

Installs the specified bundle. Use the bundle-list command to get a list of the available bundles and their display names.

Example:

zac bin bundle1

bundle-launch (bln) <bundle display name> [-noSelfHeal]

Launches the specified bundle. Use the bundle-list command to get a list of the available bundles and their display names.

Example to launch a bundle based on the display name:

zac bln bundle1

Example to launch a bundle based on the display name and turn selfhealing off if the launch action fails (by default, selfhealing is turned on):

zac bln bundle1 -noSelfHeal

bundle-list (bl)

Displays the list of bundles assigned to the device and the logged in user.

Example:

zac bl

bundle-props (bp) <bundle display name>

Displays the status, version, GUID, and requirements information for the specified bundle. Use the bundle-list command to get a list of the available bundles and their display names.

Example:

zac bln bundle1

bundle-refresh (br) <bundle display name or guid>

Refreshes information about the specified bundle.

Example:

zac br bundle1

bundle-status-rollup (bsr)

Rolls up the status information of a given bundle to the Primary Server, based on the display name or GUID of the bundle. For user-assigned bundles, this command does not roll up the launch status information.

Options:

-a Rolls up the status information of the available bundles.

-s Rolls up the status information of a bundle to the specified server. The server name can be an IP address or a DNS name of a Primary Server. If the server does not listen on default port, which is 80, specify the new port number in addition to the server name.

-n Rolls up the status information of specific bundles, based on the display name or the GUID of the bundle.

Examples:

To roll up the status information of available bundles:

zac bundle-status-rollup -a

To roll up the status information of a given bundle, based on the display name or GUID of the bundle:

zac bsr -n

To roll up the status information of available bundles to the specified Primary Server:

zac bsr -a -s <server name>

For example, zac bsr -a -s 164.99.137.50

To roll up the status information of a given bundle to the specified Primary Server, based on the display name or GUID of the bundle:

zac bsr -n "Bun1 display name" "Bun2 display name" -s <server name>

NOTE:To run the zac bsr command, you need to be a Windows administrator.

bundle-uninstall (bu) <bundle display name>

Uninstalls the specified bundle. Use the bundle-list command to get a list of installed bundles and their display names.

Example:

zac bu bundle1

bundle-verify (bv) <bundle display name>

Verifies an installed bundle (specified by bundle display name) to ensure that no files have been removed or corrupted. Use the bundle-list command to get a list of the installed bundles and their display names.

Example:

zac bv bundle1

Certificate Commands

cert-info (ci) [ca certificate file path] [-u <username> -p <password>]

Lists public key certificate information for each known ZENworks server or adds a trusted root certificate to the device trusted store. The file can be in ASN.1 DER format or base-64 encoded delimited by ----BEGIN CERTIFICATE---- and ----END CERTIFICATE--.

Example:

To list the certificate for each known ZENworks server:

zac ci

To add a trusted root certificate to the devices trusted store:

zac ci c:\certs\mytrustcacert.der -u myuser -p mypassword

Collection Rollup Commands

collection-point (cp)

Shows the status and configuration of the collection role.

Example:

collection-point [wake]

wake - Wakes the modules that perform collection (Inventory, MD status, Message sender)

collection-upload-orphans (cuo)

Finds orphaned files on the Satellite device and rolls them up to the parent collection server or deletes them if they have already been rolled up.

This command builds a list of the files in the folders under %zenworks_home%\work\collection and then tries to find the original upload information for each entry in the collection stats database.

If there is an entry for a file in the database, and it shows that the file has not been rolled up, it rolls the file up. If the entry shows that the file has already been rolled up, it deletes the file on the Satellite device. If there is no entry for a file in the database, the file is rolled up. This command also lists any files that were not uploaded or deleted.

Before running this command, you should run the zac crw command to send any pending files to the parent server.

Example:

zac cuo

Content Distribution Commands

cdp-checksum (cchk) [-l:<path to log>]

Validates satellite content by computing the checksum on each file.

