Z.E.N.works 2: Managing Applications and Desktops Through NDS
Articles and Tips: article
01 Jun 1999
Do you spend countless hours walking from workstation to workstation to install applications, to troubleshoot problems, and to perform routine maintenance? If you answered no, you are probably already using Novell's Zero Effort Networks (Z.E.N.works), and you may have put on a few pounds as a result. If you answered yes, you should check out Z.E.N.works, which cuts network management costs by automating network management tasks.
Novell's next generation of Z.E.N.works, version 2, is currently in closed beta and is expected to be available soon. Z.E.N.works 2 makes network management even easier than before by providing enhancements to the three main Z.E.N.works components:
Application management and distribution
ENHANCED SOFTWARE DELIVERY
The Z.E.N.works Application Launcher works with Novell Directory Services (NDS), allowing you to centrally manage, upgrade, and even distribute applications across your company's network. Using the Application Launcher, you can dynamically update users' desktops when new applications become available, you can modify registry or .INI settings, and you can even provide application fault tolerance and load balancing.
When you install the Z.E.N.works Application Launcher on a user's workstation, the Application Launcher icon appears on the user's desktop. If the user double-clicks this icon, the Application Launcher window appears, displaying the icons for the applications to which the user has rights. The definitions for these applications are stored as Application objects in NDS.
When a user launches an application, the Z.E.N.works Application Launcher performs all of the tasks necessary to run the application: For example, the Application Launcher connects to all of the required resources (such as network drives and printers), pushes down any components needed on the workstation, and updates any registry settings. (For more information about Z.E.N.works, see "NDS and Z.E.N.works: Creating Transparent, Easily Managed Networks," NetWare Connection, Oct. 1998, pp. 24-33 and "NDS and Z.E.N.works: Solving Real-World Problems," NetWare Connection, Nov. 1998, pp. 20-31. You can download these articles from http://www.nwconnection.com/past.)
Z.E.N.works 2 makes it even easier to deliver software to workstations. With Z.E.N.works 2, you can distribute applications to workstations based on factors such as hardware configuration, application dependencies, or operating system versions. Z.E.N.works 2 includes the following new application management features:
Distribution and launch scripts
Enhanced criteria-based distribution
Force run wait processing
The ability to run applications as a Windows NT system user
When you use the NetWare Administrator (NWADMIN) utility to create an Application object, you specify who can run the application by associating the Application object with other objects in the NDS tree. With earlier versions of Z.E.N.works, you associate an Application object with individual User objects, Group objects, or container objects. Z.E.N.works then delivers the application to the desktops of the associated users.
Z.E.N.works 2 enables you to associate an Application object with workstations. As a result, you can make an application available on a workstation regardless of who is logged in at that workstation. The application can be run on a workstation even when no user is logged in.
To associate an Application object with a workstation, double-click the object in the NWADMIN utility to access the object's Details page. Select the Associations tab, and click the Add button. You can then browse the NDS tree to select a Workstation object or Workstation Group object. You can also select a container object to make the application available to all objects in the container, including all Workstation objects.
How many times have you been bombarded with user complaints when application installations or upgrades tie up users' workstations? In the past, the only solution to this problem was to perform the installation after hours. With Z.E.N.works 2, however, you can perform a "lights-out" distribution of an application.
To perform a lights-out distribution, you distribute only machine-specific files and settings for an application to the workstations. You can distribute these files and settings even if no one is logged in at the workstations; the workstations must simply be powered on. Then, when a user logs in and runs the application for the first time, only the user-specific settings are distributed. This feature can significantly reduce the amount of time a user has to wait for an application to be installed.
To configure a lights-out distribution, double-click the Application object in the NWADMIN utility to access the object's Details page. Scroll to the bottom of the tab list, and choose Pre-Install. Check the Pre-Install Application box to enable the preinstallation of the application.
If you want to schedule when the preinstallation will run, specify the schedule in the Set Schedule In field. If you do not specify a schedule, the preinstallation will run on the associated workstations as soon as the application becomes available.
Distribution and Launch Scripts
When a user launches an application with previous versions of the Z.E.N.works Application Launcher, both the predistribution script (called a distribution script) and the postdistribution script (called a launch script) run. However, the distribution script is required only the first time the application is launched.
