What's New in ZENworks 2
Articles and Tips: article
01 Sep 1999
Editor's Note: The "Updated Inventory DLLs" section of this article is based on information found at Gary Busby's zenworksmaster.com Web site. We apologize for our oversight in not crediting the author in the original published version of the article.
Get the lowdown on ZENworks version 2, with its new inventory features, expanded software distribution capabilities, enhanced remote management of desktops and users, and bundled Year 2000 and anti-virus software.
Novell ZENworks 2 is a software bundle that deploys applications and manages workstation profiles from a central location. Short for Zero Effort Networks for users, ZENworks automates desktop management using the power of Novell Directory Services (NDS) to remotely provide application management, software distribution, desktop management, and workstation maintenance.
Using the dynamic inheritance capabilities of NDS, ZENworks extends the configuration created for each user. Desktop policies, profiles, printers, and applications based on the user's specific needs and preferences are all stored in NDS, so users can log in from anywhere and view their own familiar desktop. You can also set up a standardized desktop configuration for workstations independent of the user.
This AppNote describes the new features available in ZENworks 2, some upgrade issues to be aware of if you are upgrading from a previous version of ZENworks, as well as a few tips and tricks to help you install and begin using this latest version.
Additional information about ZENworks is available on Novell's Web site at:
ZENworks 2 Features
Within ZENworks 2 there are three main areas of functionality: application management, workstation management, and remote management. Each of these management functionalities, with their new features, is discussed below.
The application management area of ZENworks focuses on delivering and installing applications to the desktop. It contains the application launcher and snAPPshot functionalities as well as the following.
Workstation Association. Workstation Association allows the administrator to associate an Application object to a Workstation object, a Workstation Group object, or any Container object. The application is then available on the affected workstation or workstations no matter who is logged in at that workstation. The application can be distributed to or run on those workstations even when no user is logged in. This allows a "lights-out" kind of distribution. The application stays with the workstation and doesn't follow the user, thus limiting the availability of the application to pre-destined locations. This is particularly useful when software licensing schemes are set up on a per-workstation basis: the administrator can easily restrict software licenses to only legitimate workstations.
Pre-Install. Pre-Install allows the administrator to initiate a lights-out distribution of an application. This means that the application will be distributed according to a schedule that the administrator sets up in the Application object. When the application is pre-installed, all of the local machine settings and files are distributed to the machine. Only the user-specific settings are distributed when the user attempts to run the application for the first time. In large applications or application suites, this greatly reduces the time the user has to wait the first time the application runs.
Pre- and Post-Distribution Scripts. Pre- and Post-Distribution Scripts allow the administrator to run configuration programs specific to the installation of the application. These scripts run only as part of a distribution. If the distribution has already occurred, the scripts will not run.
System Requirements. This functionality offers the ability to filter applications based on file existence, version, or date, on a registry setting, on an environment variable, or on another Application object's availability. Also available is the Show/Hide Icon flag. This flag allows the administrator to control whether the application icon is visible even if all of the system requirements are not met. If the flag is set to display the icon even if it is unavailable, the icon will appear in a disabled state.
Prompted Macros. Prompted Macros is an extension to the current NAL macros to allow data values for a macro to be input at distribution time. This feature would allow a user to select where the application is installed to or to customize other features of the application distribution.
Run Application as Windows NT System. This provides full access to a Windows NT Workstation and the ability to run an executable on that workstation as a system user, even if the logged-in user has no rights to the system space. This functionality is very useful in rolling out applications that require their own installation program to be run and the user doesn't have rights to run it. A good example of this is Windows NT service packs.
Force Run Wait Processing. Force Run Wait Processing forces the application to wait for a previous force-run application to finish before running. This allows the administrator to serialize the installation or running of applications. Applications can thus be chained to run one after the other. Any reboot prompts are queued until the end of the chain.
The workstation management functionality of ZENworks 2 concentrates on managing the desktop. It contains the controls for desktop policies, printer policies, client configuration policies, and inventory.
Extensible Desktop Policies. Extensible desktop policies allow an administrator to bring any .ADM file into the Directory. These .ADM files for users can be applied to a container, user, or user group. They can also be applied to any workstation or workstation group.
Hardware Inventory. Hardware inventory is now stored in an embedded database. The database is a server side, ODBC-compliant database. A subset of the database information is still stored in NDS, this subset of information includes: operating system type, revision level (OSR2, service pack 3), NIC type and driver version, video type and driver version, Novell client version, BIOS type and revision, amount of memory, computer type (Compaq, Dell, Gateway), computer model (Deskpro, Optiplex 200), processor type (Pentium, Pentium II), disk drives (C, D, E), drive sizes (C-1gig, D-4gig), asset tag #, serial #, model #, subnet address, MAC address, and IP address.
Software Inventory. Software inventory is also stored in an embedded, ODBC-compliant database on the server side that shares the hardware inventory information. Searching capability has been greatly enhanced and will continue to have periodic updates from Novell. In-house application signatures can be added to the Novell database so that these applications can be discovered by the software scanner.
Reporting. Reporting allows canned reports to be populated from the embedded database. These reports contain such information as application install, success\failure reports, hardware inventory reports, and software inventory reports.