The optional log file details results of the checksum comparison.

Example:

zac cchk -l:"C:\Program Files\Novell\ZENworks\logs\cchk.log"

cdp-verify-content (cvc) [-c] [-l:<path to log>]

Compares the list of content IDs and their sync states on this CDP with what the Primary Servers thinks it should have.

You can use the following options:

  • c - Computes the checksum on the local content.

Example:

zac cvc -l:"C:\Program Files\Novell\ZENworks\logs\cvc.log"

cdp-import-content (cic) <content path> [-l:<path to log>]

Imports missing content from the directory specified by content-path, logging to the file specified by log-path.

Example:

zac cic c:\import_source_directory -l:"C:\Program Files\Novell\ZENworks\logs\cic.log"

wake-cdp (cdp) [replicate | cleanup]

Wakes the Content Distribution Point worker thread. You can use either of the following options:

  • replicate - Downloads any new or changed content from the Content Distribution Point’s parent ZENworks Server.
  • cleanup - Removes any content that should no longer be stored on the Content Distribution Point.

Examples:

zac cdp

zac cdp replicate

This command is applicable only if the agent is promoted as a satellite.

Database Commands

statussender CleanUp

Runs the cleanup immediately and deletes entries in the MDStatus database that have not been updated for 14 days since the last successful rollup. By default, the cleanup is performed once a day and runs the first time the Agent Service is started. The cleanup method logs appropriate messages to the zmd-messages.log file when the log level is set to DEBUG.

The MDStatus database is used for rolling bundle and policy status from the managed device to the ZENworks Server.

statussender RollUp

Rolls up statuses to the MDStatus database that have been updated since the last time the status was rolled up successfully. By default, the status sender automatically rolls statuses up every 5 minutes.

The MDStatus database is used for rolling bundle and policy status from the managed device to the ZENworks Server.

Imaging Commands

file-system-guid (fsg) [-d] [-r]

Displays, removes, or restores the workstation GUID in the file system in preparation for taking an image.

For example:

To display the GUID value:

zac fsg

To remove the GUID and also conninfo.dat from the file system:

zac file-system-guid -d

To restore the GUID to the file system:

zac file-system-guid -r

Do not specify an option to print the the GUID value:

zac fsg

Inventory Commands

inventory [scannow | cdf | -f scannow]

Runs an inventory scan or opens the Collection Data Form.

Example to run an inventory scan:

zac inv scannow

Example to open the Collection Data Form:

zac inv cdf

Example to run a full scan:

zac inv -f scannow

Location Commands

config-location (cl)

Displays the configuration location. The configuration location determines which ZENworks \\server (or servers) the device connects to for authentication, configuration, content, and collection purposes.

Examples:

zac config-location

zac cl

location-create (lc) (location name) [-d|--desc=<description>] [network environment name] [...]

Creates a location and (optionally) assigns network environments to the location.

(location name) - The name you want assigned to the new location.

[network environment name] - The name of an existing network environment that you want to assign to the location. You can add multiple network environments. Adding network environments during creation of a location is optional. You can use the location-nwenv-assign command to add network environments after creation.

[network environment name] - The name of an existing network environment that you want to assign to the location. You can add multiple network environments. Adding network environments during creation of a location is optional. You can use the location-nwenv-assign command to add network environments after creation.

Accepts the following options:

-d |--desc=description: Specify a description for the location.

-t | -- downloadThrottle=Download Throttle rate: Specify a download throttle rate.

-u | -- uploadThrottle=Upload Throttle rate Specify an upload throttle rate.

-a | -- auditUpload=Audit upload data Specify 0 to enable or 1 to disable the audit upload data.

-e | -- Preferred protocol for communication Based on your preferred protocol for communication, specify either IPv4 or IPv6.

Specify IPv4 if you want the devices in this location to try communicating with the servers using IPv4 URLs first before attempting IPv6 URLs.

Specify IPv6 if you want the devices in this location to try communicating with the servers using IPv6 URLs first before attempting IPv4 URLs.