With Z.E.N.works 2, you can save bandwidth by separating these scripts and running the distribution script only during the initial launch of an application. After the application is distributed to a workstation, Z.E.N.works runs only the launch script when the application is launched.
To configure distribution and launch scripts for an application, double-click the Application object in the NWADMIN utility to access the object's Details page. To configure a distribution script, choose the Distribution Scripts tab, and define the script commands you want to run before and after the application is distributed. To configure a postdistribution script, choose the Launch Scripts tab. Then define the script commands you want to run before and after the application is launched.
Enhanced Criteria-Based Distribution
Z.E.N.works has always provided the ability to check a workstation for predefined criteria before launching an application with the Application Launcher. With Z.E.N.works 2, however, you can filter applications based on the following criteria:
File existence, version, or date
A registry setting
An environmental variable
Another object's availability
Z.E.N.works 2 also adds a show/hide icon flag. You can use this flag to control whether or not an application icon is visible on a workstation if all of the system requirements are not met. If this flag has been set to show an application but the workstation does not meet the defined criteria, the icon for the application appears in a disabled state.
To define distribution criteria for an application, double-click the Application object in the NWADMIN utility to access the object's Details page. Next, choose the System Requirements tab. Then highlight the appropriate operating system version, and click the Add button. A drop-down list of definable options appears. (See Figure 1.) Define the criteria the workstation must meet to run the application.
Figure 1: You can ensure that a workstation meets certain criteria before an application runs.
To have the Z.E.N.works Application Launcher show the application icon on workstations that do not meet the defined criteria, check the Show Application Icon box at the bottom of the screen shown in Figure 1.
Forced Run Wait Processing
With Z.E.N.works 2, you can force an application to wait to run until another application quits running. In other words, you can serialize the installation or running of applications. For example, suppose you want to ensure that all workstations are running the latest NetWare client software before the Z.E.N.works 2 Help Request application is installed. You can "chain" these applications to run one after the other and then force the Help Request application to run after the NetWare client software is installed. When you chain applications, any reboot prompts are queued until the end of the chain.
To chain applications and configure one application to run first, double-click the first Application object in the chain to access that object's Details page. On the Identification page, check the Order Icon Display box. You can now specify the order in which the application icon appears on a user's desktop.
Repeat this process for the other applications in the chain. If you want an application to wait to run until another application has finished running, check the Wait on Force Run box. Applications in the chain that have a higher priority will run before this application runs.
When distributing applications to workstations, you may want to allow users to customize installation features such as the directory in which an application should be installed. In Z.E.N.works 2, you can use prompted macros to define questions that users answer during the distribution of the application. These answers determine the outcome of the installation process.
To configure prompted macros for an application, double-click the Application object in the NWADMIN utility to access the object's Details page. Then choose the Macros tab, and click the Add button. Choose Prompted from the drop-down list that appears, and then choose Drive or String. Drive lets you define a prompt whose data value will be a drive letter (such as A: or C:). String lets you define a prompt with any other type of data value.
Authority of Windows NT System User
Z.E.N.works 2 enables you to run an application on a Windows NT workstation as a secure system user, even if the user logged in at that workstation doesn't have the necessary rights. For example, you may need to install Windows NT service packs on workstations--a task that requires complete administrative access to the workstation. With Z.E.N.works 2, the Application Launcher can run these installations securely as a system user regardless of the rights of the logged-in user.
To configure an application to run as a secure system user, double-click the Application object in the NWADMIN utility to access the object's Details page. Then choose the Environment tab. In the Windows NT box, click the Run as Secure System User button.
ENHANCED DESKTOP MANAGEMENT
Z.E.N.works also enables you to manage users' desktops without leaving your own workstation. To provide this central management, Z.E.N.works uses NDS to store dependencies that are normally stored on the workstation. These dependencies include desktop preferences, printer configurations, parameters for NetWare client software, and Remote Access Server (RAS) configurations.
Because these dependencies are stored in NDS, you don't have to visit each workstation to change configuration parameters. Instead, you can make the changes once in the NWADMIN utility, and NDS then deploys the configuration to the workstations that you specified.
Z.E.N.works stores workstation dependencies as individual policies in NDS. To simplify the management of these policies, Novell has grouped these policies into Policy Package objects, which you can associate with User, Group, or container objects. (For more information about Policy Package objects, see "NDS and Z.E.N.works: Creating Transparent, Easily Managed Networks" and "NDS and Z.E.N.works: Solving Real-World Problems.")
