In previous versions of ZENworks for Desktops when a workstation registered with the tree, it would place a cookie into the container of the user. Then the administrator had to execute an import program on their workstation to take these registration records and create workstation objects. These workstation object DNs were then communicated back to the workstation via the same registration/reboot process. If your system was very large, it could become very uncomfortable having to keep running the import program. Often administrators got creative and scheduled the import process to run as a scheduled action on their workstations. In ZENworks for Desktops 4, this is no longer necessary. A service that now runs on a NetWare or Windows server automatically receives these requests and immediately creates the workstation object. Once the object is created it returns the DN to the workstation. The workstation no longer needs to perform a reboot in order to get its registered workstation DN. In order to perform these actions, the import service must be running on the server and must be accessible using the DNS name of zenwsimport through the local host file on each workstation or via a DNS service. Additionally, the import service must have rights in the directory to be able to create the workstation objects. The pages in this policy enable you to grant these create rights to the import service, to specify how to name the workstation objects and in which container to place the objects, and to limit the number of requests that can be satisfied (to keep the system from overloading a server). The import service can also be configured to ignore the first N requests from a workstation before it creates a workstation object. This can be useful if the workstation needs to pass through several hands to get properly configured and tested before it is actually given to the final user. This is to help this process settle before the workstation object is actually created. NOTE Your desktops do not import automatically if the workstations are finding a ZENworks 2 search policy in the tree. They must see either no search policy or a ZENworks for Desktops 4 search policy in order to activate the automatic workstation import and other ZENworks for Desktops 4 features. See Chapter 3, "Setting Up ZENworks for Desktops 4 in Your Tree," and the section, "Setting Up the Workstation in the Tree" for more information. The following sections describe each of the pages found in the Workstation Import process. The NDS Rights, Other, and Rights to Files and Folders pages are described in the "Setting Up a Server Policy Package" section. Containers PageThis page enables you to grant rights to the import service to containers where they must create workstation objects. When you add a container to the list, the system grants rights to the policy object. When the import service needs to perform an import it logs in as the policy being used, enabling it to obtain rights to create workstation objects in the specified container. The process of adding and removing containers is familiar. You press the Add button and then you are presented with a dialog box that enables you to browse through the tree to select the container you desire. Once selected, the container is added to the list and the import service is given a trustee assignment to that container and given the rights to Browse and Create objects. To remove a container from the list, select the desired container and press the Remove button. This removes the trustee assignment that was given to the service and deletes it from the displayed list. Platforms PageThe Platforms page enables you to specify the naming of the workstation objects, the location of the object in the tree, and any workstation groups of which you want the workstation objects to be a member. This can be specified for each of the following categories: General, WinNT/2000 (including Windows XP), or Win 9x (for example, Windows 95/98). Each of the pages within these categories is identical, with the exception that on the non-general pages you have the additional field: Enable Platform Settings to Override General Settings. When this field is checked, the platform-specific configuration parameters are used rather than the general ones. This chapter discusses the general pages because they apply to all of the other platform pages. Figure 12.8 displays the first general page that is available. Figure 12.8. General page of a sample Workstation Import Policy of a Server Policy Package.Each page has three tabs that enable you to configure separate options of the import policy. These tabs are Location, Naming, and Groups. Each of the following subsections discusses these tabs. Location TabThis page enables you to identify the container in the tree that should hold the workstation object when it is created during the import process. Figure 12.8 displays this screen. The Allow Importing of Workstations flag enables you to import workstations from this user. Once this flag is activated, the other fields of the page are usable. The Create Workstation Objects in drop-down box allows the administrator various options for locating the container in which to place the workstation objects. The options are as follows:
Workstation Naming PageOn this page, you can describe how the import process should use the information in the registration to craft the name of the workstation object. The Workstation Name field displays the final combination of registration information that is combined into the name. In the previous example, the workstation object name is the computer name followed by the MAC address. This is confirmed by the fact that the workstation name field has Computer+MAC Address. If the computer name was Rtanner and the MAC address of the NIC card were 12345, the workstation object name would be Rtanner12345. The Add Name Fields and Place Them in Order field displays the various components that form the workstation name. Each line that is displayed in this field represents a value that is part of the name. The order of the lines from top to bottom represents the order that they appear in the name. The options that can be placed in the names are as follows:
As an example, assume that a workstation had been registered with the following values: CPU = PENTIUMDNS = zen.novell.comMAC address = 00600803c2e7IP address = 137.65.61.99OS = WINNTServer = ZENSERVERUser = rtannerComputer = RonComputer Then, if you were to administer the workstation import policy with the following naming attributes, the corresponding workstation name would be created, assuming pieces that are in quotes are a user-defined string: UserOS = rtannerWINNTDNSCPU = zen.novell.comPENTIUMUser" "MAC Address = rtanner 00600803c2e7 You must remember that these values are only used at workstation object creation time. Once the object is created its name never changes. So if you replace the NIC card, although the address of the workstation changed, the name of the workstation does not change; if the name includes the NIC address, the workstation retains the name with the old NIC address. Workstations GroupsThe Workstation Groups page enables you to specify into which groups you want to place the workstation object when it is created. By placing the workstation object into a specific group you can automatically provide policies or rights to the workstation by group associations. In the Workstation Groups page you can add and remove groups in the list and the workstation will be placed in as a member of each group. The following describes the behavior of each button on the screen:
Remember that this policy is only activated when a new workstation is imported into the tree. If a workstation that was created with this policy is associated with a group and you go into the import policy and change the group memberships, the workstations that have already been created retain their group memberships. Only the new workstations created after the change are affected. Limits PageOn the Limits page you can have some control over when a workstation automatically registers and how the import service on the server behaves. The intention of these fields is to ensure that the performance of the service does not consume a significant amount of processing on the server. The first portion of the page, the User Login Number field, enables you to configure how many times the workstation must be used (a user logs into the network via that desktop) before it is registered into the tree. This option is useful when your desktops must pass through several hands (that may connect to the tree) before they get to the final user destination. Each time the workstation is used and a user is connected to the tree (or the Workstation Manager agents connect to the tree), the workstation communicates with the workstation import and requests a workstation object. If the number of login times has not been consumed, the service reports that one is not created, and the workstation continues. This repeats until the number of login times has occurred, whereupon the service creates the workstation object and returns the DN of the workstation object to the workstation. The desktop then records this DN in its Registry. The user login count is kept in the workstation Registry and is transmitted to the import server, which checks it against the policy. If the count is greater than the policy, the import is performed. This count on the workstation is not reset if the policy changes. Limiting the number of workstations imported enables the administrator to throttle the number of workstations that are created. This keeps your NDS from overloading with a tremendous amount of objects and having to synchronize them around your tree. Imposing this limit forces the service to only create the specified number of workstations in an hour. As soon as the maximum has been reached within the hour, the workstations are told to proceed without a workstation object. The next time they log into the network, and the maximum has not been exceeded, the service creates a workstation object for them. |