C | -- cifsServer=CIFS Server: Specify a CIFS server that allows you to provide share access.

-i | --proxyAddress=IPv4 HTTP Proxy Address Specify an IPv4 proxy address.

-p | --proxyPort= IPv4 HTTP Proxy Port: Specify the port number on which the proxy server should listen.

-r | --proxyCidr=IPv4 HTTP Proxy CIDR: Specify the range of IPv4 address using CIDR notation.

-x | --ipv6ProxyAddress=IPv6 HTTP Proxy Address Specify an IPv6 proxy address

-y –ipv6ProxyPort=IPv6 HTTP Proxy Port: Specify the port number on which the proxy server should listen.

-z | -- ipv6ProxyCidr=IPv6 HTTP Proxy CIDR: Specify the range of IPv6 address using CIDR notation.

(location preferred protocol communication | lppc) <location name> [options]

Edits an existing location.

<location name>: Specify a name for the location.

Accepts the following options:

IPv4: Specify IPv4 if you want the devices in this location to try communicating with the servers using IPv4 URLs first before attempting IPv6 URLs.

IPv6: Specify IPv6 if you want the devices in this location to try communicating with the servers using IPv6 URLs first before attempting IPv4 URLs.

Logging Commands

logger (log) [resetlog | level [MANAGED|ERROR|WARN|INFO|DEBUG] | managedlevel]

Changes or displays the logger configuration for the ZENworks Agent.

You can use the following options:

  • resetlog - Resets the log.
  • level - If this option is used without a level, it displays the current managed logging level. If it is used with one of the levels, changes the logging level to the specified level.
  • managedlevel - Displays the Global Log level of the zone.

Example to reset the log file:

zac logger resetlog

Example to show the current log level:

zac logger level

Example to set the log level to DEBUG and above:

zac logger level DEBUG

Patch Management Commands

patch-scan (ps)

Scans the device for patches that are not applied, using the device's current patch signature (DAU) file. The results are then uploaded to the server.

An example to run a patch scan:

zac ps

patch-scan --quick (ps --quick)

Uploads the last scan results to the server; it does not run a new detection scan.

An example to run a quick patch scan:

zac ps --quick

patch-apply-policy (pap)

Updates devices with the latest version of all patch policies.

An example to run a patch apply policy:

zac pap

patch-quarantine-release (pqr)

Releases any quarantined patches on the device where the command is run from quarantine so that a one-time installation attempt can occur, either from a patch policy schedule or a remediation schedule.

An example to run a patch quarantine release:

zac pqr

Policy Commands

policy-list (pl)

Lists the policies that are currently being enforced on the device (effective policies). To list all policies (effective and non-effective), use the --all option.

Examples:

zac pl

zac pl --all

policy-refresh (pr)

Applies all of the policies assigned to the device and user.

Example:

zac pr

Registration Commands

add-reg-key (ark) <registration key>

Registers the device by using the specified key. Registration with keys is additive. If the device has previously been registered with a key and you register it with a new key, the device receives all group assignments associated with both keys.

Example:

zac ark key12

register (reg) [-g] [-k <key>] [-u <username> -p <password] <ZENworks Server address:port>

Registers the device in a Management Zone.

To execute this command you must have Create/Delete device rights for the folder on which the device you are attempting to register.

You can use the following options:

  • g - Lets you create a new device object with a new GUID and password for the device if you have multiple devices with the same GUID. When you register a device by using this switch, all the associations (policies and bundles) assigned to the original device object are removed. You cannot use this option to create a new GUID for a Primary Server or a Satellite device. The local user must have Local Administrator rights to use this option.
  • k - Lets you register the device using the specified registration key.
  • p - Lets you specify the Management Zone administrator’s password.
  • u - Lets you specify the Management Zone administrator’s username.