Basic Reports. Very similar to the SMS-canned reports. These reports are aimed at helping the administrator solve common issues on their networks. The reports answer such questions as which workstations are running which operating system, which workstations have a BIOS older than 1990, which workstations have greater than a pentium CPU, and how many workstations have more that 40 MB of memory. Each of these reports can be exported to a comma delimited file.
Advanced Reports. Advanced reports are much more comprehensive and provide detailed information about each workstation. These reports contain such information as operating system, BIOS version, memory, CPU type, and so on all in a single report. This report can be exported to a comma delimited file, which can be imported to other databases or asset tracking tools.
Desktop VirusScan. Novell has partnered with Network Associates, Inc. (NAI) to provide a feature-rich virus scan solution. VirusScan can be installed using the ZENworks application launcher.
ZENworks 2's remote management area focuses on remote utilities that maintain and repair the desktop. It contains such tools as remote control, file transfer, workstation diagnostics, and help request.
Remote Execute. Remote execute is a utility launched from NWAdmin that allows an administrator to choose a target workstation and execute an application on that workstation. This feature requires distinct rights in NDS, and has a separate policy setting in the policy package.
Remote View. Remote view is another utility launched from NWAdmin that allows a person who initiates the remote view session to view a target workstation desktop (however, it does not have keyboard or mouse support). This feature requires distinct rights in NDS, and has a separate policy setting in the policy package.
File Transfer. File transfer is also launched from NWAdmin and allows an administrator to choose a target workstation and to transfer a file to or from that workstation using IP. This feature also requires distinct rights in NDS, and has a separate policy setting in the policy package.
Chat. The chat can also be launched from NWAdmin and allows a keyboard conversation to occur between the initiator and receiver of the chat utility.
Workstation Diagnostics. Workstation diagnostics allows an administrator to view real-time workstation information such as client version, NetWare connections, memory, and so on. This utility is accessible through NWAdmin.
Rights Wizard. Rights wizard allows an administrator to easily grant rights to one or many users. These rights include the right to remote control, file transfer, remote execute, and/or remote view. Rights wizard also provides a basic view by object of who has rights on that object.
Improved Windows NT Agent. The remote control Windows NT agent has been improved to be faster and more reliable.
Audit Log for Windows NT. An audit log for the Windows NT remote control is kept in the NT security log. This audit log contains such information as who initiated the remote control, who accepted the remote control, and a time stamp to show the duration of the remote control.
Inventory Information Added to Help Request. The Help Request information has now been augmented with workstation inventory information. The inventory information can be viewed by the user through the Help Request system in ZENworks, and it can also be sent via E-mail through the Help Request system as part of the trouble ticket information. The inventory information contains operating system type, revision level (OSR2, service pack 3), NIC type and driver version, video type and driver version, Novell client version, BIOS type and revision, amount of memory, computer type, and others.
Configurable Trouble Ticket. The Help Request policy has been enhanced to allow administrators to configure which information is sent with the trouble ticket. The administrator can choose whether or not NDS information (User context, Workstation context, and so on) is sent with the trouble ticket. The administrator can also choose whether or not workstation inventory is sent with the trouble ticket.
Help Request Software Development Kit (SDK). The Help Request SDK is available from Novell DeveloperNet's Web site at:
Upgrading to ZENworks 2
This section provides special configuration procedures that you need to know before you upgrade, if you are upgrading to ZENworks 2 from a previous version. Three versions of ZENworks are currently available:
ZENworks Starter Pack. This product includes a subset of ZENworks 1.1 functionality. The Starter Pack ships as part of NetWare 5, or is available for download from the Novell Web site at http://www.novell.com/download.
ZENworks 1.1. This product is widely available in multiple languages from resellers. It includes functionality beyond that found in the Starter Pack in the areas of application management and workstation management. It also includes Remote Management capabilities and a third-party Y2K preparation tool.
ZENworks 2. ZENworks 2 includes the functionality of ZENworks 1.1, as well as the new features discussed previously.
NetWare Administrator Upgrade
ZENworks 2 supports NetWare Administrator 95 and NetWare Administrator NT. However, to take full advantage of the new features included in ZENworks, use NetWare Administrator 32 which ships with ZENworks 2. ZENworks 2 does not support ConsoleOne.
Application Management Upgrade
An upgrade from ZENworks 1.1 to ZENworks 2 may not launch NALEXPLD.EXE from the login script. The following error may be displayed on a Windows NT workstation:
The version of the NT service you have loaded is out of date. Please install Version 98125.
This error occurs if the NAL 2.7 service is loaded and the NAL Explorer 3.0 is run. There are two ways to update the NT service:
Install the Novell Client that ships with ZENworks 2.
Create a workstation action to update the NT service.
Use the following steps to install or register the service with a single Windows NT server or workstation:
Obtain sufficient rights on the NT server or workstation.
From an NT server or workstation command line, run the following to install and register the service:
By default, the NALNTSRV.EXE and NWAPP32.DLL files are copied to the \SYSTEM32 directory. These files must reside in the same directory. If older versions of these files exist, the installation overwrites them. Once installed, the service registers Application Launcher with the Windows NT Service Control Manager. The service becomes active the next time the machine is started.