Z.E.N.works 2 includes the following new desktop management features:
Workstation virus protection
In previous versions of Z.E.N.works, desktop policies were hard-coded. As a result, these policies had some limitations. For example, when Microsoft released an update to Windows NT, 98, or 95 and that update included new desktop policies, Z.E.N.works did not support these policies.
Microsoft uses .ADM files to define Windows desktop policies. To apply policies to a workstation, you can use Microsoft's policy editor (POLEDIT.EXE) to read the .ADM files and create a .POL file that updates the workstation's Windows registry.
However, Microsoft does not provide a way to distribute .POL files across the network. You must create and apply these files on a per-workstation basis.
Z.E.N.works 2 enables you to add .ADM files to Z.E.N.works User Policy packages or Workstation Policy packages. You can then apply the new Windows policies to container objects, User objects, or Group objects. After you add an .ADM file to a Workstation Policy package, you can apply the new Windows policies to Workstation objects or Workstation Group objects.
When you edit a policy in Z.E.N.works 2, the changes are made in NDS rather than in the .ADM file. After you add an .ADM file to NDS, you should not delete this .ADM file. If you later want to remove the policy from NDS, you will need the .ADM file to undo registry changes.
To add an .ADM file to NDS, double-click the appropriate Workstation or User Policy Package object in the NWADMIN utility to access the object's Details page. Select the Policies tab, and enable extensible policies by checking the User Extensible Policies box for a User Policy package (see Figure 2) or by checking the Workstation Extensible Policies box for a Workstation Policy package. Keeping the User or Workstation Extensible Policies box highlighted, click the Details button.
Figure 2: With Z.E.N.works 2, you can customize user and workstation policies.
Next, select the Extensible Policies tab, and double-click the User Policy or Workstation policy icon. Under .ADM files, click the Add button, and specify the directory path and filename of the .ADM file you want to add to NDS.
Z.E.N.works 2 offers complete software inventory capabilities in addition to the hardware inventory capabilities provided in previous versions of Z.E.N.works. The software inventory feature checks for applications on workstations and reports information about these applications such as their name, version, and file size. As with earlier versions of Z.E.N.works, the hardware inventory feature reports information such as disk drives, BIOS, bus, mouse, keyboard, display adapters, network interface boards, and memory.
Z.E.N.works uses two programs to gather workstation information over both IPX and IP networks: the WINSCAN.EXE for Windows 98 and 95 workstations and the NTSCAN32.EXE for Windows NT workstations.
To collect software inventory information on your company's network, you must create a Software Scan policy for a Workstation Policy package. A Software Scan policy lets you customize the scanning on workstations that are associated with the policy package.
To set up a Software Scan policy, double-click the appropriate Workstation Policy package in the NWADMIN utility. Then select the Policies tab, and check the Workstation Inventory box. Keeping the Workstation Inventory policy highlighted, click the Details button, and then click the Scanner Configuration tab to access the Scanner Configuration screen. (See Figure 3.)
Figure 3: With Z.E.N.works 2, you can inventory the software installed on workstations.
Next, use the Browse button to select the server on which the Z.E.N.works inventory database resides. (Z.E.N.works 2 stores hardware and software inventory data in a Relational Data Management System [RDBMS] that is installed on the NetWare server when Z.E.N.works 2 is installed.) Then select the server from which you want to run the scan.
To enable software inventory, check the Enable Software Scan on Workstations box. Click the Software Scan Policy button to bring up the Software List Editor. (The default Software List Editor contains 6,000 software applications.) Select which applications you want Z.E.N.works to gather information about.
Z.E.N.works 2 allows you to run pre-defined reports to gather information from the inventory database. These reports contain information such as the success or failure of application installations, the hardware inventory, and the software inventory. You use the Z.E.N.works reporting tool to generate, view, and print reports.
You access the Z.E.N.works Reporting Tool through the Tools menu in the NWADMIN utility. Before you can access this tool, however, you must run a Z.E.N.works Reporting Application object on your workstation. This Application object is located in the same NDS context as the server on which Z.E.N.works 2 is installed. Run the Application Launcher on your workstation, and double-click the Reporting Tool Application object. Your workstation can then communicate with the Z.E.N.works inventory database.