Examples:

zac reg -k key1 https://123.456.78.90

zac reg -k key1 -u administrator -p novell https://zenserver.novell.com:8080

The port number is required only if the ZENworks Server is not using the standard HTTP port (80). If a username and password are not supplied, you are prompted for them.

reregister (rereg)[-u <username> -p <password>] <new guid>

Registers a device in the current zone and assigns it the GUID of an existing device object. The currently associated device object is deleted.

To execute this command you must have Create/Delete device rights for the folder on which the device you are attempting to reregister.

For example, if you image a device after replacing the hard drive, the device might get a new GUID. However, by using the reregister command, you can assign the device’s GUID that it had before you replaced the hard drive.

Examples:

To reregister, specify a username and password:

zac reregister -u myuser -p mypassword eaa6a76814d650439c648d597280d5d4

To reregister and be prompted for a username and password:

zac reregister eaa6a76814d650439c648d597280d5d4

NOTE:The -g and -k options will not be honored if the corresponding device object is already present on the server and reconciliation takes place with that device object.

unregister (unr) [-f] [-s] [-a] [-u <username> -p <password>]

Removes the device’s registration from the Management Zone.

To execute this command you must have Create/Delete device rights for the folder on which the device you are attempting to unregister.

Example:

To force a device to unregister locally when a server cannot be contacted:

zac unr -f -u myuser -p mypassword

To unregister locally and suppress prompting for a user name and password:

zac unr -s

Use -a option to unregister asynchronously. With this option server deletes the device asynchronously.

The -a, -f, -u, and -p parameters are optional. If you don’t use the -u and -p parameters, you are prompted to enter a username and password. The -f parameter ignores the ZENworks database and forces the device to be unregistered locally; this option is necessary only if the device object has already been deleted from the ZENworks database or if the device cannot connect to the database. If -a option is specified, ZENworks server returns the unregister call quickly, but deletes the device object asynchronously from the database at a later point of time. If your device deletion is not complete and tries to register the device again, then ZENworks server displays an error. If there is large amount of data associated with the device in the database, it might take long time to delete the device. Ensure that -a option is used when actual device deletion on server takes long time and causes the agent unregister command to timeout.

NOTE:Running UNR command might cause high utilization of the database. This might be due to any of the following reasons:

  • The UNR command is running on the server.

  • The zone contains large number of managed devices.

  • The managed devices have a huge history.

  • The Patch Management is enabled.

reestablish-trust (retr) [-u <username> -p <password>]

Reestablishes trust with the current Management Zone. The username and password used must be of the Zone Administrator.

Example:

zac retr -u myuser -p mypassword

The -u and -p parameters are optional. If you don’t use the -u and -p parameters, you are prompted to enter a username and password.

Remote Management Commands

request-remote-session, rrs

Requests a remote management session from the managed device even in the absence of the Z-icon. This command is available on managed devices with 11.3.1 and later versions.

Examples:

zac request-remote-session

zac rrs

Status Commands

cache-clear (cc)

Clears the ZENworks cache on the device. This removes all entries in the cache database and deletes any cache files associated with those entries.

Example:

zac cc

NOTE:If your ZENworks administrator has enabled the self defense feature for the ZENworks Agent, you must supply an override password before running the zac cc command. Otherwise, you receive the following message:

You do not have permission to clear the cache. Please contact your ZENworks administrator.

You must request the override password from your ZENworks administrator. If he has not set an override password, he must do so before you can use the command. After you receive the password:

  1. Double-click the ZENworks icon (z-icon) in the system tray, click Agent (under Status), then click the Policy Override link in the Agent Security Settings section to display the About box.

  2. Click Override Policy, enter the override password, then click Override.

  3. Go to a command line prompt and run the zac cc command.

  4. After the cache is successfully cleared, return to the About box and click Load Policy to disable the password override.

dump-prop-pages (dpp) <target directory>

Outputs the HTML pages displayed in the ZENworks icon’s property pages to files in the specified target directory.

Example:

zac dpp c:\temp

get-settings (gs) <key>

Lists the settings associated with the specified key.