Adding the Start option immediately activates the service after registration without restarting the workstation. For example, enter:
nalntsrv install path=c:\winnt
This copies the files to the C:\WINNT directory and registers the service from that location.
Workstation Management Upgrade
If you install ZENworks 2 without upgrading the Novell Client, the ZENworks 1.1 hardware inventory will continue to populate NDS by using the ZENworks 2 Inventory Policy. You can still view the ZENworks 1.1 inventory data in this situation only if you perform the following steps, before you install ZENworks 2.
Copy WMINV32.DLL and WMINVEX.DLL to a directory where they will not be overwritten. (Both of these DLLs are located in the SYS:\PUBLIC\WIN32\SNAPINS directory.)
Install ZENworks 2.
Copy WMINV32.DLL and WMINVEX.DLL back to the SYS:\PUBLIC\WIN32\SNAPINS directory.
The 1.1 Workstation Manager (part of the old Novell Client) runs a scanner to populate the inventory information, which is then viewable with these DLLs.
Remote Management Upgrade
If you install ZENworks 2 without upgrading the Novell Client, the ZENworks 1.1 Remote Control Agent will still function using the ZENworks 2 Remote Management Policy and the ZENworks 2 remote console; however, new Remote Management features of ZENworks 2 will not be supported.
ZENworks 2 Tips and Tricks
Listed here are a couple of late-breaking tips that will likely prove helpful in installing and working with ZENworks 2.
New Inventory DLLs
There is a difference with the downloaded version of the ZEN Clients v3.10/v4.60 and the same ZEN Client versions that come with the ZENworks 2 CD. The difference is subtle but it's there, and you may want to pay attention to it if you use the Inventory component.
Since ZENworks 2 uses a new inventory method (Sybase database), the Client needs to know whether or not to write the inventory information into NDS (like ZENworks v1.1 did) or to the Sybase database. This is accomplished via a new inventory DLL
Windows NT WMINV.DLL is dated:
Windows 95/98 WM95INV.DLL is dated:
1-27-99 for download v4.60
12-21-98 for download v3.10
6-11-99 for ZENworks 2.0 CD v4.60
6-11-99 for ZENworks 2.0 CD v3.10
Technically, you can still use the old DLL with ZENworks 2 as long as you don't care to use Sybase as the inventory database, and instead still use NDS to store it. However, if you want to use Sybase, make sure your clients are using the newer DLL.
Updated Client AOT
Early adopters of ZENworks 2 uncovered an installation bug that happens when you try to install the Client using the AOTs that ship with the product. The engineers have fixed the AOTs, which are offered below. We've also provided a workaround that allows you to fix the problem without having to reinstall the Client.
You will see this error during the login process while your login scripts are executing, after you enter your user name and password at the Novell login screen in Windows 95/98. It happens when Workstation Manager runs and tries to write the WM logs to the workstaion's C drive. This only happens when the following two conditions are met:
If there are user and workstation policies in effect in the user's container.
If the workstation (which has the three log files in C:\Novell\Client32\ marked read-only) has been registered and imported into NDS.
The error message you will see if these criteria are met is:
Wm95sast - This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor.
WM95SAST caused an invalid page fault in module
KERNEL32.DLL at 0137:bff7989a.
Here's what's happening: when the AOT/AXT files from the ZENworks 2 CD are copied to the server, they retain their read-only attributes. In Windows 95/98, with the workstation registered and imported into NDS with user and workstation policies in effect, the newly created ZENworks 2 Upgrade Application Object is distributed to the workstation through NalExpLd. Among the files that get copied to the client machine are three log files that are rewritten to by Workstation Manager each time the client machine is rebooted. This error occurs when Workstation Manager cannot rewrite to these log files following login, because they retained their read-only attributes after being copied to the client machine from the server.
Workaround. The preferred workaround is to remove the read-only attribute from the .FIL files after they are copied to the server before deployment to the client machines. If deployment has already been completed on the client machines, remove the read-only attribute from the following log files on each client machine:
Since the log files do not need to be distributed to the client machine, we have removed the entries in the AOT/AXT files which tell the Application Object to distribute them. We also removed some entries that distribute other log files which did not cause this problem but also do not need to be distributed (for Windows 95, 98, and NT).
New AOT Files. The AOT/AXT files have been revised to fix the following problems:
WM95SAST caused an invalid page fault.
Mstask caused an illegal operation: sa.dat marked read-only (c:\windows\tasks\sa.dat).
Unknown devices were found by plug-and-play after reboot.
Registry entries that were hardware-specific have been removed.
Several log file entries from the file copy sections have been removed.
The zip file containing the new versions of these AOTs and AXTs for Windows 95, 98, and NT are available at:
ZENworks is the first directory-based management solution for Microsoft Windows desktops. Based on NDS, ZENworks makes network use for users easy and simplifies network management for administrators by basing network management on customized digital profiles of individual users. This allows users to access their familiar interface and applications securely from anywhere on the network, while administrators can centrally manage desktops on even the largest, most complex, and geographically-distributed networks.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.