Desktop Virus Protection
Scanning workstations for viruses and distributing antivirus updates is a challenge for nearly every network administrator. To resolve this challenge, Novell has worked with Network Associates Inc. to provide a virus-scanning solution in Z.E.N.works 2.
Network Associates' VirusScan is installed from the Z.E.N.works 2 CD-ROM. After VirusScan is installed, you will be notified when it is time to download new virus updates. You can apply these updates to the server running the VirusScan server component, and the workstations will then automatically download the updates from the server. If a virus is detected, VirusScan automatically sends Simple Network Management Protocol (SNMP) alerts, notifying you of the detection.
Like previous versions, Z.E.N.works 2 offers the following desktop maintenance features:
Remote control software for Windows NT and 95 workstations, providing secure access to workstations via NDS
Snap-in modules for the NWADMIN utility, allowing you to customize how users participate in diagnosing a workstation problem and which support technicians can remotely control workstations
A help desk component that is tightly integrated with NDS, allowing users to efficiently communicate problems to the IS help desk
Z.E.N.works 2 provides improvements to the remote control and help desk capabilities. You can now gather workstation diagnostics and remotely transfer or execute files on workstations without establishing a full remote-control session. In addition, new workstation viewing capabilities and customized trouble tickets make it easier for you to solve users' network problems. Z.E.N.works 2 includes the following new remote management features:
The Workstation Diagnostics utility
The Remote File Transfer utility
The Remote Execute utility
The Remote View utility
The Chat utility
Improved Windows NT remote control
New help request information
Configurable trouble tickets
The Workstation Diagnostics Utility
With the Workstation Diagnostics utility, you can diagnose and resolve workstation problems--without leaving your workstation. This utility provides real-time information about the workstations, including the following diagnostic information:
Event log (Windows NT only)
WIN23 processes and modules (Windows 98 and 95 only)
Device drivers (Windows NT only)
Services (Windows NT only)
NetWare client software
Name space providers
Open network files
Before you can gather this information, you must load the Z.E.N.works remote management agent on the workstations you want to manage. In addition, this information is available only on IP networks. Z.E.N.works 2 does not support diagnostics on workstations running only IPX.
To gather diagnostics information from a workstation, highlight the appropriate Workstation object in the NWADMIN utility. From the NWADMIN menu bar, choose Tools, Z.E.N.works Workstation Remote Management, and then Diagnostics.
The Remote File Transfer Utility
The Remote File Transfer utility also helps you resolve workstation problems by enabling you to perform file operations between your workstation and any managed workstation. Using this utility, you can open, copy, move, rename, and delete files on a managed workstation--all from your own workstation. You can also create directories and view the properties (such as size, date, and time of creation) of files and directories. You can perform all of these tasks without establishing a complete remote-control session, and your actions are completely transparent to the user.
The remote file transfer functionality is available only on IP networks. Before you can remotely transfer files, you must load the Z.E.N.works remote management agent on the workstation. In addition, the SRVFTP32.EXE file must be in the workstation's search path.
To perform a remote file transfer, highlight the appropriate Workstation object in the NWADMIN utility. From the NWADMIN menu bar, choose Tools, Z.E.N.works Workstation Remote Management, and then File Transfer.
The Remote Execute Utility
Like the Remote File Transfer utility, the Remote Execute utility can help you resolve workstation problems without leaving your desk. Using the Remote Execute utility, you can run any application on a remote workstation. Again, you can run the application without establishing a complete remote-control session and without the user's knowledge.
To run the Remote Execute utility on a workstation, you must first load the Remote Management agent and one of the following Remote Execute agents on the workstation:
Remote16 (WUSER.EXE) for Windows 3.x workstations
Remote32 (ZENRC32.EXE) for Windows 98 and 95 workstations
RemoteNT (WUSER32.EXE) for Windows NT workstations
To execute an application on a remote workstation, highlight the Workstation object in the NWADMIN utility. From the NWADMIN menu bar, choose Tools, Z.E.N.works Workstation Remote Management, and then Remote Execute.
When the Remote Execute Window appears, specify the file you want to execute. If the application is in the managed workstation's search path, you do not need to enter the application's complete directory path. (You can use the Environment option of the Workstation Diagnostics utility to find the search path information.) Otherwise, you must enter the complete directory path.