Example:

zac gs key1

All valid ZENworks settings keys are stored in the \Program Files\Novell\ZENworks\cache\zmd\settings directory.

Example to list the Remote Management settings:

zac gs RemoteManagement

refresh (ref)[general | partial bundle <Bundle Display Name> [bypasscache]

Initiates a general refresh to refresh all bundles, policies, registration, and configuration settings; initiates a partial refresh to refresh all policies, registration, and configuration settings.

Use bypasscache to avoid using data from the server cache during the refresh. This option is useful for testing or troubleshooting.

Examples:

zac ref general bypasscache

zac ref partial bypasscache

set-proxy (sp) [options] <IP address/Hostname:port> [username] [password]

Specifies a proxy to contact rather than contacting a ZENworks Server directly.

The options are:

  • /default - Sets a proxy that can be overriden by proxy settings from the Management Zone.
  • /clear - Clears the current proxy, but will use proxy settings from the Management Zone.
  • /ipv6 - sets an IPv6 proxy.

Examples:

IPv4:

zac sp 123.456.78.90:2349 administrator novell

zac sp /default 123.456.78.90:2349

zac sp /clear

IPv6:

zac sp /ipv6 [2001:db8:0:1:1:1:1:1]:2349 administrator novell

zac sp /default /ipv6 [2001:db8:0:1:1:1:1:1]:2349

zac sp /clear /ipv6

If a username and password is not specified, then you will be prompted to enter them.

winproxy-refresh (wpr)

Queries the Management Zone for proxy work assigned to this device.

Example:

zac wpr

zenhttp-status(zhs)

Lists port and tags for registered handlers.

Example:

zac zhs

This command is applicable only if the agent is promoted as a satellite.

info-collect (zeninfo) [<targetfile>] [-q]

Collects ZENworks support information, including cache data, configuration data, debug logs, product installation information, refresh times, status events, and basic system information. The information is packaged into a ZIP file and placed in the location you specify. If you do not specify a location, ${TEMP}\zeninfo-${DateTime}.zip is used for Windows and ${TMPDIR}\zeninfo-${DateTime}.zip is used for Linux. If you are experiencing problems with a managed device, Micro Focus Support might ask you to run this command and send the resulting ZIP file to Micro Focus to help troubleshoot your problem.

To run the zeninfo process in the background, run the following command:

zac zeninfo /tmp/zeninfo/ & echo $! > /tmp/zeninfo/zeninfo.pid

To stop the zeninfo process, run the following command:

kill `cat /tmp/zeninfo/zacinfo.pid`

You can use the following option:

  • q - Skip launching explorer after collection.

The zeninfo command can be run by the local administrators. If you are not a local administrator and you run the command, the system prompts you to enter the administrator credentials. You can also set the AllowZenInfoWithoutAdminPwd string value to True, which enables any user to run the zeninfo command. To set the AllowZenInfoWithoutAdminPwd string value, do the following:

  1. Open the Registry Editor.

  2. Go to HKLM\Software\Novell\ZCM\.

  3. Set the AllowZenInfoWithoutAdminPwd string value to True.

WARNING:If the AllowZenInfoWithoutAdminPwd string value is set to True, the sensitive ZENworks Configuration Management settings and configuration information is visible also to the users who are not the local administrators.

zone-config (zc) [-l]

Displays information about the ZENworks Server that the device is accessing for configuration information (the Configuration server) or lists the information for the Configuration server.

Examples:

zac zc

zac zc -l

statussender (sts) [options]

This command rolls-up status information to the server or cleans up status information locally on the device. The options are:

Rollup - This is used to schedule an immediate rollup of the status information to the server in spite of the pre-scheduled time.

Cleanup - This is used to schedule an immediate cleanup of the status information into the MDStatus database.

System Update Commands

zac zeus-refresh / zeus-ref

Retrieves the system update when it is assigned to a device.

ZENworks Endpoint Security Management Commands

zac zesm-refresh / zesm-ref

Resets the ZENworks Endpoint Security Management cache on the managed devices.