The Remote View Utility
The Remote View utility enables you to view a remote workstation. However, this utility does not provide mouse and keyboard control over the remote workstation.
The Remote View utility can help you troubleshoot problems that a user may be encountering. For example, by observing how the user performs a certain task, you can verify that the user is performing the task correctly.
As with all of the Z.E.N.works 2 remote management utilities, the remote management agent must be loaded on the workstation before you begin a remote view session. To begin a remote view session, highlight the appropriate Workstation object in the NWADMIN utility. From the NWADMIN menu bar, choose Tools, Z.E.N.works Workstation Remote Management, and then Remote View. A representation of the workstation's desktop is displayed in the Viewing window. You can use the Remote View control options and toolbar to control the viewing session.
The Chat Utility
Suppose you are fixing a problem on a remote workstation and want to converse with the user without having to call him or her on the telephone. For example, the user may be using the telephone line to connect to the Internet. You can use the Chat utility to have a keyboard conversation with the user.
To use the Chat utility, you must load the remote management agent and install the following files on the workstation:
ZENRC32.EXE and WTALK32.EXE for Windows 98 and 95 workstations
WUSER32.EXE and WTALK32.EXE for Windows NT workstations
Any 4.3 BSD OTALK compatible Chat daemon
To initiate a Chat session with a workstation, highlight the appropriate Workstation object in the NWADMIN utility. From the NWADMIN menu bar, choose Tools, Z.E.N.works Workstation Remote Management, and then Chat. The user at the managed workstation must grant permission to accept the chat session. If permission is granted, you can communicate with the user by using the chat window.
Improved Remote Control of Windows NT Workstations
Z.E.N.works 2 also offers improved remote control of Windows NT workstations. The Windows NT remote control agent is now faster and more reliable than it was in previous versions of Z.E.N.works. Z.E.N.works 2 also provides an audit log that documents remote-management sessions. Z.E.N.works 2 stores the audit log in the NT Security log, which is stored on the workstation. You can use this log to gather information such as the following:
Who initiated a remote control session
Who accepted the remote control session
Start and end times of remote-control or remote-view sessions
Operations performed on the remote workstation during a session
Because the audit log is stored as part of the NT Security log, you view remote-control events in the same way you view other Windows NT system events. To view the log, click the Start menu of the Windows NT workstation. Then choose Programs and then Administrative Tools and Event Viewer. Click Log/Security and the event you want to view.
New Help Request Information
The Help Request utility in Z.E.N.works 2 has been updated to include workstation inventory information such as the following:
Operating system type and revision level
Network interface board and driver version
Video board and driver version
Novell client software version
Amount of memory
To access this workstation inventory information, users click the "I" icon in the Help Request utility and then click the Workstation tab. Users can simply view this information or include it as part of a Z.E.N.works trouble ticket.
Before users can run the Help Request utility, you must enable the Help Desk policy on a User Package and then check the box that enables the Help Request utility.
Configurable Trouble Tickets
Using the Z.E.N.works Help Request Utility, users can create a trouble ticket to e-mail descriptions of problems that they are encountering to the Help Desk. In Z.E.N.works 2, you can determine what information is included in trouble tickets. When you configure trouble tickets, Z.E.N.works 2 enables you to choose from the following information:
To configure trouble tickets, double-click the appropriate User Policy Package object in the NWADMIN utility. From the Details page, select the Policies tab. Then check the box to enable the Help Desk Policy. Keeping the Help Desk Policy highlighted, click the Details button. You can then click the Configure Trouble Ticket tab and select the items you want to include in the trouble ticket.
With Z.E.N.works 2, Novell has made an already great product even better. If your company is already using Z.E.N.works, Z.E.N.works 2 will save you even more time in managing applications and workstations. If your company is not yet using Z.E.N.works, you should definitely evaluate how Z.E.N.works 2 can help you manage network resources more efficiently.
For more information about Z.E.N.works, visit http://www.novell.com/products/nds/zenworks. You may also want to check out the Z.E.N.works Cool Solutions community at http://www.novell.com/coolsolutions/zenworks.
Sandy Stevens is coauthor of Novell's Guide to Integrating NetWare and NT, Novell's Guide to BorderManager, and Novell's Guide to NetWare Printing, available from Novell Press.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.